trithucvn.org Open in urlscan Pro
2606:4700:21::681b:cc59 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tnews.to/9-chu-chan-ngon-diet-virus-corona2
Effective URL:
https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
Submission: On August 23 via api (August 23rd 2021, 3:30:56 pm UTC) from US

Summary HTTP 281 Redirects Links 40 Behaviour Indicators

Summary

This website contacted 60 IPs in 10 countries across 54 domains to perform 281 HTTP transactions. The main IP is 2606:4700:21::681b:cc59, located in United States and belongs to CLOUDFLARENET, US. The main domain is trithucvn.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 27th 2021. Valid for: a year.

This is the only time trithucvn.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::6815:2a1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
32	2606:4700:21:... 2606:4700:21::681b:cc59	13335 (CLOUDFLAR...) (CLOUDFLARENET)
27	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
22	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42::645 2a04:4e42::645	54113 (FASTLY) (FASTLY)
7	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
3 12	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2006	15169 (GOOGLE) (GOOGLE)
1 9	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::2016	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
15 37	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	13.224.102.37 13.224.102.37	16509 (AMAZON-02) (AMAZON-02)
2 4	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	69.173.144.140 69.173.144.140	26667 (RUBICONPR...) (RUBICONPROJECT)
10	185.86.137.32 185.86.137.32	201081 (SMARTADSE...) (SMARTADSERVER)
1	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5 8	185.33.220.242 185.33.220.242	29990 (ASN-APPNEX) (ASN-APPNEX)
2 12	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	13.224.102.91 13.224.102.91	16509 (AMAZON-02) (AMAZON-02)
1	18.118.38.130 18.118.38.130	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
6 10	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
27	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
4	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1 2	159.253.128.188 159.253.128.188	36351 (SOFTLAYER) (SOFTLAYER)
2 2	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
7 7	3.124.93.74 3.124.93.74	16509 (AMAZON-02) (AMAZON-02)
2 3	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	34.204.19.158 34.204.19.158	14618 (AMAZON-AES) (AMAZON-AES)
1 1	3.126.175.244 3.126.175.244	16509 (AMAZON-02) (AMAZON-02)
2 3	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
4 4	213.155.156.183 213.155.156.183	1299 (TELIANET ...) (TELIANET Telia Carrier)
1 1	13.224.102.75 13.224.102.75	16509 (AMAZON-02) (AMAZON-02)
1 1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
4 4	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.13.108 151.101.13.108	54113 (FASTLY) (FASTLY)
2	104.109.78.125 104.109.78.125	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	18.194.125.59 18.194.125.59	16509 (AMAZON-02) (AMAZON-02)
7 7	52.215.67.213 52.215.67.213	16509 (AMAZON-02) (AMAZON-02)
1 6	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	185.86.137.133 185.86.137.133	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
3 3	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
5 6	37.157.6.242 37.157.6.242	198622 (ADFORM) (ADFORM)
4 6	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
3 4	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	185.64.189.114 185.64.189.114	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5 5	51.222.80.231 51.222.80.231	16276 (OVH) (OVH)
4 4	54.194.226.253 54.194.226.253	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700:10:... 2606:4700:10::ac43:db6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
2 2	35.210.178.101 35.210.178.101	19527 (GOOGLE-2) (GOOGLE-2)
4 4	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
1 3	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	209.54.177.54 209.54.177.54	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
281	60

1 2606:4700:3037::6815:2a1f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tnews.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2606:4700:21::681b:cc59 (United States)

ASN13335 (CLOUDFLARENET, US)

trithucvn.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::645 (United States)

ASN54113 (FASTLY, US)

anymind360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 142.250.184.226 (United States) 15 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.102.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-102-37.zrh50.r.cloudfront.net

d31qbv1cthcecs.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638::1c (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.86.137.32 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.33.220.242 (Amsterdam, Netherlands) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 34.98.64.218 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

adasia-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.102.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-102-91.zrh50.r.cloudfront.net

certify.alexametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.118.38.130 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-118-38-130.us-east-2.compute.amazonaws.com

redirect.prod.experiment.routing.cloudfront.aws.a2z.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.18.234.21 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.253.128.188 (Amsterdam, Netherlands) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: bc.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.159.93 (Schopfheim, Germany) 2 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 3.124.93.74 (Frankfurt am Main, Germany) 7 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-93-74.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.204.19.158 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-19-158.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.175.244 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-175-244.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:f916:5049:f87f:108e (United States) 2 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1370 (United States)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.155.156.183 (Uppsala, Sweden) 4 redirects

ASN1299 (TELIANET Telia Carrier, SE)
PTR: 213-155-156-183.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.102.75 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-102-75.zrh50.r.cloudfront.net

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

rtb2-useast.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.56.137 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.78.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.125.59 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-125-59.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.215.67.213 (Dublin, Ireland) 7 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-67-213.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.64.190.80 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.133 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.139 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.134.244 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.157.6.242 (Denmark) 5 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.248.242.197 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.165 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 51.222.80.231 (Canada) 5 redirects

ASN16276 (OVH, FR)
PTR: pikafka-4.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.194.226.253 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-226-253.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:db6 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.178.101 (Brussels, Belgium) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 101.178.210.35.bc.googleusercontent.com

a.volvelle.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.14.49 (Frankfurt am Main, Germany) 4 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.54.177.54 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7001 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
55	doubleclick.net 18 redirects googleads.g.doubleclick.net static.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	232 KB
39	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com ade.googlesyndication.com	346 KB
32	trithucvn.org trithucvn.org	2 MB
27	2mdn.net s0.2mdn.net	692 KB
27	youtube.com www.youtube.com	2 MB
20	pubmatic.com 3 redirects hbopenbid.pubmatic.com image6.pubmatic.com ads.pubmatic.com image2.pubmatic.com simage2.pubmatic.com image4.pubmatic.com	29 KB
12	openx.net 2 redirects adasia-d.openx.net eu-u.openx.net us-u.openx.net	3 KB
12	google.com 1 redirects www.google.com cse.google.com adservice.google.com	366 KB
12	gstatic.com fonts.gstatic.com www.gstatic.com	102 KB
11	smartadserver.com 1 redirects prg.smartadserver.com rtb-csync.smartadserver.com	19 KB
10	casalemedia.com 6 redirects dsum-sec.casalemedia.com	9 KB
10	rubiconproject.com 4 redirects fastlane.rubiconproject.com eus.rubiconproject.com token.rubiconproject.com pixel.rubiconproject.com	24 KB
9	adnxs.com 5 redirects ib.adnxs.com acdn.adnxs.com	24 KB
9	criteo.com 2 redirects gum.criteo.com mug.criteo.com bidder.criteo.com dis.criteo.com	8 KB
7	bidr.io 7 redirects match.prod.bidr.io	4 KB
7	bidswitch.net 7 redirects x.bidswitch.net	3 KB
6	adsrvr.org 4 redirects match.adsrvr.org	2 KB
6	adform.net 5 redirects c1.adform.net	3 KB
6	yahoo.com 4 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com ads.yahoo.com	5 KB
5	onaudience.com 5 redirects pixel.onaudience.com	2 KB
4	everesttech.net 4 redirects sync-tm.everesttech.net	1 KB
4	crwdcntrl.net 4 redirects sync.crwdcntrl.net	2 KB
4	de17a.com 4 redirects d5p.de17a.com	1 KB
3	mathtag.com 3 redirects sync.mathtag.com	2 KB
3	quantserve.com 2 redirects cms.quantserve.com pixel.quantserve.com	1 KB
3	facebook.com www.facebook.com	297 B
3	googletagservices.com www.googletagservices.com	102 KB
3	ytimg.com i.ytimg.com	69 KB
3	ggpht.com yt3.ggpht.com	10 KB
2	volvelle.tech 2 redirects a.volvelle.tech	1 KB
2	zeotap.com 1 redirects spl.zeotap.com mwzeom.zeotap.com	898 B
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	criteo.net static.criteo.net	54 KB
2	stackadapt.com 2 redirects sync.srv.stackadapt.com	1 KB
2	adition.com 2 redirects dsp.adfarm1.adition.com	1 KB
2	simpli.fi 1 redirects um.simpli.fi	1 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	anymind360.com anymind360.com	154 KB
2	facebook.net connect.facebook.net	70 KB
1	rlcdn.com id.rlcdn.com	66 B
1	amazon-adsystem.com s.amazon-adsystem.com	556 B
1	contextweb.com 1 redirects bh.contextweb.com	815 B
1	e-volution.ai rtb2-useast.e-volution.ai	233 B
1	media.net 1 redirects cs.media.net	1 KB
1	smaato.net 1 redirects s.ad.smaato.net	687 B
1	dotomi.com dclk-match.dotomi.com	104 B
1	sharethrough.com 1 redirects match.sharethrough.com	354 B
1	google.ch adservice.google.ch	853 B
1	google.de adservice.google.de	853 B
1	googleadservices.com partner.googleadservices.com	440 B
1	a2z.com redirect.prod.experiment.routing.cloudfront.aws.a2z.com	48 B
1	alexametrics.com certify.alexametrics.com	552 B
1	cloudfront.net d31qbv1cthcecs.cloudfront.net	2 KB
1	tnews.to 1 redirects tnews.to	981 B
281	54

	Domain	Requested by
32	cm.g.doubleclick.net	15 redirects googleads.g.doubleclick.net c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com eu-u.openx.net
32	trithucvn.org	trithucvn.org
27	s0.2mdn.net	trithucvn.org s0.2mdn.net c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
27	www.youtube.com	trithucvn.org www.youtube.com
22	pagead2.googlesyndication.com	trithucvn.org pagead2.googlesyndication.com tpc.googlesyndication.com c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
12	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com s0.2mdn.net
12	googleads.g.doubleclick.net	3 redirects www.youtube.com pagead2.googlesyndication.com c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com trithucvn.org
10	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
10	prg.smartadserver.com	anymind360.com
9	www.google.com	1 redirects www.youtube.com www.google.com tpc.googlesyndication.com c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
8	ib.adnxs.com	5 redirects anymind360.com acdn.adnxs.com
7	match.prod.bidr.io	7 redirects
7	x.bidswitch.net	7 redirects
7	fonts.gstatic.com	www.youtube.com
6	simage2.pubmatic.com	ads.pubmatic.com
6	match.adsrvr.org	4 redirects eu-u.openx.net
6	c1.adform.net	5 redirects ads.pubmatic.com
6	image2.pubmatic.com	1 redirects ads.pubmatic.com
6	eu-u.openx.net	1 redirects anymind360.com eu-u.openx.net
5	pixel.onaudience.com	5 redirects
5	us-u.openx.net	1 redirects eu-u.openx.net
5	www.gstatic.com	www.youtube.com trithucvn.org
4	sync-tm.everesttech.net	4 redirects
4	sync.crwdcntrl.net	4 redirects
4	token.rubiconproject.com	3 redirects eus.rubiconproject.com
4	ups.analytics.yahoo.com	4 redirects
4	d5p.de17a.com	4 redirects
4	googleads4.g.doubleclick.net	trithucvn.org
4	gum.criteo.com	2 redirects static.criteo.net
4	securepubads.g.doubleclick.net	anymind360.com securepubads.g.doubleclick.net
3	pixel.rubiconproject.com	1 redirects
3	sync.mathtag.com	3 redirects
3	image6.pubmatic.com	2 redirects ads.pubmatic.com
3	c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	www.facebook.com	connect.facebook.net
3	www.googletagservices.com	pagead2.googlesyndication.com c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
3	mug.criteo.com
3	i.ytimg.com	www.youtube.com
3	yt3.ggpht.com	www.youtube.com
3	static.doubleclick.net	www.youtube.com
2	ade.googlesyndication.com
2	a.volvelle.tech	2 redirects
2	image4.pubmatic.com	ads.pubmatic.com
2	pixel.quantserve.com	2 redirects
2	pm.w55c.net	2 redirects
2	eus.rubiconproject.com	anymind360.com eus.rubiconproject.com
2	ads.pubmatic.com	anymind360.com ads.pubmatic.com
2	static.criteo.net	anymind360.com static.criteo.net
2	sync.srv.stackadapt.com	2 redirects
2	dsp.adfarm1.adition.com	2 redirects
2	um.simpli.fi	1 redirects ads.pubmatic.com
2	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
2	www.google-analytics.com	trithucvn.org www.google-analytics.com
2	anymind360.com	trithucvn.org anymind360.com
2	connect.facebook.net	trithucvn.org connect.facebook.net
1	id.rlcdn.com
1	ads.yahoo.com
1	s.amazon-adsystem.com
1	pr-bh.ybp.yahoo.com	ads.pubmatic.com
1	mwzeom.zeotap.com	ads.pubmatic.com
1	spl.zeotap.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	bh.contextweb.com	1 redirects
1	rtb-csync.smartadserver.com	1 redirects
1	acdn.adnxs.com	anymind360.com
1	rtb2-useast.e-volution.ai	c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
1	cs.media.net	1 redirects
1	s.ad.smaato.net	1 redirects
1	dclk-match.dotomi.com	c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
1	cms.quantserve.com	c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
1	match.sharethrough.com	1 redirects
1	adservice.google.ch	securepubads.g.doubleclick.net
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	redirect.prod.experiment.routing.cloudfront.aws.a2z.com
1	certify.alexametrics.com
1	cse.google.com
1	adasia-d.openx.net	anymind360.com
1	bidder.criteo.com	anymind360.com
1	fastlane.rubiconproject.com	anymind360.com
1	hbopenbid.pubmatic.com	anymind360.com
1	d31qbv1cthcecs.cloudfront.net	trithucvn.org
1	tnews.to	1 redirects
281	83

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
chanhkien.org
youtu.be
en.wikipedia.org
sclee.website
faculty.pccu.edu.tw
psi-encyclopedia.spr.ac.uk
academicians.sinica.edu.tw
staff.pccu.edu.tw
www.bannedbook.org
www.163.com
thienphatgiao.files.wordpress.com
vi.wikipedia.org
www.liebertpub.com
www.healthline.com
dx.doi.org
www.ncbi.nlm.nih.gov
www.researchgate.net
www.youtube.com
www.linkedin.com
www.sunregen.ch
www.novartis.com
ogi-ltd.com
vi.falundafa.org
datviet.trithuccuocsong.vn
www.ijastems.org

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-27` - `2022-06-26`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
anymind360.com R3	`2021-07-07` - `2021-10-05`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-27` - `2021-09-24`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
certify.alexametrics.com Amazon	`2021-06-14` - `2022-07-13`	a year	crt.sh
*.prod.experiment.routing.cloudfront.aws.a2z.com Amazon	`2020-09-10` - `2021-10-10`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.google.ch GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.e-volution.ai Sectigo RSA Domain Validation Secure Server CA	`2020-09-14` - `2021-09-14`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-27` - `2021-09-24`	3 months	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-29` - `2021-09-22`	6 months	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-16` - `2021-10-06`	2 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh

This page contains 32 frames:

Primary Page: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
Frame ID: F41E9FF1D4BDC2C779165B4BB73AADE3
Requests: 81 HTTP requests in this frame

Frame: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed
Frame ID: F8601E5D21A417EBAD914370AB70F94C
Requests: 19 HTTP requests in this frame

Frame: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed
Frame ID: 1FB67CF4373C82585DE65081192DFF35
Requests: 17 HTTP requests in this frame

Frame: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed
Frame ID: F422EE5076A37970E36C1C5E8AE22E99
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210816/r20190131/zrt_lookup.html
Frame ID: 5285D3DC6C35CE5AD58EFD7EC9F79513
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6165839859605860&output=html&adk=3046330955&adf=2044148826&lmt=1629732637&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629732637673&bpp=3&bdt=1287&idt=184&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2603891036670&frm=20&pv=2&ga_vid=1422637545.1629732638&ga_sid=1629732638&ga_hid=1577014033&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44748449%2C31062297&oid=3&pvsid=3023564493785826&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=201
Frame ID: 0FA48F0C9ADA4B277E871E172BFECB3D
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v8.0/plugins/comments.php?app_id=784498932115216&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df124dc4e48d555c%26domain%3Dtrithucvn.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftrithucvn.org%252Ff208b4757ff8ac4%26relation%3Dparent.parent&container_width=5&count=true&height=100&href=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&locale=en_US&sdk=joey&version=v8.0&width=550
Frame ID: 120FCD5B7D17C087ECED568E4E35471D
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v8.0/plugins/comments.php?app_id=784498932115216&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19c3985d89ff38%26domain%3Dtrithucvn.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftrithucvn.org%252Ff208b4757ff8ac4%26relation%3Dparent.parent&color_scheme=light&container_width=660&height=100&href=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&locale=en_US&sdk=joey&skin=light&version=v8.0&width=
Frame ID: 26F23E170F24C0346D01659696645797
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 26928FCDB9BE15793AD2871AE4F7BDBE
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D38394063DC777AFDF94557900430721
Requests: 1 HTTP requests in this frame

Frame: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8E413CF0DA2487BD6FB95615086C3A03
Requests: 1 HTTP requests in this frame

Frame: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A143239F0492D4AEA076A745F233CC46
Requests: 16 HTTP requests in this frame

Frame: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 706636AEA419CA58FE19B77756E92154
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARjF9Z6mATAB&v=APEucNXnm5EUJugQR9tzClh6eSxxox5MMRCfMEKUA2CmHWoyOdQl-rqVUykpsxWIkm2jGAcna0i1oqxUEd18EQTLOZtvnywv_w
Frame ID: B74ED28F797B32CEDA898C5ED4057595
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARiIy56mATAB&v=APEucNVH5QajnbzlGO0fbIabQe4ra_z5Q9K9ZTJGpDFmH2-jBI7vvXhyp-oMaEksHNBt5b2dG7sYCHBx-sLGfR1mDd4cnZvzJA
Frame ID: 0D616430276488088C34ED908DC81591
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 598747BE76C7AFCE3AD3C97D25526148
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2
Frame ID: 8CA9F941AE012A6423DD3286F317A723
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 717F1501C1E29E59B9A75446D6BC3D26
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B4BAAB4D2B43E6F300AE0797AA7439A7
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2
Frame ID: 626136344977BE36AF73B3F490AC8CFA
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8389DAA69364CFA9C894B0153DB74B6D
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ESHX-PsTG84Fy6-bdaEnL5--1XpTzSOdL-kezmPtlCQ.js
Frame ID: 6C3C971B4A06C0E5B3A52620487A16E1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ESHX-PsTG84Fy6-bdaEnL5--1XpTzSOdL-kezmPtlCQ.js
Frame ID: 51B5B6391887EEB7094E113220E01C27
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=trithucvn.org
Frame ID: 7A3426314B414DB0925456A05622470B
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Frame ID: EC02143CC012166D32D1DCD871707FFF
Requests: 17 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 569401D3B97FF239810E69D8F2E09CB2
Requests: 3 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
Frame ID: 1D281C5D877C005F824B1535F3538100
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 11AD234E6D4813B16AA518A7145266D6
Requests: 11 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C
Frame ID: DC5E74863058732D777D72171A6E4659
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5942344291156206745
Frame ID: 7602D8D47294EE0A218F1907155934A5
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 8317A8321C01B6A6E9B72C9FABECB7AD
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6999648394330110092
Frame ID: 8FEBCE70280DF44B2E0E453C1015D778
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Niệm “9 Chữ Chân Ngôn” để diệt virus Corona: sự thật hay mê tín? - Trí Thức VN

Page URL History Show full URLs

https://tnews.to/9-chu-chan-ngon-diet-virus-corona2 HTTP 307
https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /\/prebid\.js/i

Page Statistics

281
Requests

100 %
HTTPS

39 %
IPv6

54
Domains

83
Subdomains

60
IPs

10
Countries

6312 kB
Transfer

14903 kB
Size

5
Cookies

40 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/TriThucVietMedia

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Ni%E1%BB%87m+%E2%80%9C9+Ch%E1%BB%AF+Ch%C3%A2n+Ng%C3%B4n%E2%80%9D+%C4%91%E1%BB%83+di%E1%BB%87t+virus+Corona%3A+s%E1%BB%B1+th%E1%BA%ADt+hay+m%C3%AA+t%C3%ADn%3F&url=https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
Title: Twitter

Search URL Search Domain Scan URL

URL: https://chanhkien.org/2021/02/hieu-qua-viec-niem-chin-chu-chan-ngon-cua-phap-luan-cong-chong-lai-covid-19.html
Title: Chánh Kiến

Search URL Search Domain Scan URL

URL: https://youtu.be/7EBlRg6lWes?t=38
Title: video

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Lee_Si-chen
Title: Lee Si-chen

Search URL Search Domain Scan URL

URL: https://sclee.website/prof-si-chen-lees-biography/
Title: nhiều thành tựu lớn

Search URL Search Domain Scan URL

URL: https://sclee.website/mind/papers-download/#5Finger_Reading_and_Psychokinesis
Title: khoa học nhân thể

Search URL Search Domain Scan URL

URL: http://faculty.pccu.edu.tw/~tdl/SCLee-2-2.pdf
Title: trẻ em từ 6 đến 13 tuổi

Search URL Search Domain Scan URL

URL: https://sclee.website/wp-content/uploads/2020/04/do-human-fingers-see-2005-EJP.pdf
Title: phương Tây

Search URL Search Domain Scan URL

URL: https://psi-encyclopedia.spr.ac.uk/articles/extraocular-image-china
Title: bài báo

Search URL Search Domain Scan URL

URL: https://academicians.sinica.edu.tw/index.php?r=academician-n%2Fshow&id=219
Title: Chen Jiande

Search URL Search Domain Scan URL

URL: http://staff.pccu.edu.tw/~tdl/Daren1.htm
Title: Tang Dalun

Search URL Search Domain Scan URL

URL: https://www.bannedbook.org/en/download/downfile.php?id=4249
Title: 8

Search URL Search Domain Scan URL

URL: https://www.163.com/dy/article/EMDBSF9N05489SIQ.html
Title: 14

Search URL Search Domain Scan URL

URL: https://sclee.website/wp-content/uploads/2020/04/one-object-two-images.pdf
Title: báo cáo khoa học

Search URL Search Domain Scan URL

URL: https://thienphatgiao.files.wordpress.com/2013/04/nguyen-duc-can-nha-van-hoa-tam-linh.pdf
Title: 6

Search URL Search Domain Scan URL

URL: https://vi.wikipedia.org/wiki/Ch%C3%A2n_ng%C3%B4n
Title: Chân Ngôn

Search URL Search Domain Scan URL

URL: https://www.liebertpub.com/doi/full/10.1089/acm.2011.0051
Title: nghiên cứu từ năm 2012

Search URL Search Domain Scan URL

URL: https://www.healthline.com/health/mental-health/how-to-cope-with-anxiety
Title: lo lắng

Search URL Search Domain Scan URL

URL: https://www.healthline.com/health/fatigue
Title: mệt mỏi

Search URL Search Domain Scan URL

URL: http://dx.doi.org/10.22413/ijastems/2017/v3/i6/49101
Title: nghiên cứu năm 2017

Search URL Search Domain Scan URL

URL: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6466873/
Title: có thể giúp cải thiện

Search URL Search Domain Scan URL

URL: https://www.healthline.com/health/mild-cognitive-impairment
Title: suy giảm nhận thức

Search URL Search Domain Scan URL

URL: https://www.researchgate.net/publication/318395933_Scientific_Analysis_of_Mantra-Based_Meditation_and_its_Beneficial_Effects_An_Overview
Title: 17

Search URL Search Domain Scan URL

URL: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3336746/
Title: phát hiện

Search URL Search Domain Scan URL

URL: https://www.bannedbook.org/en/download/downfile.php?id=4249%5C
Title: 8

Search URL Search Domain Scan URL

URL: https://www.facebook.com/osnat.gad
Title: Osnat Gad

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=huo7p7H7KFU
Title: Osnat Gad

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/dong-yuhong-6b195180/?originalSubdomain=ch
Title: Đổng Vũ Hồng (Yuhong Dong)

Search URL Search Domain Scan URL

URL: https://www.sunregen.ch/
Title: Sun Regen Healthcare AG

Search URL Search Domain Scan URL

URL: https://www.novartis.com/
Title: Novartis

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/osnat-gad-212127b
Title: người phụ nữ 73 tuổi

Search URL Search Domain Scan URL

URL: https://ogi-ltd.com/
Title: 1 công ty

Search URL Search Domain Scan URL

URL: http://vi.falundafa.org/
Title: http://vi.falundafa.org

Search URL Search Domain Scan URL

URL: https://datviet.trithuccuocsong.vn/van-hoa/nguoi-viet/nguyen-phuc-giac-hai-nha-khoa-hoc-hay-ga-phu-thuy-quyen-nang-2215386
Title: 13

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=HqBROHSqLZs
Title: 1

Search URL Search Domain Scan URL

URL: https://www.liebertpub.com/doi/abs/10.1089/acm.2011.0051?journalCode=acm
Title: Effects of an 8-Week Meditation Program on Mood and Anxiety in Patients with Memory Loss

Search URL Search Domain Scan URL

URL: http://www.ijastems.org/wp-content/uploads/2017/06/v3.i6.5.Scientific-Analysis-of-Mantra-Based-Meditation.pdf
Title: Scientific Analysis of Mantra-Based Meditation and Its Beneficial Effects: An Overview

Search URL Search Domain Scan URL

URL: https://www.ncbi.nlm.nih.gov/pubmed/?term=Karnick%20CR%5BAuthor%5D&cauthor=true&cauthor_uid=22556970
Title: C. R. Karnick

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tnews.to/9-chu-chan-ngon-diet-virus-corona2 HTTP 307
https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 42

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 44

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 81

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Ftrithucvn.org%2F&domain=trithucvn.org&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=4s-ui3wwcWpQaWltNUZnNndNb0E1ZFVFRUI2YzJkbldmNTY0UTBBdmMvS0Y2aHFUenVrSERwYVNpaHUvbmdLejIzRUE0Zk5tQllobXJmWU1PeWVTTTFqVWptbTJGRjFPOUxXY28vemtlT3pKckRJdmt2eG4xZXBMWXZiQTV5U0hQZWhMcWRVdUlld2pDSlNxd2xRbWJsczVmTnZoTnJ5L2ZPc05CdUpuRnJ6MURwR2lQMHV3VXpnNFdMaUpHUVpVSVc4blJSM1g1RUVySjhvbDNNTU9raGorZG9LTE5IK3U4Tlp0Y250SDVjUnl1d1dFPXw&cppv=2

Request Chain 97

https://www.google.com/cse/cse.js?cx=010106972670157993631:3frz-ejd-ou HTTP 301
https://cse.google.com/cse/cse.js?cx=010106972670157993631:3frz-ejd-ou

Request Chain 153

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1&C=1

Request Chain 154

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YSO-Hs-qAGFTGVRvbNaT1wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1

Request Chain 156

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1&C=1

Request Chain 157

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YSO-Hs-qAGFTGVRvbNaT1wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1

Request Chain 176

https://um.simpli.fi/gp_match?google_gid=CAESENaBDUnF_yYBx8GjwIibDf8&google_cver=1&google_push=AYg5qPJlM_029PfujxFXvXEDGJABqVKMoFveaHVKJVhHXRiSfbQfswUNgl9KnzHuQEeEHyRYfSbf3M8JWLOrwoC8Y4U3nSAXoAY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8FA5075F8FE64E1F873AC4007E5CADB8&google_push=AYg5qPJlM_029PfujxFXvXEDGJABqVKMoFveaHVKJVhHXRiSfbQfswUNgl9KnzHuQEeEHyRYfSbf3M8JWLOrwoC8Y4U3nSAXoAY

Request Chain 177

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEPbF14eRk7MtbYNESg1hnYU&google_cver=1&google_push=AYg5qPJVHQ48eC6KiVvQxreXCrAOTz5JTHlGU1dfOfBVTbwSd__CHrISXDancaXqSX67COKc4ahtU2Csu7UNCc9Mfi39l8el4zE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk5OTY0ODM4MTQ2ODYwNDU1Ng%3D%3D&google_push=AYg5qPJVHQ48eC6KiVvQxreXCrAOTz5JTHlGU1dfOfBVTbwSd__CHrISXDancaXqSX67COKc4ahtU2Csu7UNCc9Mfi39l8el4zE

Request Chain 178

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDvbUvoXE5DAPT08JQ-Ii3k&google_cver=1&google_push=AYg5qPILmLS4PKTWfq4Yx8EU9PKJX_rzHTYvQLG0qtUPozqQYX55GZ6Vz28EZ_OPMnvYcMdiKCLOh5Q3OhPkSuoHD_aAEXdVJV7t HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEDvbUvoXE5DAPT08JQ-Ii3k&google_cver=1&google_push=AYg5qPILmLS4PKTWfq4Yx8EU9PKJX_rzHTYvQLG0qtUPozqQYX55GZ6Vz28EZ_OPMnvYcMdiKCLOh5Q3OhPkSuoHD_aAEXdVJV7t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPILmLS4PKTWfq4Yx8EU9PKJX_rzHTYvQLG0qtUPozqQYX55GZ6Vz28EZ_OPMnvYcMdiKCLOh5Q3OhPkSuoHD_aAEXdVJV7t&google_hm=QRGbhcgYSSeHbzw4iqgRvQ==

Request Chain 179

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEN7l3MmD84bNrGnEcSDE11g&google_cver=1&google_push=AYg5qPKJp3uD8qYD1DR6YDenKgBIZU_EoxbE1c4kLMRagGGN_jZ9fOOPiD_rGBVxsCfW9nD99SiLQu_dVpJvnZcVdwYVTQv-TYNc HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEN7l3MmD84bNrGnEcSDE11g&google_cver=1&google_push=AYg5qPKJp3uD8qYD1DR6YDenKgBIZU_EoxbE1c4kLMRagGGN_jZ9fOOPiD_rGBVxsCfW9nD99SiLQu_dVpJvnZcVdwYVTQv-TYNc&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=N8_FmXE8RXiLbMiN2ecc0w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKJp3uD8qYD1DR6YDenKgBIZU_EoxbE1c4kLMRagGGN_jZ9fOOPiD_rGBVxsCfW9nD99SiLQu_dVpJvnZcVdwYVTQv-TYNc

Request Chain 180

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEM2HwtXmOecbkYiAVP-2NqM&google_cver=1&google_push=AYg5qPJswqoum41SV39egSJ1c-DZECgvXU8IlPYMFuet5A7MMwsKy4ngLkaNJTGgKBail-U3H4KtaBTpohNDxG7MdJdtb8NJCrmL HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZCa17hNiQDxRsjeDPA5yO7nsyeI&google_push=AYg5qPJswqoum41SV39egSJ1c-DZECgvXU8IlPYMFuet5A7MMwsKy4ngLkaNJTGgKBail-U3H4KtaBTpohNDxG7MdJdtb8NJCrmL HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZCa17hNiQDxRsjeDPA5yO7nsyeI&google_push=AYg5qPJswqoum41SV39egSJ1c-DZECgvXU8IlPYMFuet5A7MMwsKy4ngLkaNJTGgKBail-U3H4KtaBTpohNDxG7MdJdtb8NJCrmL&google_tc=

Request Chain 181

https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEK6AEbqdKS4Puk5_-j2ryrg&google_cver=1&google_push=AYg5qPIcNq-0t7qQaQZAUjs_DpD9NgEDN5jyg_N3MTfs73_k494NSHsHwwLIAC9_TrN9dgP0Q4b5Mqkh5o_lLtJzDLA8l7A10y8TrA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NDU2ZTY1NzEtZmY5Yy00Y2NiLTg1YWEtMDgyNDc5YzVmMTA1&google_push=AYg5qPIcNq-0t7qQaQZAUjs_DpD9NgEDN5jyg_N3MTfs73_k494NSHsHwwLIAC9_TrN9dgP0Q4b5Mqkh5o_lLtJzDLA8l7A10y8TrA

Request Chain 188

https://d5p.de17a.com/cookies/google?google_gid=CAESEDqiUmsI9V6HPC7D3Akj70E&google_cver=1&google_push=AYg5qPLxgYrw5taof8LVnq63embP6mSJ7kQcSi-E8XXzwT241PxsvAxi_NQ8MVLRVB3Vq6LSsM-UI5k8CNY64RgiYfmYRBeLH2UA HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEDqiUmsI9V6HPC7D3Akj70E&google_cver=1&google_push=AYg5qPLxgYrw5taof8LVnq63embP6mSJ7kQcSi-E8XXzwT241PxsvAxi_NQ8MVLRVB3Vq6LSsM-UI5k8CNY64RgiYfmYRBeLH2UA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLxgYrw5taof8LVnq63embP6mSJ7kQcSi-E8XXzwT241PxsvAxi_NQ8MVLRVB3Vq6LSsM-UI5k8CNY64RgiYfmYRBeLH2UA

Request Chain 189

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEA9VAW4WG8QMa-zKsjiimdQ&google_cver=1&google_push=AYg5qPIpwljmqe2mwDTRQgLP9CGTNL1W_ei7wZLkk93dXm2y3IJGgXRkyutfvMbgCvRt41TytrHhezSHIOReumb9vmnQ33o2fVw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=71830c1fdcf53416cfbe&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AYg5qPIpwljmqe2mwDTRQgLP9CGTNL1W_ei7wZLkk93dXm2y3IJGgXRkyutfvMbgCvRt41TytrHhezSHIOReumb9vmnQ33o2fVw

Request Chain 190

https://cs.media.net/cksync?type=g&google_gid=CAESEOLOYu6XRM0NtEat1Y1S2Is&google_cver=1&google_push=AYg5qPKaGt31HUa_6QCjM9yScdsR3IfAN6IoiF9zQPKdvVq5MuYOMUmzGEa1yi6zOQ8oZ-UQe8GruduHSz7sm2vFFgkEWpfoch9i HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjcyNzM0MjM5MDMxMzg2ODAwMFYxMA%3d%3d&mn_hm=MjcyNzM0MjM5MDMxMzg2ODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPKaGt31HUa_6QCjM9yScdsR3IfAN6IoiF9zQPKdvVq5MuYOMUmzGEa1yi6zOQ8oZ-UQe8GruduHSz7sm2vFFgkEWpfoch9i&gdpr=&gdpr_consent=

Request Chain 192

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEP3IdqqkGV2-J9_g_AI_R7E&google_cver=1&google_push=AYg5qPKBRiUuKyd8AYJWLEkvIJRkNlNrSP_6gS75srskknRR-Ipm6tY33eDNv4EcVRc6Qz_6g7G-S9oZtp4ipzKuiyGMz2gueRMQAA HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEP3IdqqkGV2-J9_g_AI_R7E&google_cver=1&google_push=AYg5qPKBRiUuKyd8AYJWLEkvIJRkNlNrSP_6gS75srskknRR-Ipm6tY33eDNv4EcVRc6Qz_6g7G-S9oZtp4ipzKuiyGMz2gueRMQAA&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS16MEU1azI5RTJ1SF9fMnlfcHpQRk9aUF80RHp6ZUJTOX5B&google_push=AYg5qPKBRiUuKyd8AYJWLEkvIJRkNlNrSP_6gS75srskknRR-Ipm6tY33eDNv4EcVRc6Qz_6g7G-S9oZtp4ipzKuiyGMz2gueRMQAA

Request Chain 234

https://gum.criteo.com/sid/json?origin=publishertag&domain=trithucvn.org&sn=ChromeSyncframe&so=0&topUrl=trithucvn.org&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=Ad2UKnxEaWsvdXZBYm4rUVgyc3pWQlRTNEFCa1NReDdtYU1iMmV5Sk9idGlyYmgyNURiZllMK211cW0zU3FMRDlGRzJmZGt1YWpJVGNkdkNHNERjekYzN2p3U1ltUGFodnBJU1BUZVlhYU1yRytSM012Q2dhM2VmY0IraG00RUNURVNRTXkxWWI5eXZKUWp4QU1SWGtKTXNuSGFiS0FRTG84K1d4eC90aVBBUm5ENVpPeFhUV3RUWVlxNEtLcUo1MlovR2RBNFljVzYvSDl1U3ZaazFxUWcyQUJaZ3JHVVNTakczNWlleU9xSDQreWRuS0h3cU9nRk1rbVVrb0hlQVJObCtUSzZNSlZxQlJXMWdCUVBQTjArdVJyZz09fA&cppv=2

Request Chain 239

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0 HTTP 302
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0

Request Chain 241

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=o5ZEe53Q1MibUl5

Request Chain 242

https://x.bidswitch.net/sync?ssp=openx HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=openx HTTP 302
https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=openx HTTP 302
https://x.bidswitch.net/sync?dsp_id=188&user_id=sp0uLqGGTW96L10uoQV6irnsyeI&user_group=1&ssp=openx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072968&val=9cf88427-7212-4f6b-bd3d-c838238ed395

Request Chain 243

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072399%26val%3D%24UID HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8440837377965197702

Request Chain 244

https://match.prod.bidr.io/cookie-sync/ox HTTP 303
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFBczZrN0NSMzRBQUNkQXJaUi1Ydw&bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAAs6k7CR34AACdArZR-Xw&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpp%252Cox%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpp%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAs6k7CR34AACdArZR-Xw&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Cox&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=5029117218746704401 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAAs6k7CR34AACdArZR-Xw&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fuserid%3D5029117218746704401%26bee_sync_partners%3Dox%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4 HTTP 302
https://match.prod.bidr.io/cookie-sync?userid=5029117218746704401&bee_sync_partners=ox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=4&ev=AAAs6k7CR34AACdArZR-Xw&pid=558502&do=add HTTP 303
https://match.prod.bidr.io/cookie-sync?userid=5029117218746704401&bee_sync_partners=ox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=4&ev=AAAs6k7CR34AACdArZR-Xw&pid=558502&do=add&_bee_ppp=1 HTTP 303
https://us-u.openx.net/w/1.0/sd?id=537125688&val=AACPrU7CR34AACBe-8PmiQ HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537125688&val=AACPrU7CR34AACBe-8PmiQ

Request Chain 245

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=5e616123-bf21-4300-bb63-c9b2c1c41032

Request Chain 246

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=V-CgAAO3oAJM4qUCBOW_UFTno1dM4fYBWeE1chwf

Request Chain 247

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7344407860628154539

Request Chain 249

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OWQ3YjRlYTctNmU5ZC02MDJhLTRkYzAtYmVjOGI2NDg3MWIx HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OWQ3YjRlYTctNmU5ZC02MDJhLTRkYzAtYmVjOGI2NDg3MWIx&google_tc=

Request Chain 250

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc= HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDhPf0V1BK2f9zcDX4YJD5A&google_cver=1

Request Chain 251

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 255

https://c1.adform.net/serving/cookie/match?party=14&cid=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C

Request Chain 256

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5942344291156206745

Request Chain 258

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6999648394330110092

Request Chain 259

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CJZ_9uyqTG6NK3HYudzPLA%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 260

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b3d86123-bf21-4f00-8e4f-0dedfa9c7804

Request Chain 261

https://pixel.onaudience.com/?partner=214&mapped=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=64b859fe9a2885a7f053060bda8bb0ba HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
https://pixel.onaudience.com/?partner=147&mapped=ab7d7599-96a4-4d94-abd3-dacdd897a8f3&icm HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=64b859fe9a2885a7f053060bda8bb0ba HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
https://pixel.onaudience.com/?partner=147&mapped=ab7d7599-96a4-4d94-abd3-dacdd897a8f3&icm HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=b9072bcdcc4d7c93 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=cfe7b81f-17fc-40d2-6fbe-9a0758f45c4e&reqId=fb75e112-1cf6-4aa6-5f63-d39b42d7fb9c&zcluid=b9072bcdcc4d7c93&zdid=1332 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=cfe7b81f-17fc-40d2-6fbe-9a0758f45c4e&reqId=fb75e112-1cf6-4aa6-5f63-d39b42d7fb9c&zcluid=b9072bcdcc4d7c93&zdid=1332&google_tc= HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEIsbfd46RSQcUcGD4dDiR9k&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=cfe7b81f-17fc-40d2-6fbe-9a0758f45c4e&reqId=fb75e112-1cf6-4aa6-5f63-d39b42d7fb9c&zcluid=b9072bcdcc4d7c93&zdid=1332

Request Chain 262

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MDg5NjdGRjYtRUNBQS00QzZFLThEMkItNzFEOEI5RENDRjJD&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 263

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEE8tD1H8ukWt51lYw1jxEc&google_cver=1

Request Chain 265

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=1659697753357427786

Request Chain 266

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:96626123-bf21-4000-8574-97bf8e89ffe8&gdpr=0&gdpr_consent=

Request Chain 267

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=ab7d7599-96a4-4d94-abd3-dacdd897a8f3

Request Chain 268

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=9119601114556264357&gdpr=0&gdpr_consent=

Request Chain 269

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-FFyyTh5E2uXH.N0kpc2PLXWN3ZVhHpE-~A&gdpr=0&gdpr_consent=

Request Chain 271

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=SteA4x6AgOFR1YXhGdKfs0nQg7RR1tbiRNYfhmBK

Request Chain 272

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://a.volvelle.tech/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_uid=9cf88427-7212-4f6b-bd3d-c838238ed395 HTTP 302
https://a.volvelle.tech/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_uid=9cf88427-7212-4f6b-bd3d-c838238ed395 HTTP 302
https://x.bidswitch.net/sync?dsp_id=190&expires=14&user_group=1&user_id=609db6c2-e10f-4089-bcc0-59f66ffdeba0&ssp=pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=9cf88427-7212-4f6b-bd3d-c838238ed395&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 273

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YSO-IQAEBojpmwA4 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YSO-IQAEBojpmwA4&gdpr=0&gdpr_consent=&_test=YSO-IQAEBojpmwA4

Request Chain 274

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YSO-IQAEBsTrgAA4 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YSO-IQAEBsTrgAA4&_test=YSO-IQAEBsTrgAA4

Request Chain 275

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMkvfNpbYJnAQ5GstP4rDlE&google_cver=1

Request Chain 277

https://pixel.rubiconproject.com/exchange/sync.php?p=a9us HTTP 302
https://s.amazon-adsystem.com/ecm3?id=KSOSQI61-1C-L3GM&ex=d-rubiconproject.com&status=ok

Request Chain 278

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KSOSQI61-1C-L3GM&sigv=1&esig=2~f3708cbfc8e764ee50015050537e78d1bdf32574

Request Chain 280

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NPU1FJNjEtMUMtTDNHTQ==

Request Chain 281

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZmVmNGI0MGQ2MDY4MTY5MDA3NjUwOGNjY2QxOGZiNzJhZGIxYjQxNA

Request Chain 282

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

281 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html Show response
trithucvn.org/khoa-hoc/sinh-menh/
Redirect Chain

https://tnews.to/9-chu-chan-ngon-diet-virus-corona2
https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

120 KB
31 KB

355ms
328ms

Document
text/html

2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec0d8c64112cec90b99919c7901130036481ede2c19168b15c82b4c968670812

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: trithucvn.org
:scheme: https
:path: /khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <https://trithucvn.org/wp-json/>; rel="https://api.w.org/" <https://trithucvn.org/wp-json/wp/v2/posts/487476>; rel="alternate"; type="application/json" <https://trithucvn.org/?p=487476>; rel=shortlink
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GmdAkvNaK4w0RXC%2B1PWNqLe7SkQmIzzf9WdEr6pczb8P0JzxKrU7Kmlrlj3u5Fjtt6vo3MyHNsJfMJT9KxagaxkX5wuo1njxTTgWCdWdoRuOPCxxVAGNrIEUARy6JwzCOujozHscmurK3L4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6835620f5d2e05c4-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

date: Mon, 23 Aug 2021 15:30:36 GMT
content-type: text/html; charset=UTF-8
set-cookie: prli_click_2357=9-chu-chan-ngon-diet-virus-corona2; expires=Wed, 22-Sep-2021 15:30:35 GMT; Max-Age=2592000; path=/ prli_visitor=6123bf1bc9109; expires=Tue, 23-Aug-2022 15:30:35 GMT; Max-Age=31536000; path=/
x-robots-tag: noindex, nofollow
cache-control: no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
pragma: no-cache
expires: Mon, 07 Jul 1777 07:07:07 GMT
x-redirect-powered-by: Pretty Link Pro Developer 3.2.3 http://prettylink.com
x-redirect-by: WordPress
location: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jT8KzGe5%2BJjLeg9BZNYX3Fj%2BdHgFJeVTtilDC%2Bb5HbfxHaYpH%2FqUtPXsGLO3l0QNLh%2Bgvd3sGXo3xO6UuH7v7FdjUZ1JJyXdIhRsrsaIaU9qR%2FBmj8oF3ec2JW1udjLtoI0FqtNX6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68356208fe2a0621-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 bootstrap.css
trithucvn.org/wp-content/themes/trithucvn_v2/assets/css/ 118 KB
21 KB 68ms
54ms Stylesheet
text/css 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trithucvn.org/wp-content/themes/trithucvn_v2/assets/css/bootstrap.css

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47d10f8bd71903511b2eba72db03abad2dab28fe1deb4511c3961285d8c299df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/themes/trithucvn_v2/assets/css/bootstrap.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 219737
cf-polished: origSize=146010
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sat, 19 Dec 2020 11:41:47 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5fdde6fb-23a5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IAd6m1rnuG%2Fg2Lr9rUFhVLM7f8kGXWH5NAQR64bSeeAK43LdXsu%2FPsVa2z8nmScm0SbYvjGXpUtmW%2BMPECMv653Y1bT2pI6pkFMLnx617xq176fytgVcjGyTagEioNhrbE6PvW3Qj1NCPjM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
expires: Sat, 04 Sep 2021 00:03:50 GMT
cache-control: max-age=2678400
cf-ray: 6835621179b842ee-FRA
cf-bgj: minify

GET
H3-29 200 3799231a-1607098995.min.css
trithucvn.org/wp-content/asset-108/ 201 KB
39 KB 31ms
31ms Stylesheet
text/css 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trithucvn.org/wp-content/asset-108/3799231a-1607098995.min.css

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a1383580829b6fb18cb5252a2af871c20f4fdbba5ee6d0883e9759726518aea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/asset-108/3799231a-1607098995.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 80633
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sun, 22 Aug 2021 15:01:42 GMT
server: cloudflare
etag: W/"612266d6-32333"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pd%2B5XUcVXnM2zx5k2kfgCj9uzQNU2b5dxsW58PUrrxfIeXROG0xMxdbi2%2FSdwrBZTKz0%2BxeYAxuRvp%2BWWQYuxaBdUZzi1MpXFlsdj7tRki0FXB0iiEZooEy9kB0WJRMvJQecxXW%2B7fB3hnE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-ray: 6835621189c042ee-FRA
expires: Sun, 05 Sep 2021 15:15:23 GMT

GET
H3-29 200 logo.png
trithucvn.org/wp-content/themes/trithucvn_v2/images/ 3 KB
4 KB 24ms
23ms Image
image/webp 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/themes/trithucvn_v2/images/logo.png

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae6b4dcfd954d517682e6b44d103ee885d9f327a2855d2c6daefaf98053c912f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/themes/trithucvn_v2/images/logo.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15764
cf-polished: origFmt=png, origSize=7858
content-disposition: inline; filename="logo.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3572
last-modified: Sat, 14 Apr 2018 09:01:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5ad1c384-1eb2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hxAql7DAotWHTYJafiGB%2FNR7uj%2FwinlLBLObA22BEPRwljSqIuhjcZEDUXSr2%2Bxb3UeeECthrDSh6mVn3E8vkTmCbfX1KNGXhLc8UwdNfPFPA9i1h7e5e1MJAsEPUHEyexIIAzbFQzyzlZE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 22 Sep 2021 02:40:45 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 6835621189c542ee-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 7EBlRg6lWes Show response
www.youtube.com/embed/ Frame F860 55 KB
24 KB 76ms
56ms Document
text/html 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6a97569d9263ffaf4f3100952a7a9ddbb9a3485d6caabf04c1cd8118e33feab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/7EBlRg6lWes?start=38&feature=oembed
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 23 Aug 2021 15:30:36 GMT
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, DPR
accept-ch-lifetime: 2592000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=lVBIOwQNeow; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=M97jfGqdzqE; Domain=.youtube.com; Expires=Sat, 19-Feb-2022 15:30:36 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+324; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 huo7p7H7KFU Show response
www.youtube.com/embed/ Frame 1FB6 55 KB
23 KB 69ms
64ms Document
text/html 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

05d2f5286667c8ab571bad311ed62c2b5a50c9f5363b72c1757241cbf5580007

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/huo7p7H7KFU?feature=oembed
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 23 Aug 2021 15:30:36 GMT
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, DPR
accept-ch-lifetime: 2592000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=7s9141LO63U; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=E-6Czu6Pe1w; Domain=.youtube.com; Expires=Sat, 19-Feb-2022 15:30:36 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+582; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Prezi-image-221x147.jpg
trithucvn.org/wp-content/uploads/2020/11/ 6 KB
7 KB 17ms
15ms Image
image/webp 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2020/11/Prezi-image-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eeec4808b6538c30c05a03a04d1bd60ee90bb092c5dac84625bfd0aacce3690d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2020/11/Prezi-image-221x147.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 688313
cf-polished: qual=85, origFmt=jpeg, origSize=7881
content-disposition: inline; filename="Prezi-image-221x147.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5956
last-modified: Fri, 06 Nov 2020 09:42:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5fa51a94-1ec9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P%2FShra46M35ZTxdB9dHzW103m81Enkc1P0GWYSEIfUuCeWojDViZ5SLKlzhKxF%2B6OUDi3sJyxbSSXb7S00ZMb%2B1APBCKdwThyrClbnNJWccQe%2FkUVq%2FJPz6a0rDRljH5YfE3nbP3JiG%2FUzk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Tue, 14 Sep 2021 09:04:16 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 68356211aa6842ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 Cao-Tri-Thinh-On-Gia-Bao-Tap-Trong-Huan-Feature-221x147.jpg
trithucvn.org/wp-content/uploads/2021/04/ 6 KB
7 KB 17ms
15ms Image
image/webp 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2021/04/Cao-Tri-Thinh-On-Gia-Bao-Tap-Trong-Huan-Feature-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b41c9ae1ad7d3cb44874879a1ada59555bea61a666b21631fc5b4f47f0ba49d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2021/04/Cao-Tri-Thinh-On-Gia-Bao-Tap-Trong-Huan-Feature-221x147.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1566485
cf-polished: qual=85, origFmt=jpeg, origSize=34335
content-disposition: inline; filename="Cao-Tri-Thinh-On-Gia-Bao-Tap-Trong-Huan-Feature-221x147.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6350
last-modified: Sun, 25 Apr 2021 04:23:10 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "6084eeae-861f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5hBjJsRLPjb49jHm%2F9ItKMbmW%2B65mY4pvd1fe1C5BQd2nUk683CkDKB6H0Uud1pcvGyCRaD8f0%2BeNUTBRWsX15AULoaZ5fZ8B9Yp%2FwwGwkXn29RKPf%2B3jWDXADJDx3xMvxs22tzxt2l4uoI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Sun, 29 Aug 2021 05:34:48 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 68356211aa6b42ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 Vi-sao-theo-tap-Phap-Luan-Cong-Feature-02-221x147.jpg
trithucvn.org/wp-content/uploads/2020/06/ 13 KB
14 KB 17ms
16ms Image
image/jpeg 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2020/06/Vi-sao-theo-tap-Phap-Luan-Cong-Feature-02-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c92f18b7882cee11d8ddcede618f6b67ef2a41707b91ba7cb7df902ee2e566ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2020/06/Vi-sao-theo-tap-Phap-Luan-Cong-Feature-02-221x147.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1566485
cf-polished: degrade=85, origSize=75197, status=webp_bigger
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 13387
last-modified: Thu, 11 Jun 2020 08:30:31 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5ee1eba7-125bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4DOJzGL2soJibxHaPZFKO%2B5LrSqVI7tjClCuhL3GIabRI20PhYxJtfJuqgXdIT14lFT6p%2B23Rs15CA9oZCxycBJkzqnxEuSVxZzwZlL2nB5jS82PSI%2FXzcMixR92vZPdzIiQSwr5GBLykik%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
expires: Fri, 27 Aug 2021 12:18:16 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 68356211aa6d42ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 thumnail-corona-copy-V3-221x147.jpg
trithucvn.org/wp-content/uploads/2021/03/ 9 KB
10 KB 19ms
17ms Image
image/jpeg 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2021/03/thumnail-corona-copy-V3-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26ab8a4832ea69db1b6d39db4d840c60bd0b3cc8094cb88a32523e8993ef6484

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2021/03/thumnail-corona-copy-V3-221x147.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 313614
cf-polished: degrade=85, origSize=14913, status=webp_bigger
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 9390
last-modified: Sun, 28 Mar 2021 12:18:39 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "6060741f-3a41"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dh8EzWt5EqawlzsYy14c8A6%2F3uvMf6BzDaFCTGo%2BosSYnIx20zYuJ8wPaqzU9x1xgI%2BsNBV9wYJMnwgYoIi3je0td2IP2UVy%2F%2F552OExLvK%2F2hrU2GZEqGyvyZRADNgwbIyOWnXmtJ6slZ0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
expires: Fri, 27 Aug 2021 04:15:55 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 68356211aa7042ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 cau-be-doc-sach-giao-khoa-221x147.jpg
trithucvn.org/wp-content/uploads/2020/02/ 6 KB
7 KB 27ms
25ms Image
image/webp 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2020/02/cau-be-doc-sach-giao-khoa-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

896192c79b551e0c6e0dcf9f37f9424e94b9ce776e74d81c9ae82537a03cb31d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2020/02/cau-be-doc-sach-giao-khoa-221x147.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2407128
cf-polished: qual=85, origFmt=jpeg, origSize=10637
content-disposition: inline; filename="cau-be-doc-sach-giao-khoa-221x147.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6316
last-modified: Sun, 02 Feb 2020 06:09:48 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5e3667ac-298d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rhJc%2FIEj1HE7%2FpsZq1DRscjVi7%2F4YuyqUoNp1xqj%2BEAlXM5lmOF7veeHGxRodVsVYeousEJYZ9NnvNtTP%2FF3XHg4iDQo5j%2BJWshtRPlS21%2F%2BBk1Xu%2Bapyn8doA4b8d4avL%2F5IyuJpSkde%2Bc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Sat, 21 Aug 2021 01:22:03 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 68356211aa7142ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 Chu-nghia-cong-san-va-nhung-bo-mat-01-221x147.jpg
trithucvn.org/wp-content/uploads/2020/06/ 10 KB
11 KB 27ms
25ms Image
image/jpeg 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2020/06/Chu-nghia-cong-san-va-nhung-bo-mat-01-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45fb424758db2d884b16795c44e4530118ca3096caa6bd9133c772d4c4412c04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2020/06/Chu-nghia-cong-san-va-nhung-bo-mat-01-221x147.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2407128
cf-polished: degrade=85, origSize=33215, status=webp_bigger
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 10293
last-modified: Tue, 23 Jun 2020 09:40:51 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5ef1ce23-81bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SVvdeGQkCspyP%2FoKShKY%2BOUbtoxYGn%2FJLtQV7ZkEGvKzFY4TPtnU6QKi8J9E9SzTLINk8SXSCizZfrXamhSVsNiXRxpcwcqvioBcqWzm6xVJq7m764%2BSLqxcWhQKzpSvwzSwhxIUEUfcIu8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
expires: Sat, 14 Aug 2021 22:11:43 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 68356211aa7342ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 Troi-diet-Trung-Cong-Feature-221x147.jpg
trithucvn.org/wp-content/uploads/2020/07/ 11 KB
12 KB 28ms
27ms Image
image/jpeg 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2020/07/Troi-diet-Trung-Cong-Feature-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b32ba88afa246c3eedb5e437757888c0f1f0204deb9ab5c3526eb8fb9a5a2923

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2020/07/Troi-diet-Trung-Cong-Feature-221x147.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 313501
cf-polished: degrade=85, origSize=62989, status=webp_bigger
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 11312
last-modified: Sun, 19 Jul 2020 17:45:57 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5f1486d5-f60d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cyyhDeImjpeIKVtBFhUvsftMWNMl%2FklsjN%2FZPZvxg58AbojA5yVH5XCTwCtQe8fu48V0GZS9gmCjAnDYgWossv3kmT7clujqIfE7MWltJEhBRbgoA8GFXdKXxxM9Jj6%2Bjqizek7pQfa6u1A%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
expires: Fri, 27 Aug 2021 04:15:59 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 68356211aa7642ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 AI-LA-KE-GIET-NGUOI-NHIEU-NHAT-TRONG-LICH-SU-THE-GIOI-221x147.jpg
trithucvn.org/wp-content/uploads/2019/11/ 11 KB
12 KB 28ms
27ms Image
image/jpeg 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2019/11/AI-LA-KE-GIET-NGUOI-NHIEU-NHAT-TRONG-LICH-SU-THE-GIOI-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f2606f1fea25d37aa1e007a76b58f01651ef9a09841bbd186b49f08e24f888c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2019/11/AI-LA-KE-GIET-NGUOI-NHIEU-NHAT-TRONG-LICH-SU-THE-GIOI-221x147.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2407128
cf-polished: degrade=85, origSize=48117, status=webp_bigger
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 11426
last-modified: Tue, 05 Nov 2019 02:34:18 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5dc0dfaa-bbf5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IzIWW%2FuUVaus2mcmfakJBse35jwJ0PMeHyp8dShz0jhSofO%2FBqbXc8B7gYRZaN0W6Qx%2BjIkrsueYSe4zCZJjy4UTJh9nbiRKU5Lr1OAf9F8LsBoQD5DUEBEyuRyl4UF53d56S4O7JPr1aeY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
expires: Mon, 02 Aug 2021 01:32:15 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 68356211aa7a42ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 rocket-loader.min.js Show response
trithucvn.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 37ms
36ms Script
application/javascript 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trithucvn.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 12 Aug 2021 10:09:00 GMT
server: cloudflare
etag: W/"6114f33c-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZLlrBTCyb7jUjkoF8QXZuZ65gQxLVqyrZTivXj1%2FBHhTjCBm0roM71DRm5RPm97xCMZYkq49%2FFM0yaWGSK%2BOXM%2Fr%2FrieoP23Jt9PcwLreXACTt%2BRgIrZ3QeGrwBVfJ4BgplWp0MDYGLU0OY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68356211aa7d42ee-FRA
vary: Accept-Encoding
expires: Wed, 25 Aug 2021 15:30:36 GMT

GET
H2 200 ZZ7gnl5yOvI Show response
www.youtube.com/embed/ Frame F422 55 KB
24 KB 80ms
79ms Document
text/html 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2099aa179089fa5a04cd62fd26066191736e5f4db298231efa51e3d37b91e73d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/ZZ7gnl5yOvI?feature=oembed
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 23 Aug 2021 15:30:36 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, DPR
accept-ch-lifetime: 2592000
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=orGJv1f76m8; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=1TkM4oBA7XQ; Domain=.youtube.com; Expires=Sat, 19-Feb-2022 15:30:36 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+230; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 fontawesome-webfont.woff2
trithucvn.org/wp-content/themes/trithucvn_v2/fonts/fontawesome/ 65 KB
66 KB 18ms
17ms Font
font/woff2 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trithucvn.org/wp-content/themes/trithucvn_v2/fonts/fontawesome/fontawesome-webfont.woff2

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/3799231a-1607098995.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/themes/trithucvn_v2/fonts/fontawesome/fontawesome-webfont.woff2
pragma: no-cache
origin: https://trithucvn.org
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: trithucvn.org
referer: https://trithucvn.org/wp-content/asset-108/3799231a-1607098995.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://trithucvn.org
Referer: https://trithucvn.org/wp-content/asset-108/3799231a-1607098995.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2649146
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 66624
last-modified: Sat, 14 Apr 2018 09:01:51 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5ad1c37f-10440"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tq4vBbvzD303xMh2DGQueStCgr0PWS3dRfpsLZ0O5OkXS%2BRtyJSZwOjUMt3LwD7kcbeBQ3XLq3eE6TdAuqVawd8fdk4GEiXaWhd6jI5yXTElC%2FFnUGQmf9n8gINaRXtz5eumhIo1PTp%2FqDE%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 683562120b7f42ee-FRA
expires: Sat, 23 Apr 2022 22:50:18 GMT

GET
H3-29 200 lato-regular.ttf
trithucvn.org/wp-content/themes/trithucvn_v2/fonts/lato/ 642 KB
643 KB 33ms
32ms Font
application/octet-stream 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trithucvn.org/wp-content/themes/trithucvn_v2/fonts/lato/lato-regular.ttf

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/3799231a-1607098995.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f6940be0835c3ddec9199e5fc42be4cbc61ebcfd58c623fdf719366253f1780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/themes/trithucvn_v2/fonts/lato/lato-regular.ttf
pragma: no-cache
origin: https://trithucvn.org
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: trithucvn.org
referer: https://trithucvn.org/wp-content/asset-108/3799231a-1607098995.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://trithucvn.org
Referer: https://trithucvn.org/wp-content/asset-108/3799231a-1607098995.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2649092
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 657212
last-modified: Sat, 14 Apr 2018 09:01:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5ad1c380-a073c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nm2uvvZimyE%2BrJoLVTGLE0r3wWWO%2FcBY8R5jfXm41%2BbE5iVxo%2FiUmLq2pXNoUasH9NksAarkyH6ypEDdW88yRI2Dr85hMwXfqbMMwDAMDHQsV%2BiuUQXpP3NDI4%2BTAuqj%2BACuqEZGXS1oJGE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 683562120b8642ee-FRA
expires: Fri, 29 Apr 2022 20:53:02 GMT

GET
H3-29 200 lato-bold.ttf
trithucvn.org/wp-content/themes/trithucvn_v2/fonts/lato/ 642 KB
643 KB 19ms
18ms Font
application/octet-stream 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trithucvn.org/wp-content/themes/trithucvn_v2/fonts/lato/lato-bold.ttf

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/3799231a-1607098995.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf1b8130069b44b9148eeece35e5423bedac49777ba746615b826b8276574a7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/themes/trithucvn_v2/fonts/lato/lato-bold.ttf
pragma: no-cache
origin: https://trithucvn.org
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: trithucvn.org
referer: https://trithucvn.org/wp-content/asset-108/3799231a-1607098995.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://trithucvn.org
Referer: https://trithucvn.org/wp-content/asset-108/3799231a-1607098995.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3156527
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 657188
last-modified: Sat, 14 Apr 2018 09:01:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5ad1c380-a0724"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lrUW4nGZtfMv%2FnnF88qnrFSsvoIw3lv%2F4YdTED0Xf1Be333Pv%2BEm9QNOT4A3c9yy6hhdtei1sg0CTosy9cH0K5Sd2Vv47c6MZ7GTBCSBKfCn9tGXV4Re9uEFIXrSlbhhH0ZJQlt2voPYJoE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 683562120b8742ee-FRA
expires: Wed, 22 Jun 2022 01:06:53 GMT

GET
H3-29 200 nie%CC%A3%CC%82m-9-chu%CC%9B%CC%83-v3.jpg
trithucvn.org/wp-content/uploads/2021/03/ 181 KB
182 KB 197ms
196ms Image
image/webp 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2021/03/nie%CC%A3%CC%82m-9-chu%CC%9B%CC%83-v3.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b5a2130c85b14f1fbcc337083fd7449b227fc06128f07a98cc0d8a66bea5bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2021/03/nie%CC%A3%CC%82m-9-chu%CC%9B%CC%83-v3.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: qual=85, origFmt=jpeg, origSize=214745
content-disposition: inline; filename="nie%CC%A3%CC%82m-9-chu%CC%9B%CC%83-v3.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 185454
last-modified: Sun, 28 Mar 2021 10:52:26 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "60605fea-346d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DACtGk2BVgW%2FL%2FxpoufEpX3%2BbjnIN5rwzYrJlaYgCEgv2s%2FDQyGXTQ%2BC0Fg1K%2FGAoSLhJmohZVPhO5jiZgNYBOFLo2K8qtgSuQUz1Sri0ldbVVbroOJT6um3ifc0EQrsqcd6%2BDQiXAbybL4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 22 Sep 2021 15:28:40 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 68356212cdda42ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 GS_Ly_Tu_Sam-scaled.jpg
trithucvn.org/wp-content/uploads/2021/03/ 123 KB
124 KB 321ms
321ms Image
image/jpeg 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2021/03/GS_Ly_Tu_Sam-scaled.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab026f176aab0bb1f9008f90947b5e5b1c2282e0bfb7c50333f11c3fb028c871

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2021/03/GS_Ly_Tu_Sam-scaled.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 125948
last-modified: Sat, 06 Mar 2021 16:19:48 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "6043aba4-1ebfc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E9qNMO5c5KRikCs7TKlpC5YbWFZiP2UipNisLlEPCionBlJ%2Bssffe%2BwHdbRO16tdNlJiTvWAQq8%2FEtRi%2Bs3becaT4fhWuip5NzjpiUIoZAsUW9bDRxW%2Bd%2F0M2GSQAU%2Fw75qoMi220jP1WAg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 68356212cdde42ee-FRA
expires: Wed, 22 Sep 2021 15:30:36 GMT

GET
H3-29 200 ttvn-messaging.js Show response
trithucvn.org/messaging/ 8 KB
4 KB 18ms
18ms Script
application/javascript 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trithucvn.org/messaging/ttvn-messaging.js

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da254dc4b69bde849b69c2a2a3aab091fe0ce338c66b73e4551fe8fb073eaf02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /messaging/ttvn-messaging.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1119742
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 06 Jul 2020 16:07:46 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5f034c52-2164"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2BiRJTAm7WPsGIqWaAV2x%2F8mecHrX1hIS8%2FWn7BJYlwUXtjSpVXJB1uwHhaErf%2BWFitEw7lkHo7WKScNSLFOXod2tJvdhl%2B7TuoBaJO9gZm3RaNtBqipn%2BcT7IKnCkjXyLJ9ydf0p08YZ4o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2678400
cf-ray: 68356212ee2542ee-FRA
expires: Wed, 11 Aug 2021 04:30:44 GMT

GET
H3-29 200 bb4d1e87-1607098995.min.js Show response
trithucvn.org/wp-content/asset-108/ 151 KB
49 KB 27ms
26ms Script
application/javascript 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trithucvn.org/wp-content/asset-108/bb4d1e87-1607098995.min.js

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

019bc172b27c0a563b4854704ba4275b87ee73e12e9ecc7dd10de95318f98072

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/asset-108/bb4d1e87-1607098995.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 80633
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sun, 22 Aug 2021 15:01:44 GMT
server: cloudflare
etag: W/"612266d8-25d5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8VdXsz2DVzA%2F%2BKbRv8qPf%2BHEgNfNJl5%2B6GMVKw4AswL%2Fg45DHOnY53v%2B75JYQTUtskd4TufBaTI6CHAgJP1Y4jlZyg3ng7VkCelZTWPhOwzgeAmFXmjUcpHHzZc1jseoGj5uynq5obWvdwY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-ray: 68356212ee2942ee-FRA
expires: Sun, 05 Sep 2021 15:15:24 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 22ms
6ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d64656359bd2d0987aa742d5f3d99551aed713296ad215fd465768e69ab7091e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://trithucvn.org
Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: WHXZhziUovqHgH1DDF0ojA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: pnNhs18JiPRNOJOg/K51YpzhxZKN09GEsZ2dHuuyVWT4hp9joAZ12UXb7u4xaHZ5OFfnzLHBs4XIZXO9n4X2IQ==
x-fb-trip-id: 686109401
x-fb-content-md5: f0af3b162a014a1f4f28c3edbe7d7536
x-frame-options: DENY
date: Mon, 23 Aug 2021 15:30:36 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "d639bace9cad3cf8184125a70ac43260"
timing-allow-origin: *
expires: Mon, 23 Aug 2021 15:41:01 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
49 KB 53ms
26ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d9f881bced29824538dfc0f6b098f5410580c1851176fa169cae6da114ebef4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49841
x-xss-protection: 0
server: cafe
etag: 9047602529581312618
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 23 Aug 2021 15:30:36 GMT

GET
H2 200 ats.js Show response
anymind360.com/js/3804/ 112 KB
27 KB 23ms
7ms Script
application/javascript 2a04:4e42::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://anymind360.com/js/3804/ats.js

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

4eddc90b1e7d7d62967a316bb37abb25208fcca3870a34231edd97aba10b58a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:36 GMT
content-encoding: gzip
age: 53197
x-guploader-uploadid: ADPycdup2WvVYMhlZ5YcqodUq3iK2DA-nlhOejS7afJ8t279yOolew9NDOUEvc_Ir0tVjPLt0nc886HBA-dOwmsoNLY
x-cache: HIT, HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
strict-transport-security: max-age=300
content-length: 27194
x-served-by: cache-tyo11937-TYO, cache-fra19180-FRA
access-control-allow-origin: *
expires: Mon, 23 Aug 2021 00:43:59 GMT
last-modified: Wed, 07 Jul 2021 10:10:29 GMT
server: UploadServer
x-timer: S1629732637.638759,VS0,VE1
etag: "9c22acd71871c252766c4c5a0037e4c5"
vary: Accept-Encoding
x-goog-hash: crc32c=P2/sUw==, md5=nCKs1xhxwlJ2bExaADfkxQ==
x-goog-generation: 1625652629510231
via: 1.1 varnish, 1.1 varnish
access-control-expose-headers: Content-Type
cache-control: max-age=1200
x-goog-stored-content-length: 27194
accept-ranges: bytes
content-type: application/javascript; charset=UTF-8
x-cache-hits: 1, 1

GET
H3-29 200 www-player-webp.css
www.youtube.com/s/player/b555ee94/ Frame F860 329 KB
45 KB 25ms
10ms Stylesheet
text/css 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa52f6b5576b95a51157b7b318e6bf15c54cfe5013ed068c66fde0852971f28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 11:43:40 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
age: 13616
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46249
x-xss-protection: 0
expires: Tue, 23 Aug 2022 11:43:40 GMT

GET
H3-29 200 www-embed-player.js Show response
www.youtube.com/s/player/b555ee94/www-embed-player.vflset/ Frame F860 193 KB
64 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3cc4e229cc22a45146d4f3c3358e36ad1cafe05c73d07fba488da967a85a58ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 21:04:41 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
age: 152755
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65245
x-xss-protection: 0
expires: Sun, 21 Aug 2022 21:04:41 GMT

GET
H3-29 200 base.js Show response
www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/ Frame F860 2 MB
497 KB 45ms
30ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0930cdf7a5ac7dd8c0eee66b6d5d1e215205f9f08228cb0b048acd4f08016920

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:07:44 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
age: 1372
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 508404
x-xss-protection: 0
expires: Tue, 23 Aug 2022 15:07:44 GMT

GET
H3-29 200 fetch-polyfill.js Show response
www.youtube.com/s/player/b555ee94/fetch-polyfill.vflset/ Frame F860 8 KB
3 KB 41ms
25ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 22:31:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61129
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 22 Aug 2022 22:31:47 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F860 15 KB
15 KB 7ms
5ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 00:42:56 GMT
x-content-type-options: nosniff
age: 571660
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 00:42:56 GMT

GET
H3-29 200 www-player-webp.css
www.youtube.com/s/player/b555ee94/ Frame 1FB6 329 KB
45 KB 29ms
17ms Stylesheet
text/css 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa52f6b5576b95a51157b7b318e6bf15c54cfe5013ed068c66fde0852971f28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 11:43:40 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
age: 13616
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46249
x-xss-protection: 0
expires: Tue, 23 Aug 2022 11:43:40 GMT

GET
H3-29 200 www-embed-player.js Show response
www.youtube.com/s/player/b555ee94/www-embed-player.vflset/ Frame 1FB6 193 KB
64 KB 32ms
21ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3cc4e229cc22a45146d4f3c3358e36ad1cafe05c73d07fba488da967a85a58ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 21:04:41 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
age: 152755
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65245
x-xss-protection: 0
expires: Sun, 21 Aug 2022 21:04:41 GMT

GET
H3-29 200 base.js Show response
www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/ Frame 1FB6 2 MB
497 KB 37ms
26ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0930cdf7a5ac7dd8c0eee66b6d5d1e215205f9f08228cb0b048acd4f08016920

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:07:44 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
age: 1372
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 508404
x-xss-protection: 0
expires: Tue, 23 Aug 2022 15:07:44 GMT

GET
H3-29 200 fetch-polyfill.js Show response
www.youtube.com/s/player/b555ee94/fetch-polyfill.vflset/ Frame 1FB6 8 KB
3 KB 31ms
21ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 22:31:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61129
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 22 Aug 2022 22:31:47 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 1FB6 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 00:42:56 GMT
x-content-type-options: nosniff
age: 571660
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 00:42:56 GMT

GET
H3-29 200 www-player-webp.css
www.youtube.com/s/player/b555ee94/ Frame F422 329 KB
45 KB 18ms
10ms Stylesheet
text/css 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa52f6b5576b95a51157b7b318e6bf15c54cfe5013ed068c66fde0852971f28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 11:43:40 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
age: 13616
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46249
x-xss-protection: 0
expires: Tue, 23 Aug 2022 11:43:40 GMT

GET
H3-29 200 www-embed-player.js Show response
www.youtube.com/s/player/b555ee94/www-embed-player.vflset/ Frame F422 193 KB
64 KB 32ms
25ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3cc4e229cc22a45146d4f3c3358e36ad1cafe05c73d07fba488da967a85a58ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 21:04:41 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
age: 152755
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65245
x-xss-protection: 0
expires: Sun, 21 Aug 2022 21:04:41 GMT

GET
H3-29 200 base.js Show response
www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/ Frame F422 2 MB
497 KB 36ms
29ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0930cdf7a5ac7dd8c0eee66b6d5d1e215205f9f08228cb0b048acd4f08016920

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:07:44 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
age: 1372
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 508404
x-xss-protection: 0
expires: Tue, 23 Aug 2022 15:07:44 GMT

GET
H3-29 200 fetch-polyfill.js Show response
www.youtube.com/s/player/b555ee94/fetch-polyfill.vflset/ Frame F422 8 KB
3 KB 29ms
23ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 22:31:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61129
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 22 Aug 2022 22:31:47 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F422 15 KB
15 KB 11ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 00:42:56 GMT
x-content-type-options: nosniff
age: 571660
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Aug 2022 00:42:56 GMT

GET
H3-29

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 1FB6
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

113 B
161 B

42ms
27ms

XHR
application/json

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef3915c63877f200ddb3939ffe89dd567705a04380d1463b6b5d6f426bcee667

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 1FB6 29 B
423 B 27ms
5ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:29:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 56
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:44:41 GMT

GET
H3-29

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame F422
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

113 B
161 B

27ms
27ms

XHR
application/json

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fad36fce49208d858bee9c235ba1e91c94672ad6ed5e238fbc78b18d61cbd7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame F422 29 B
87 B 6ms
5ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:29:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 56
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:44:41 GMT

GET
H3-29

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame F860
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

113 B
161 B

29ms
29ms

XHR
application/json

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20c978136c7f2ad511fda636a41ea7a039b067475101067a93988714d482595b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame F860 29 B
52 B 20ms
6ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/www-embed-player.vflset/www-embed-player.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:29:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 56
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:44:41 GMT

GET
H3-29 200 remote.js Show response
www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/ Frame 1FB6 95 KB
29 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6221d51dec89592c9f60ea68c839f932b60d6f03cb966e0e9a4afbb1e3bb5e8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:04:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1589
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29741
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 15:04:08 GMT

GET
H3-29 200 xB0WibN_FLYr8mkfyAkAXk5nwggZTjnjnl_iEnK5NCc.js Show response
www.google.com/js/th/ Frame 1FB6 35 KB
13 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/xB0WibN_FLYr8mkfyAkAXk5nwggZTjnjnl_iEnK5NCc.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c41d1689b37f14b62bf2691fc809005e4e67c208194e39e39e5fe21272b93427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 08:39:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13170
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 15:00:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 08:39:45 GMT

GET
H3-29 200 embed.js Show response
www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/ Frame 1FB6 24 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92afa9485ca4ccf9d827259ae32c1868922e79a8c5677db8757acc8a0170e959

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 13:04:45 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
age: 8752
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7274
x-xss-protection: 0
expires: Tue, 23 Aug 2022 13:04:45 GMT

GET
DATA 200
OK truncated
/ Frame 1FB6 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLQrJuMSvkQstouSNlRGwi2KOl24CGjmxaKOgDut_w=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 1FB6 4 KB
4 KB 27ms
6ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLQrJuMSvkQstouSNlRGwi2KOl24CGjmxaKOgDut_w=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

595fe6b8e8ebb1b58e9f0b99b2e82e245cab320b15938afdd18b60eccc2ef6e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 14:58:12 GMT
x-content-type-options: nosniff
age: 1945
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3656
x-xss-protection: 0
server: fife
etag: "vb6"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 07 Jul 2021 07:46:52 GMT

GET
H2 200 sddefault.webp
i.ytimg.com/vi_webp/huo7p7H7KFU/ Frame 1FB6 19 KB
20 KB 60ms
39ms Image
image/webp 2a00:1450:4001:802::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/huo7p7H7KFU/sddefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81b8a91e8d82903afc3098abcf549f86d1af564cccc41880e6c07663ae6100cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
server: sffe
etag: "0"
vary: Origin
content-type: image/webp
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19884
x-xss-protection: 0
expires: Mon, 23 Aug 2021 17:30:37 GMT

GET
H3-29 200 remote.js Show response
www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/ Frame F422 95 KB
29 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6221d51dec89592c9f60ea68c839f932b60d6f03cb966e0e9a4afbb1e3bb5e8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:04:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1589
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29741
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 15:04:08 GMT

GET
H3-29 200 xB0WibN_FLYr8mkfyAkAXk5nwggZTjnjnl_iEnK5NCc.js Show response
www.google.com/js/th/ Frame F422 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/xB0WibN_FLYr8mkfyAkAXk5nwggZTjnjnl_iEnK5NCc.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c41d1689b37f14b62bf2691fc809005e4e67c208194e39e39e5fe21272b93427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 08:39:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13170
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 15:00:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 08:39:45 GMT

GET
H3-29 200 embed.js Show response
www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/ Frame F422 24 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92afa9485ca4ccf9d827259ae32c1868922e79a8c5677db8757acc8a0170e959

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 13:04:45 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
age: 8752
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7274
x-xss-protection: 0
expires: Tue, 23 Aug 2022 13:04:45 GMT

GET
H3-29 200 remote.js Show response
www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/ Frame F860 95 KB
29 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6221d51dec89592c9f60ea68c839f932b60d6f03cb966e0e9a4afbb1e3bb5e8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:04:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1589
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29741
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 15:04:08 GMT

GET
H3-29 200 xB0WibN_FLYr8mkfyAkAXk5nwggZTjnjnl_iEnK5NCc.js Show response
www.google.com/js/th/ Frame F860 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/xB0WibN_FLYr8mkfyAkAXk5nwggZTjnjnl_iEnK5NCc.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c41d1689b37f14b62bf2691fc809005e4e67c208194e39e39e5fe21272b93427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 08:39:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13170
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 15:00:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 08:39:45 GMT

GET
H3-29 200 embed.js Show response
www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/ Frame F860 24 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92afa9485ca4ccf9d827259ae32c1868922e79a8c5677db8757acc8a0170e959

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 13:04:45 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 00:25:39 GMT
server: sffe
age: 8752
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7274
x-xss-protection: 0
expires: Tue, 23 Aug 2022 13:04:45 GMT

GET
DATA 200
OK truncated
/ Frame F860 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 oDy-mN86aUCBMoUgd28Zv75YXVFRwworaPAx1c5XuDtf8_sv1xtLTZqw0LBOeZ0KYPvufWr4Y2g=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame F860 3 KB
3 KB 21ms
6ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/oDy-mN86aUCBMoUgd28Zv75YXVFRwworaPAx1c5XuDtf8_sv1xtLTZqw0LBOeZ0KYPvufWr4Y2g=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c727a03e090c4898f58b401f45f789e6b0f72bda6015ebcb37da76e70b6f45b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 13:06:11 GMT
x-content-type-options: nosniff
age: 8666
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3007
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 21 Jul 2021 04:27:48 GMT

GET
H3-29 200 hqdefault.jpg
i.ytimg.com/vi/7EBlRg6lWes/ Frame F860 34 KB
34 KB 30ms
16ms Image
image/jpeg 2a00:1450:4001:802::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/7EBlRg6lWes/hqdefault.jpg

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc1585c0574faf5cd2a22b480728e4bb2010f270e1fa58783d8fb4eff2e6d33d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
server: sffe
etag: "1623334619"
vary: Origin
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35239
x-xss-protection: 0
expires: Mon, 23 Aug 2021 17:30:37 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F860 12 KB
12 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 20:14:26 GMT
x-content-type-options: nosniff
age: 155771
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11936
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Aug 2022 20:14:26 GMT

GET
DATA 200
OK truncated
/ Frame F422 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 AKedOLRmTy7cq2-HkE6quHr_Sva5gpwKPxii5o_Ihuez=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame F422 3 KB
3 KB 174ms
164ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLRmTy7cq2-HkE6quHr_Sva5gpwKPxii5o_Ihuez=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fb01c92bcfaec84be435b67861bc9f6347fb75a09c0bbf686d5edd78332a8809

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3086
x-xss-protection: 0
server: fife
etag: "v40"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 23 Aug 2021 20:54:59 GMT

GET
H3-29 200 sddefault.webp
i.ytimg.com/vi_webp/ZZ7gnl5yOvI/ Frame F422 15 KB
15 KB 115ms
103ms Image
image/webp 2a00:1450:4001:802::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/ZZ7gnl5yOvI/sddefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4554cd2852d1a341daaa1308e888ae6ad9899f501328fad7cda7fbc2e74a78c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
server: sffe
etag: "1425896657"
vary: Origin
content-type: image/webp
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15230
x-xss-protection: 0
expires: Mon, 23 Aug 2021 17:30:37 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F422 12 KB
12 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 20:14:26 GMT
x-content-type-options: nosniff
age: 155771
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11936
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Aug 2022 20:14:26 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 1FB6 4 KB
2 KB 41ms
20ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
x-content-type-options: nosniff
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:37 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu7WxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F860 5 KB
5 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7WxKOzY.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 16 Aug 2021 20:45:11 GMT
x-content-type-options: nosniff
age: 585926
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5224
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Aug 2022 20:45:11 GMT

GET
H3-29 204 generate_204
www.youtube.com/ Frame 1FB6 0
9 B 6ms
5ms Image
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?vEbLcQ
Requested by: Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3-29 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame F422 4 KB
2 KB 32ms
18ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
x-content-type-options: nosniff
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:37 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu7WxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F422 5 KB
5 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7WxKOzY.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 16 Aug 2021 20:45:11 GMT
x-content-type-options: nosniff
age: 585926
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5224
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Aug 2022 20:45:11 GMT

GET
H3-29 204 generate_204
www.youtube.com/ Frame F422 0
9 B 6ms
5ms Image
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?NNZ7oA
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3-29 204 generate_204
www.youtube.com/ Frame F860 0
9 B 6ms
5ms Image
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?36X0Eg
Requested by: Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3-29 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame F860 4 KB
2 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
x-content-type-options: nosniff
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:37 GMT

GET
H3-29 200 wp-emoji-release.min.js Show response
trithucvn.org/wp-includes/js/ 14 KB
5 KB 16ms
15ms Script
application/javascript 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trithucvn.org/wp-includes/js/wp-emoji-release.min.js

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1118375
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 04 Dec 2020 15:41:19 GMT
server: cloudflare
etag: W/"5fca589f-37a6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sr9BLe1Za7DDf5bjZMuyFQ9FRd3JE%2Fg1sF5SsLfF7yjjL8gELNXOlDr4bdil%2BEuFUzIRW7bQF6vMyo4RRJJUUFpixkreb6iEec8GVvFK51oJkQek2odrYEXjQ91EORGq0YDyq%2BX1HLpE2W8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-ray: 6835621959c942ee-FRA
expires: Fri, 13 Aug 2021 04:01:38 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 72 KB
25 KB 91ms
43ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: anymind360.com
URL: https://anymind360.com/js/3804/ats.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

220cc9e11e3a6c61c8c92edf45d16b603f83972760341817cb6c3a0ede92850a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "967 / 255 of 1000 / last-modified: 1629717150"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25318
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:37 GMT

GET
H2 200 prebid.js Show response
anymind360.com/js/ 405 KB
127 KB 6ms
6ms Script
application/javascript 2a04:4e42::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://anymind360.com/js/prebid.js

Requested by

Host: anymind360.com
URL: https://anymind360.com/js/3804/ats.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

c6c777825597470d14a7e9230fe5570683be4e1167211a6e378cce2c502e2fbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
age: 119334
x-guploader-uploadid: ADPycdsMHFWg1zkrAIoI1WQE6yWB7FbH9q6PHCKKEHr8M4R8JWe3J7CPgn2gH8gEJRLV7lqbwPl0_hr6FkDynl2z35w
x-cache: HIT, HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
strict-transport-security: max-age=300
content-length: 129873
x-served-by: cache-tyo11971-TYO, cache-fra19180-FRA
access-control-allow-origin: *
expires: Sun, 22 Aug 2021 06:21:42 GMT
last-modified: Mon, 02 Aug 2021 06:21:39 GMT
server: UploadServer
x-timer: S1629732638.659032,VS0,VE0
etag: "001e9b60cf70fddc774395b1586f1ff2"
vary: Accept-Encoding
x-goog-hash: crc32c=HkCyQw==, md5=AB6bYM9w/dx3Q5WxWG8f8g==
x-goog-generation: 1627885299191208
via: 1.1 varnish, 1.1 varnish
access-control-expose-headers: Content-Type
cache-control: max-age=43200
x-goog-stored-content-length: 129873
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 156067, 3

GET
H/1.1 200
OK atrk.js Show response
d31qbv1cthcecs.cloudfront.net/ 4 KB
2 KB 44ms
14ms Script
application/javascript 13.224.102.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d31qbv1cthcecs.cloudfront.net/atrk.js
Requested by: Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.102.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-37.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 27 Apr 2021 18:07:27 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Tue, 27 Apr 2021 18:03:54 GMT
Server: AmazonS3
Age: 10185790
ETag: W/"d89453438fbf10dcf4c13265c40d5160"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 cd66c5a89ae3376f15c155e3b52a758d.cloudfront.net (CloudFront)
Cache-Control: max-age=26920000
Transfer-Encoding: chunked
X-Amz-Cf-Pop: ZRH50-C1
X-Amz-Cf-Id: S_SIN76t_9pzjHQxsWcFFuhAfFvfsRFcyqPx2d0G0UacoS8J3LJZfw==

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108190101/ 252 KB
93 KB 46ms
33ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108190101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6165839859605860&plah=trithucvn.org

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e50923eeab2fab42aabd0b1dd0295ed74f9bf5eec3f91bdcb4b36316a40860bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95447
x-xss-protection: 0
server: cafe
etag: 5134495107379379254
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 23 Aug 2021 15:30:37 GMT

GET
H3-29 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210816/r20190131/ Frame 5285 10 KB
4 KB 6ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210816/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5f3085127d154cbd72e219052312767d460633fafa6e38bb9a9446ddb03a270

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210816/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnLmQfBykm7jHkiRQf4SgavfbFCU5ZyTprkdnKOJGEba3w4vvmke4_T3oU6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 23 Aug 2021 09:18:41 GMT
expires: Mon, 06 Sep 2021 09:18:41 GMT
content-type: text/html; charset=UTF-8
etag: 8999110079160743657
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4576
x-xss-protection: 0
age: 22316
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 70ms
24ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Ftrithucvn.org%2F&domain=trithucvn.org&cw=1

Protocol

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://trithucvn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://trithucvn.org
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1498
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Ftrithucvn.org%2F&domain=trithucvn.org&cw=1
https://mug.criteo.com/sid?cpp=4s-ui3wwcWpQaWltNUZnNndNb0E1ZFVFRUI2YzJkbldmNTY0UTBBdmMvS0Y2aHFUenVrSERwYVNpaHUvbmdLejIzRUE0Zk5tQllobXJmWU1PeWVTTTFqVWptbTJGRjFPOUxXY28vemtlT3pKckRJdmt2eG4xZXBMWXZiQT...

353 B
611 B

86ms
30ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=4s-ui3wwcWpQaWltNUZnNndNb0E1ZFVFRUI2YzJkbldmNTY0UTBBdmMvS0Y2aHFUenVrSERwYVNpaHUvbmdLejIzRUE0Zk5tQllobXJmWU1PeWVTTTFqVWptbTJGRjFPOUxXY28vemtlT3pKckRJdmt2eG4xZXBMWXZiQTV5U0hQZWhMcWRVdUlld2pDSlNxd2xRbWJsczVmTnZoTnJ5L2ZPc05CdUpuRnJ6MURwR2lQMHV3VXpnNFdMaUpHUVpVSVc4blJSM1g1RUVySjhvbDNNTU9raGorZG9LTE5IK3U4Tlp0Y250SDVjUnl1d1dFPXw&cppv=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

b7d63b16725222599ec53d37ecd11f9d64035183ceed61a96f22839d3fcf7fa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Mon, 23 Aug 2021 15:30:37 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2980
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Mon, 23 Aug 2021 15:30:36 GMT
location: https://mug.criteo.com/sid?cpp=4s-ui3wwcWpQaWltNUZnNndNb0E1ZFVFRUI2YzJkbldmNTY0UTBBdmMvS0Y2aHFUenVrSERwYVNpaHUvbmdLejIzRUE0Zk5tQllobXJmWU1PeWVTTTFqVWptbTJGRjFPOUxXY28vemtlT3pKckRJdmt2eG4xZXBMWXZiQTV5U0hQZWhMcWRVdUlld2pDSlNxd2xRbWJsczVmTnZoTnJ5L2ZPc05CdUpuRnJ6MURwR2lQMHV3VXpnNFdMaUpHUVpVSVc4blJSM1g1RUVySjhvbDNNTU9raGorZG9LTE5IK3U4Tlp0Y250SDVjUnl1d1dFPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://trithucvn.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2255
content-length: 482
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
114 B 206ms
148ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://trithucvn.org
date: Mon, 23 Aug 2021 15:30:37 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 1 KB
9 KB 252ms
178ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17692&site_id=358008&zone_id=1925426%3B1925428%3B1925428%3B1925428%3B1925428%3B1925428%3B1925430%3B1925430%3B1925432%3B1925432&size_id=2%3B15%3B15%3B15%3B15%3B15%3B15%3B15%3B15%3B15&alt_size_ids=%3B9%2C8%2C10%2C16%3B9%2C8%2C10%2C16%3B9%2C8%2C10%2C16%3B9%2C8%2C10%2C16%3B9%2C8%2C10%2C16%3B16%3B16%3B16%3B16&rp_schain=1.0,1!anymanager.io,3804,1,,,&rf=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&tk_flint=pbjs_lite_v4.43.3&x_source.tid=ac2ce488-7546-41fa-8237-f41c05d2faf3%3Bbb894bb4-2120-4d4a-aacd-b59d15d1320b%3Bbb894bb4-2120-4d4a-aacd-b59d15d1320b%3Bbb894bb4-2120-4d4a-aacd-b59d15d1320b%3Bbb894bb4-2120-4d4a-aacd-b59d15d1320b%3Bbb894bb4-2120-4d4a-aacd-b59d15d1320b%3Bcafcd655-47c0-4ed4-99d5-f4eb225e27ce%3Bcafcd655-47c0-4ed4-99d5-f4eb225e27ce%3Bf87837cf-0cf1-458a-b140-44fd0da29588%3Bf87837cf-0cf1-458a-b140-44fd0da29588&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=10&rand=0.8479991139111509
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 3b01c22747248c5a5f7daf5f557991202bd4a54183efe85e2c39ebce8d2af7ff

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:37 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://trithucvn.org
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 410
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 1 KB
2 KB 193ms
119ms XHR
application/json 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 3165ba105fc925f830ff983484a82d2938b05a42348a5d8b024b289c072a96a2

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 3%3b10%3b64
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://trithucvn.org
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 948 B
2 KB 191ms
117ms XHR
application/json 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: f04b3f34fe8943a4e41492020649a5e0ce0f5663ad314057452a93ea23e1c2c7

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 3%3b4%3b85
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://trithucvn.org
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 1 KB
2 KB 249ms
175ms XHR
application/json 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 8db56e6fec221efe65552cc388c5d062cc11ca951e55dfc698e8c3780049f60d

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 3%3b10%3b73
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://trithucvn.org
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 791 B
2 KB 178ms
104ms XHR
application/json 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: d3bf5ec3a8fd5734657ac8fef6f26d2ba9d00419004d7be26387a3e50d4ce4a4

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:36 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 3%3b1%3b117
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://trithucvn.org
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 1 KB
2 KB 177ms
104ms XHR
application/json 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 0204722de75ed2d55207f4061d0740770eaa197ad74be28653722033c9aea959

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 3%3b14%3b105
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://trithucvn.org
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 817 B
2 KB 228ms
156ms XHR
application/json 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: b71dbc4b9521fe4b5bbe43136728201af87bf2a0477f6de0f6db1862158f30a4

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 3%3b23%3b100
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://trithucvn.org
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 1 KB
2 KB 329ms
151ms XHR
application/json 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: c82dd0fc79d5593771ae9de46118b968ec1fb6aa96d28f534308466b8c61f85e

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 3%3b13%3b128
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://trithucvn.org
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 871 B
2 KB 379ms
200ms XHR
application/json 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: b21079209e50d1340cb4adeffcf3e935a26044e7b25d8e45239e7cdd8c30032a

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 3%3b15%3b124
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://trithucvn.org
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 885 B
2 KB 397ms
202ms XHR
application/json 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 5d2cf21764edbb3de3323eae1c7fdff85d2c7d8737a3a3e264bab72528914643

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 3%3b22%3b65
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://trithucvn.org
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 948 B
2 KB 285ms
88ms XHR
application/json 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 54d3c623be1e64f97f08319eaa852d186aa23c48b79e967a5a9a431e182adfe0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 3%3b7%3b114
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://trithucvn.org
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
186 B 91ms
31ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.43.3&cb=77128929293
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://trithucvn.org
date: Mon, 23 Aug 2021 15:30:37 GMT
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 53 B
733 B 107ms
41ms XHR
application/json 185.33.220.242
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: anymind360.com
URL: https://anymind360.com/js/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

a68a70f7be9281f3f7148b38d7f5971f1dc946d3034a40e55021d0fb6fb78d73

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:37 GMT
X-Proxy-Origin: 185.236.201.226; 185.236.201.226; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: bab1a466-cb37-4f80-ad16-c043842dfab7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://trithucvn.org
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 53
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
adasia-d.openx.net/w/1.0/ 174 B
559 B 90ms
44ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adasia-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=ac2ce488-7546-41fa-8237-f41c05d2faf3%2Cbb894bb4-2120-4d4a-aacd-b59d15d1320b%2Ccafcd655-47c0-4ed4-99d5-f4eb225e27ce%2Cf87837cf-0cf1-458a-b140-44fd0da29588&nocache=1629732637744&schain=1.0%2C1!anymanager.io%2C3804%2C1%2C%2C%2C&aus=728x90%7C300x250%2C300x600%2C336x280%2C160x600%2C120x600%7C300x250%2C336x280%7C300x250%2C336x280&divids=ats-insert_ads-0%2Cats-insert_ads-1%2Cats-insert_ads-3%2Cats-insert_ads-4&aucs=%2C%2C%2C&auid=543837522%2C543837523%2C543837524%2C543837525
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 2f3d39c0f91d690cbec6ff9de6121e45de8d3b11606f95dd7563e4dd7a27699f

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
server: OXGW/16.214.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://trithucvn.org
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

cse.js Show response
cse.google.com/cse/
Redirect Chain

https://www.google.com/cse/cse.js?cx=010106972670157993631:3frz-ejd-ou
https://cse.google.com/cse/cse.js?cx=010106972670157993631:3frz-ejd-ou

7 KB
3 KB

72ms
51ms

Script
text/javascript

2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse/cse.js?cx=010106972670157993631:3frz-ejd-ou

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

dd34298ef3b3e7baa9cfe5128ac3a2387bdb2d0e43660ea6f933259ad043ea1e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

bfcache-opt-in: unload
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2916
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:37 GMT

Redirect headers

date: Mon, 23 Aug 2021 15:27:26 GMT
x-content-type-options: nosniff
server: sffe
age: 191
content-type: text/html; charset=UTF-8
location: https://cse.google.com/cse/cse.js?cx=010106972670157993631:3frz-ejd-ou
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 267
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:57:26 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 1016
date: Mon, 23 Aug 2021 15:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Mon, 23 Aug 2021 17:13:41 GMT

POST
H3-29 200 count.php Show response
trithucvn.org/counter/ 4 B
573 B 229ms
229ms XHR
text/html 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trithucvn.org/counter/count.php

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/bb4d1e87-1607098995.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f43b23d4089e1e91b4c704a9e0080a4631af939c34a81075e56b168c715d3a9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
origin: https://trithucvn.org
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: ats_referrer_history=%5B%22%22%5D; _pbjs_userid_consent_data=3524755945110770
content-length: 14
:path: /counter/count.php
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
cache-control: no-cache
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: */*
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 23 Aug 2021 15:30:38 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e8WsfFRdYzXCcWwd6GSzNO3Swh4DCC1d6Q4BwDRXUC7YaoPIASfcMUFshiv5DhC%2BoHCWi8W9YQgnRVLp9VUiJN2qET6G%2BQoC%2BwNSAB5QTwO868wWdNufskES%2B6csj%2FU74ot1ISYPQNtDntk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-ray: 6835621a3d7c42ee-FRA
vary: Accept-Encoding

GET
H3-29 200 AI-LA-KE-GIET-NGUOI-NHIEU-NHAT-TRONG-LICH-SU-THE-GIOI-221x147.jpg
trithucvn.org/wp-content/uploads/2019/11/ 11 KB
12 KB 14ms
13ms Image
image/jpeg 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2019/11/AI-LA-KE-GIET-NGUOI-NHIEU-NHAT-TRONG-LICH-SU-THE-GIOI-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/bb4d1e87-1607098995.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f2606f1fea25d37aa1e007a76b58f01651ef9a09841bbd186b49f08e24f888c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2019/11/AI-LA-KE-GIET-NGUOI-NHIEU-NHAT-TRONG-LICH-SU-THE-GIOI-221x147.jpg
pragma: no-cache
cookie: ats_referrer_history=%5B%22%22%5D; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2407129
cf-polished: degrade=85, origSize=48117, status=webp_bigger
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 11426
last-modified: Tue, 05 Nov 2019 02:34:18 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5dc0dfaa-bbf5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2STlH62Wsbq94o%2BK281Ek9t22JgGIO1hZJbMpzuW568vfCxQC%2BRkg2v9Kk2WcJSxTyGzTmydy2iG8XrD2KuHWxmJDOhyaKC4W%2BJjZTDBBuiHMNkMRCwwQoE2UY1ph5XwmtpjVm12Tz%2BO6TY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
expires: Mon, 02 Aug 2021 01:32:15 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 6835621a4d9342ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 Troi-diet-Trung-Cong-Feature-221x147.jpg
trithucvn.org/wp-content/uploads/2020/07/ 11 KB
12 KB 22ms
22ms Image
image/jpeg 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2020/07/Troi-diet-Trung-Cong-Feature-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/bb4d1e87-1607098995.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b32ba88afa246c3eedb5e437757888c0f1f0204deb9ab5c3526eb8fb9a5a2923

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2020/07/Troi-diet-Trung-Cong-Feature-221x147.jpg
pragma: no-cache
cookie: ats_referrer_history=%5B%22%22%5D; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 313502
cf-polished: degrade=85, origSize=62989, status=webp_bigger
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 11312
last-modified: Sun, 19 Jul 2020 17:45:57 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5f1486d5-f60d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TqlTQEv5asy0YjZ91MxvWrXctBh5O%2Bc8iFULJfSPBZSMgsz3WBofoWWy0pOtvrj451g8aeAfBa%2BfIZiaNkFAn2zs0dmzWqwvTc%2FRduwqeSjpIhPhuGDHA1b33WMa8U6ydniKibuYKnBrilU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
expires: Fri, 27 Aug 2021 04:15:59 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 6835621a4d9842ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 Chu-nghia-cong-san-va-nhung-bo-mat-01-221x147.jpg
trithucvn.org/wp-content/uploads/2020/06/ 10 KB
11 KB 14ms
14ms Image
image/jpeg 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2020/06/Chu-nghia-cong-san-va-nhung-bo-mat-01-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/bb4d1e87-1607098995.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45fb424758db2d884b16795c44e4530118ca3096caa6bd9133c772d4c4412c04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2020/06/Chu-nghia-cong-san-va-nhung-bo-mat-01-221x147.jpg
pragma: no-cache
cookie: ats_referrer_history=%5B%22%22%5D; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2407129
cf-polished: degrade=85, origSize=33215, status=webp_bigger
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 10293
last-modified: Tue, 23 Jun 2020 09:40:51 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5ef1ce23-81bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wIJdcZaNY%2B%2B538ItaKxhiKYUAHsdCjM1Im%2FAjfvXQa4pHCjHF315nAt3Ef%2FYcNLZJJaWlETo%2Fq4cZ3k8VQ2bOPJcEUhmwuBq9N2GH9CsWiQHTAnnTb2wB00qfEespROmJDIfUZ3%2F829wlwk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
expires: Sat, 14 Aug 2021 22:11:43 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 6835621a4d9a42ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 cau-be-doc-sach-giao-khoa-221x147.jpg
trithucvn.org/wp-content/uploads/2020/02/ 6 KB
7 KB 15ms
15ms Image
image/webp 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2020/02/cau-be-doc-sach-giao-khoa-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/bb4d1e87-1607098995.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

896192c79b551e0c6e0dcf9f37f9424e94b9ce776e74d81c9ae82537a03cb31d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2020/02/cau-be-doc-sach-giao-khoa-221x147.jpg
pragma: no-cache
cookie: ats_referrer_history=%5B%22%22%5D; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2407129
cf-polished: qual=85, origFmt=jpeg, origSize=10637
content-disposition: inline; filename="cau-be-doc-sach-giao-khoa-221x147.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6316
last-modified: Sun, 02 Feb 2020 06:09:48 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5e3667ac-298d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K7wrGWCBK1WAKclrl9ksc18zLg18OP77tleToz5LLKLSChJnO6x%2Bnw%2FMxPIXTAeO3X%2FBKbeYNwciNj7bdDE6w7%2FMcN1ncS1QISM9GRUn%2FbhLS8nhFe%2BDsp3M29%2Fe8ZoE4e6Wks7e2GBBHBs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Sat, 21 Aug 2021 01:22:03 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 6835621a4d9c42ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 Prezi-image-221x147.jpg
trithucvn.org/wp-content/uploads/2020/11/ 6 KB
7 KB 15ms
15ms Image
image/webp 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2020/11/Prezi-image-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/bb4d1e87-1607098995.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eeec4808b6538c30c05a03a04d1bd60ee90bb092c5dac84625bfd0aacce3690d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2020/11/Prezi-image-221x147.jpg
pragma: no-cache
cookie: ats_referrer_history=%5B%22%22%5D; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 688314
cf-polished: qual=85, origFmt=jpeg, origSize=7881
content-disposition: inline; filename="Prezi-image-221x147.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5956
last-modified: Fri, 06 Nov 2020 09:42:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5fa51a94-1ec9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ioB9YU1Q5XLRXK49c1ZhHdEqRut%2B4kzPsRQsvz%2FTdNhVw6B%2FkL64Hbh8lkSZvsUnLJD7wHZFUTM2QEnJmffOCnrVz1Khd8XTx3WsLzJJB%2BSEWdHOnTWWQkBcwZ5BM7d8VuW7p0AKLHwInD8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Tue, 14 Sep 2021 09:04:16 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 6835621a4da042ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 Cao-Tri-Thinh-On-Gia-Bao-Tap-Trong-Huan-Feature-221x147.jpg
trithucvn.org/wp-content/uploads/2021/04/ 6 KB
7 KB 19ms
19ms Image
image/webp 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2021/04/Cao-Tri-Thinh-On-Gia-Bao-Tap-Trong-Huan-Feature-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/bb4d1e87-1607098995.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b41c9ae1ad7d3cb44874879a1ada59555bea61a666b21631fc5b4f47f0ba49d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2021/04/Cao-Tri-Thinh-On-Gia-Bao-Tap-Trong-Huan-Feature-221x147.jpg
pragma: no-cache
cookie: ats_referrer_history=%5B%22%22%5D; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1566486
cf-polished: qual=85, origFmt=jpeg, origSize=34335
content-disposition: inline; filename="Cao-Tri-Thinh-On-Gia-Bao-Tap-Trong-Huan-Feature-221x147.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6350
last-modified: Sun, 25 Apr 2021 04:23:10 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "6084eeae-861f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W4WGx%2BWt2d3HhMAvJQwqqvh%2FZ%2FYT8XqkF%2BfViGB3gVYxLZ%2BwbV2tj4YnHnTyxnD6CJN%2F7CRgw7X2YUs77ocLvTfVCdY3W8F6LpOzL%2FCaT%2FSZ7QjA6ogu%2FYSneuWrjv7QmCoq7tTit%2FM%2FFIA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Sun, 29 Aug 2021 05:34:48 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 6835621a4da342ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 Vi-sao-theo-tap-Phap-Luan-Cong-Feature-02-221x147.jpg
trithucvn.org/wp-content/uploads/2020/06/ 13 KB
14 KB 16ms
15ms Image
image/jpeg 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2020/06/Vi-sao-theo-tap-Phap-Luan-Cong-Feature-02-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/bb4d1e87-1607098995.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c92f18b7882cee11d8ddcede618f6b67ef2a41707b91ba7cb7df902ee2e566ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2020/06/Vi-sao-theo-tap-Phap-Luan-Cong-Feature-02-221x147.jpg
pragma: no-cache
cookie: ats_referrer_history=%5B%22%22%5D; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1566486
cf-polished: degrade=85, origSize=75197, status=webp_bigger
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 13387
last-modified: Thu, 11 Jun 2020 08:30:31 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5ee1eba7-125bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oz9RqAhsGa3F487x6dSA%2BFYDvOeWmxcVNYMesTjfS%2FJQ0iXJDBySj%2BFxchh2ckUjcBzQLwkE7sySWeFPt1uHb2FoH1urLcY%2F4WCcI6rwK%2F59n1tWol%2F5HDlJeJVGkmOvPV1CPT9wArvrNdQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
expires: Fri, 27 Aug 2021 12:18:16 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 6835621a4da442ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 thumnail-corona-copy-V3-221x147.jpg
trithucvn.org/wp-content/uploads/2021/03/ 9 KB
10 KB 14ms
13ms Image
image/jpeg 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/uploads/2021/03/thumnail-corona-copy-V3-221x147.jpg

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/bb4d1e87-1607098995.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26ab8a4832ea69db1b6d39db4d840c60bd0b3cc8094cb88a32523e8993ef6484

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/uploads/2021/03/thumnail-corona-copy-V3-221x147.jpg
pragma: no-cache
cookie: ats_referrer_history=%5B%22%22%5D; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 313615
cf-polished: degrade=85, origSize=14913, status=webp_bigger
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 9390
last-modified: Sun, 28 Mar 2021 12:18:39 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "6060741f-3a41"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9wUOgXNJDg5g4djPY9AdoTcfWRmhfVgArW4COevGjXVi7kONfx5OEFyBxWxROQNSya0puDU5NAQpd1%2FaKqRFKj4bHrTLZpvRbjvYbzx%2FTw0EEYHJfVN6qzURa4A2K4Hyy%2B54HoV%2FuKreZUA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
expires: Fri, 27 Aug 2021 04:15:55 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 6835621a4da542ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 sprites.png
trithucvn.org/wp-content/themes/trithucvn_v2/images/ 3 KB
4 KB 17ms
16ms Image
image/webp 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trithucvn.org/wp-content/themes/trithucvn_v2/images/sprites.png

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/3799231a-1607098995.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c46923d8cc4fc05ac518545af4dc23c6e52aee3e281c90a6495fc5ce15bc9a36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /wp-content/themes/trithucvn_v2/images/sprites.png
pragma: no-cache
cookie: ats_referrer_history=%5B%22%22%5D; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: trithucvn.org
referer: https://trithucvn.org/wp-content/asset-108/3799231a-1607098995.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://trithucvn.org/wp-content/asset-108/3799231a-1607098995.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15765
cf-polished: origFmt=png, origSize=6581
content-disposition: inline; filename="sprites.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3006
last-modified: Sat, 14 Apr 2018 09:01:57 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5ad1c385-19b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CtQtAHBrfTBHGbhCSsCrG0yapur2BUwAgSs8o1Wddv0NYxn79rffZEWgwfFYSl4Zf9sDzOBfWIIdK6tfkx1DQJU9u4PCPoiXtoCL4eG5Qo9k79qLWaTXw9hbaQyTJ7JhNPo4HhVGWcPWKPo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Tue, 21 Sep 2021 18:55:23 GMT
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 6835621a4dba42ee-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ 235 KB
68 KB 14ms
6ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=e25068e9a6b996ca05627f95f274bdcc

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0aa09ece4be1cd8736aefce4814c91f92667069a0131103278964a19796077d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://trithucvn.org
Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: l3jcnGWzWh/K2/MCVUCRhA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 69728
x-fb-rlafr: 0
x-fb-debug: TfDtD9FmhGOst72IBBbe/nweSnGTIj4fUOb9lbUuel5vntpXj7KQVGrpEKJw9Ul/96phbl/T/26xwTXsVDeM0w==
x-fb-content-md5: 12a10ffb7a186d7c073b23f1bc48afec
x-frame-options: DENY
date: Mon, 23 Aug 2021 15:30:37 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "a25f7b56846e3c1216cc46f0c99c4335"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 23 Aug 2022 12:41:00 GMT

GET
H/1.1 200
OK atrk.gif
certify.alexametrics.com/ 43 B
552 B 45ms
14ms Image
image/gif 13.224.102.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1600&iframe=0&title=Ni%E1%BB%87m%20%E2%80%9C9%20Ch%E1%BB%AF%20Ch%C3%A2n%20Ng%C3%B4n%E2%80%9D%20%C4%91%E1%BB%83%20di%E1%BB%87t%20virus%20Corona%3A%20s%E1%BB%B1%20th%E1%BA%ADt%20hay%20m%C3%AA%20t%C3%ADn%3F%20-%20Tr%C3%AD%20Th%E1%BB%A9c%20VN&time=1629732637841&time_zone_offset=-120&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=&host_url=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&random_number=16347828672&sess_cookie=3a3a427b17b73a28c90d802640a&sess_cookie_flag=1&user_cookie=3a3a427b17b73a28c90d802640a&user_cookie_flag=1&dynamic=true&domain=trithucvn.org&account=SkXao1IWNa10VR&jsv=20130128&user_lang=en-US
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.102.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-91.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 23 Aug 2021 03:30:12 GMT
Via: 1.1 048a65288aba3f3565a971a2e44151be.cloudfront.net (CloudFront)
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
Server: AmazonS3
Age: 43226
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: ZRH50-C1
x-amz-meta-alexa-last-modified: 20110117123941
Content-Length: 43
X-Amz-Cf-Id: 9ewbBp7zSFFJbIrQU7hIUyOxORvEd0o58WbT5xNfWqJPkEP2jQoOCg==

GET
H2 204 x.png
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/ 0
48 B 364ms
120ms Image
text/plain 18.118.38.130
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.118.38.130 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-118-38-130.us-east-2.compute.amazonaws.com
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:38 GMT
server: Server

GET
H3-29 200 pubads_impl_2021081701.js Show response
securepubads.g.doubleclick.net/gpt/ 328 KB
114 KB 62ms
34ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081701.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

416c66b64adf83bfdfcdd37b98c3d88ae15cc77370bd0f7b5edcc3e5b480e641

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 17 Aug 2021 08:38:29 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117161
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:37 GMT

GET
H3-29 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 68 B
95 B 57ms
30ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=trithucvn.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

195465c6274fed7f0b1487493c51155a033758ef4ce3a9d7dbb8ca514be66275

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 70
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:37 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 203 B
440 B 43ms
42ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=trithucvn.org&callback=_gfp_s_&client=ca-pub-6165839859605860

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108190101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6165839859605860&plah=trithucvn.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

27f1b3afeb3f460375b6bc2373299dea8b6ab76bfd94c8eb2a87457c3e9bce82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 193
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 35ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=trithucvn.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 36ms
16ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=trithucvn.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0FA4 0
16 B 185ms
184ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6165839859605860&output=html&adk=3046330955&adf=2044148826&lmt=1629732637&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629732637673&bpp=3&bdt=1287&idt=184&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2603891036670&frm=20&pv=2&ga_vid=1422637545.1629732638&ga_sid=1629732638&ga_hid=1577014033&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44748449%2C31062297&oid=3&pvsid=3023564493785826&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=201

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6165839859605860&output=html&adk=3046330955&adf=2044148826&lmt=1629732637&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1629732637673&bpp=3&bdt=1287&idt=184&shv=r20210816&mjsv=m202108190101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2603891036670&frm=20&pv=2&ga_vid=1422637545.1629732638&ga_sid=1629732638&ga_hid=1577014033&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44748449%2C31062297&oid=3&pvsid=3023564493785826&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=201
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnLmQfBykm7jHkiRQf4SgavfbFCU5ZyTprkdnKOJGEba3w4vvmke4_T3oU6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 23 Aug 2021 15:30:38 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 32ms
18ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210816&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849fd3b5e548429c899c1a324842b7f6db93df60480641607fc230ec77d26eef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8482
x-xss-protection: 0

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 38ms
17ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a2478978968eefdc87127bfe6619a9de514b2ccb89b2a95824a53e6bea1f9cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629458978809797"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27677
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:37 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 86ms
28ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1220
date: Mon, 23 Aug 2021 15:30:37 GMT
content-encoding: gzip
vary: Accept-Encoding

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 27ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1577014033&t=pageview&_s=1&dl=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&ul=en-us&de=UTF-8&dt=Ni%E1%BB%87m%20%E2%80%9C9%20Ch%E1%BB%AF%20Ch%C3%A2n%20Ng%C3%B4n%E2%80%9D%20%C4%91%E1%BB%83%20di%E1%BB%87t%20virus%20Corona%3A%20s%E1%BB%B1%20th%E1%BA%ADt%20hay%20m%C3%AA%20t%C3%ADn%3F%20-%20Tr%C3%AD%20Th%E1%BB%A9c%20VN&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAEABAAAAAC~&jid=2015787849&gjid=255262946&cid=1422637545.1629732638&tid=UA-82090234-3&_gid=160497666.1629732638&_r=1&_slc=1&z=679588958

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://trithucvn.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 155ms
130ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:38 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 27ms
5ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=784498932115216&ev=fb_page_view&dl=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&rl=&if=false&ts=1629732637918&sw=1600&sh=1200&at=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:37 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 23 Aug 2021 15:30:37 GMT

GET
H3-29 200 cse_element__vi.js Show response
www.google.com/cse/static/element/b54a745638da8bbb/ 280 KB
280 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/b54a745638da8bbb/cse_element__vi.js?usqp=CAI%3D

Requested by

Host: www.google.com
URL: https://www.google.com/cse/cse.js?cx=010106972670157993631:3frz-ejd-ou

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12fe404616b881b31805640568d3d88b0d161266d21df7bc83b1631740742f96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 10:52:50 GMT
vary: Accept-Encoding
last-modified: Wed, 30 Jun 2021 17:07:08 GMT
server: sffe
x-content-type-options: nosniff
age: 16667
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 287129
x-xss-protection: 0
expires: Tue, 23 Aug 2022 10:52:50 GMT

GET
H3-29 200 default+vi.css
www.google.com/cse/static/element/b54a745638da8bbb/ 41 KB
41 KB 10ms
10ms Stylesheet
text/css 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/b54a745638da8bbb/default+vi.css

Requested by

Host: www.google.com
URL: https://www.google.com/cse/cse.js?cx=010106972670157993631:3frz-ejd-ou

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 10:52:50 GMT
vary: Accept-Encoding
last-modified: Wed, 30 Jun 2021 17:07:08 GMT
server: sffe
x-content-type-options: nosniff
age: 16667
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41474
x-xss-protection: 0
expires: Tue, 23 Aug 2022 10:52:50 GMT

GET
H3-29 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 9ms
9ms Stylesheet
text/css 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: www.google.com
URL: https://www.google.com/cse/cse.js?cx=010106972670157993631:3frz-ejd-ou

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 14:43:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2837
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 23 Aug 2021 15:33:20 GMT

GET
H2 200 comments.php
www.facebook.com/v8.0/plugins/ Frame 120F 0
0 42ms
35ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v8.0/plugins/comments.php?app_id=784498932115216&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df124dc4e48d555c%26domain%3Dtrithucvn.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftrithucvn.org%252Ff208b4757ff8ac4%26relation%3Dparent.parent&container_width=5&count=true&height=100&href=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&locale=en_US&sdk=joey&version=v8.0&width=550

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=e25068e9a6b996ca05627f95f274bdcc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /v8.0/plugins/comments.php?app_id=784498932115216&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df124dc4e48d555c%26domain%3Dtrithucvn.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftrithucvn.org%252Ff208b4757ff8ac4%26relation%3Dparent.parent&container_width=5&count=true&height=100&href=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&locale=en_US&sdk=joey&version=v8.0&width=550
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info *.atdmt.com blob: android-webview-video-poster:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com fbsbx.com *.atdmt.com;worker-src blob:;report-uri https://www.facebook.com/csp/reporting/;
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: LcseGQZy5JhTCSgV3I1AhfxDCV+w2/AMpIQLEQu/yxldAe8mgS3bBdH/JO2+egtwgTQmsOYXfLaAQGdXOJx/1w==
content-length: 0
date: Mon, 23 Aug 2021 15:30:37 GMT
priority: u=3,i
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 200 comments.php
www.facebook.com/v8.0/plugins/ Frame 26F2 0
0 37ms
33ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v8.0/plugins/comments.php?app_id=784498932115216&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19c3985d89ff38%26domain%3Dtrithucvn.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftrithucvn.org%252Ff208b4757ff8ac4%26relation%3Dparent.parent&color_scheme=light&container_width=660&height=100&href=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&locale=en_US&sdk=joey&skin=light&version=v8.0&width=

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=e25068e9a6b996ca05627f95f274bdcc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /v8.0/plugins/comments.php?app_id=784498932115216&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19c3985d89ff38%26domain%3Dtrithucvn.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftrithucvn.org%252Ff208b4757ff8ac4%26relation%3Dparent.parent&color_scheme=light&container_width=660&height=100&href=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&locale=en_US&sdk=joey&skin=light&version=v8.0&width=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info *.atdmt.com blob: android-webview-video-poster:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com fbsbx.com *.atdmt.com;worker-src blob:;report-uri https://www.facebook.com/csp/reporting/;
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: /4iAfb6hmB1SBgJE0uOYV4yLqWRCqOYT1VkNYTqpF9Oazq5FFtDdDatrxlXAT5koGJdW8+jFVZxZdFnn8rLAhQ==
content-length: 0
date: Mon, 23 Aug 2021 15:30:37 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 2692 12 KB
5 KB 20ms
6ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Mon, 23 Aug 2021 14:06:38 GMT
expires: Tue, 23 Aug 2022 14:06:38 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 5040
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D383 783 B
533 B 16ms
16ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bef8c237f583c23244cae4da479099e13c3dd17f5ac0db36548292db871caaf1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qqHXd3C4pMvVRvvI9VNb3g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

expires: Mon, 23 Aug 2021 15:30:38 GMT
date: Mon, 23 Aug 2021 15:30:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-qqHXd3C4pMvVRvvI9VNb3g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ESHX-PsTG84Fy6-bdaEnL5--1XpTzSOdL-kezmPtlCQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 2692 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ESHX-PsTG84Fy6-bdaEnL5--1XpTzSOdL-kezmPtlCQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1121d7f8fb131bce05cbaf9b75a1272f9fbed57a53cd239d2fe91ece63ed9424

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 12:43:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10034
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13272
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 12:43:24 GMT

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
853 B 48ms
15ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=trithucvn.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 23 Aug 2021 15:30:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=trithucvn.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 23 Aug 2021 15:30:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 60 KB
23 KB 386ms
386ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3023564493785826&correlator=2714032901396823&output=ldjh&impl=fifs&eid=31062315%2C31062297&vrg=2021081701&ptt=17&sc=1&sfv=1-0-38&ecs=20210823&iu_parts=21622890900%2CVN_trithucvn.org_pc_all-site_masthead_728x90%2CVN_trithucvn.org_pc_article_right2_sticky_300x600%2C300x250%2C160x600%2C120x600%2CVN_trithucvn.org_pc_article_mid1_300x250%2C336x280%2CVN_trithucvn.org_pc_article_mid2_300x250&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2F%2F3%2F%2F4%2F%2F5%2C%2F0%2F6%2F%2F7%2C%2F0%2F8%2F%2F7&prev_iu_szs=728x90%2C336x280%7C300x250%7C300x600%7C160x600%7C120x600%2C336x280%7C300x250%2C336x280%7C300x250&eri=1&cust_params=url%3D%252Fkhoa-hoc%252Fsinh-menh%252Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html%26ref%3Dnull&cookie=ID%3D9d9086d3af86ae3b-220f9681b3c90078%3AT%3D1629732637%3ART%3D1629732637%3AS%3DALNI_MZFb7sKEwITnhwdx62KNzTdKFt8rQ&bc=31&abxe=1&lmt=1629732638&dt=1629732638159&dlt=1629732636386&idt=1594&frm=20&biw=1600&bih=1200&oid=3&adxs=-9%2C-9%2C27%2C27&adys=-9%2C-9%2C923%2C27912&adks=2691311200%2C2312127971%2C2960758416%2C795886973&ucis=1%7C2%7C3%7C4&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Ftrithucvn.org%2Fkhoa-hoc%2Fsinh-menh%2Fniem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1%7C0x-1%7C1546x0%7C1546x0&msz=0x-1%7C0x-1%7C336x0%7C336x0&ga_vid=1422637545.1629732638&ga_sid=1629732638&ga_hid=1577014033&ga_fc=false&fws=2%2C2%2C128%2C128&ohw=0%2C0%2C0%2C0&btvi=-1%7C-1%7C0%7C1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

cdaba60f54d14ad57677f7e638cab2f5aaf2f9e0774ee0193e7b35d4c925fe78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23563
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://trithucvn.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8E41 6 KB
3 KB 58ms
13ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 23 Aug 2021 15:30:38 GMT
expires: Tue, 23 Aug 2022 15:30:38 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210816&jk=3023564493785826&bg=!i4iliMzNAAZvV8FTb1c7ACkAdvg8WvcQUyaf-frlLC2O8fP2MSW7iQS0et1XpDohkJq3AziPrV1GyQIAAAB5UgAAAAtoAQeZAmv6oyO39QcB5yQaoV6PSvGpzYd7RWMhAcio_X3Wg9Mr3nOR9jIuQX4ggNwe1GPGMcs2BlwUZ45_MAdLzBMzdvh9QRXfh72LcW9e5nYoJEAWqrpVn7kaSgtNxy8BcTji5tiliMNU29bzVhmpp7oS-EEkx2m06i8hyQX--8qZdcniYXVoPF0eyC9puvp2mY7KsU6-nynCbXN91S88vLrmkQHgrDuotJXO_qmBud7jbGwnmZTbklzlszRpACzR_7d3swt91mjNqS0kxi7-0Lnhz_3gWmqdYpjq2vVG-tbk5rH_U7saGZPWEDuXymTjnaEnXP0Qd6tePpD7b_RTpVN6nikerQHOEF-f9Zar5HBR7ZC78e_VMNnCDtQYLEGAcUIm2sHddhK0tDcdkqh1J2nxiEDznA6hnoG_8HXrl00jzIp51B-0Dluo4gatSo-7ZsvC_sYS7cm5CL355zNbvrejK0S3foThBSRqm67FVPGshnmVbBekTk8MqCKIODBuvbwaJx799AmdsEvqE9zMHU2gpRULaZ99bnk1TlRzA4YTTuzVk1fRLGrIB00-GuTsL47fuKV2IXoCvqSUCcKbk-R68dowHMcSWul9sQqsDx5Gdrj55l4_uvq8BbFMPyYhW_pb7T0ZiFQzfClm2n7KjQmlYRBcQKchZ7ZXX8Qe-ym3gRUENi9CuR9o9aca2z_cIuE7k7tNJMW-RERvM6LdVfCV3FlBbZJoAwOc2zglVHoIaB4k0Ism_pqe3jaDXSH_sB4jrZa5u1k_5aPLvI-qssNZz0yx6krlZl-L7Ohf63cHE1sXj1pNVbYe3iiR3uxf

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 container.html Show response
c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A143 6 KB
3 KB 21ms
7ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 23 Aug 2021 15:30:38 GMT
expires: Tue, 23 Aug 2022 15:30:38 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7066 6 KB
3 KB 17ms
7ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021081701.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 23 Aug 2021 15:30:38 GMT
expires: Tue, 23 Aug 2022 15:30:38 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B74E 478 B
251 B 18ms
18ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARjF9Z6mATAB&v=APEucNXnm5EUJugQR9tzClh6eSxxox5MMRCfMEKUA2CmHWoyOdQl-rqVUykpsxWIkm2jGAcna0i1oqxUEd18EQTLOZtvnywv_w

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMW7lQEQ4oWWARjF9Z6mATAB&v=APEucNXnm5EUJugQR9tzClh6eSxxox5MMRCfMEKUA2CmHWoyOdQl-rqVUykpsxWIkm2jGAcna0i1oqxUEd18EQTLOZtvnywv_w
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnLmQfBykm7jHkiRQf4SgavfbFCU5ZyTprkdnKOJGEba3w4vvmke4_T3oU6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 23 Aug 2021 15:30:38 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A143 71 KB
28 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CLBT6x9RswnUMiERruCb87M8dY_qliIdJ2-dK3EVzktWDmAxauHhGt_ezj7rsucWQ612um7n_L3E58EI4ENNm7TKMwRJBd8I4_lqdcyzPFj3TMSfU8yMEQAPKYnpti19loBTAHiH7lFI56reeh9z-cFDvChQ&dbm_d=AKAmf-DLfWgW1M2E_jY3Bxq9xIhtoBVkmClYwXJCN3ysgc3Z5OkFYA8NyndKqYrzXrthWVSMsG7CcGZnTAf-ts2c9uFnplzye_mHaFDv2aW6A5mBrACVPdNPa8JItpiqMgsaAo14JRVRj6KvnT2bdNEJfCR49FCmpc47oD1aKmcFpBjkm5r7ag_MjosDktZbCkJzB6G8Mx4NxdLt2VQ6WTU6o_e4DO1aGFZUeOcgTXM5Rzk7GPPh3xG-_YCT0zF2bSntEHNq2gxJuXkYhfJmqceRQgTshdOTTVBCQgPaEqMjCq56TjrO00_Idrv0HGItn0Bj4BaTeCW8yc-BUxVjxaRLHFdv2OKMD8o9CeOccKaB0JxzTW-Aw1LCLA2e4HgcQS5KL_aeJhgnC2Ay-lq4tQbvMnNfvkZ6miWRjXG0dgJ0fQNe4dJbFKsy42WoVMP8inTBCGmN9vgODMrkJLZoWIbvJqUAr7YNldUNW-bRHVu7ijQGTYdm8Hur0P61O6lU8-hNTxmggg9PB5AcDuy-uSj9mSn5g3C-QfgxkIafNIdRaHGxbn0yBukCnuSMh7wJLQI1zm7I6ZieHwhBxt7TqWqCa9XQu3oF2cT1VtbX3ssmxKU2tMMcqjDvgPv5Yv6BAzycYgZmXfbo1oqIAbVf_n0J6QIF4P9nBjOv_3y0bOuayXWadim7ABUzaSPtKp-9ONyICA1nGy_ljUmj0FZRjT_LaIkbPVD1EW4TmaJLwRbrZscBvfPI_yghROPotlcfBDLyWhCWKRpCd1m-F_HAlkWorBoeEu1W2AHrf3noXTItUaqMlAf_Rr0FPFIoZljc3jYxKCNfnFHgLkaCGPxQ_f0SqVR0_-hC-TK_GoN3zBxcck0M-RvABXArRF4N7xWEtzkITdQ_JWbOsAvvZsImqDdagvefQXqYRRNyaalzMUbe9IEyYN7gWLAf8hWD57XlzbaT5Y_dHj-V8F5liOwNPeVk0beIYzr00XLj6xcEiM7nmD2n7fjDHbF2RBvOeyv1sYGfoj9ZDlnzZcGqTmtqZeidNJrJe8YFFzhAY5nnETyvbb7MFO3f8pipqZn93X3CgE-fuZsVHriVR2bpo4TG5VdZ1oJQgKDb8c1gtAH2AfwY_yuKtfymsA-krQLgqAdkbCEZlSBR7RZTUSOsEtSVrLECDPMMIpKUKODmIQ928T7J2s225BORaJPay1zVmxXAX10PSsKccSAp5FTO_2ZYMQCrIvAzLexhtJkze7HlbV0Hvvi26Aoqj0PS3PsvuvlMCZlJFjGPg9ipfYjeMr-QrTTOl-wKbZr5Zs2ocaPe_D1fN1Jgus7kPlR7vVLPGLsAole1m-7vk9BelMGypVu5xZCHYZXQeXCFGJ83F02aSdTNNN54L1U2ea2QvR3Ud8u76ne8VS7oZRyth8tZzIvDgKd88dj1_f7VUGyvq6MxvtY3X-8J5uH9uR4roBsKOhAbUOzy5Upe8FVT4vBIx3Y4bXS17OJyhAnNYNaX7ONm841_1SOGO0bacAKSDbh8hZuOjvpbNSbFX4vQgjNcjLFkGqGTVvwctZqocuc1-3UZ-9JVIz5kMu1WFlc3UDdQTlN24JvDoDVhm9jZZMOgRjL1l4_Iz4Lc0B4CauXd35XMvo-7Yy9OwuvtXQBgZzzMrvlIMA4KaV-j0BhrcZgxKER1TqzkaURV0Ur9nzHesmcDRRKpIvKt5gQI6zk49VVvDo6JkswUhpN1iSKGV6nVMQMPPucacib5H4qInde8Z19rrUMO68JQLfeUQZZVPvZDd5PJrPEbkQo481FNtjv7MfvsWSglSwydAnEhpyjlsL9dmNL-fMJkVClfXprJkfLN-Cyq2NFy1peBRndZQSdA3870AX-_5M78Tb7Sgt50MglVqG7fcAvbm3AU4NxKceKYpXCQjzpkxouBGeE5eiX89T1YTy_vZEkPr0wGZg2ahRu4kEbRCcYB442aLyKG5TmBQEuGvzwZUF_FCjcEZzLMFlmPQPEggFSzzL3lVrLKhI5oxbU2HIB6dZwHacOzeFCX7-dWe-5G4D2KdnJsVuoalhQsqxUDf5z1TvwSpgnq9h9Ilt1TNeJWawA3g74l1wf178EVGRZb7_TZ6Cys1OYfKf-tz2rgperqPWG43zIVi4xNNECFsOi4CMzvzqss92ZX2N57VWsk22f-vbxm_pW9nOPUi12wrYulvB9GbWSgkDuvCufS7pElWULrSOYWAjxnLiVQ6uCtZTFVoUkPOOhDrzTXlro_zC0zFoK0uCkiBLqEbaC7O2wTbfdZre86k5OLwknQrdzuwyHt3LapCulxhP7Fj5vBqIVcJ9vjOuJAMbBHttb1N07QaHJMqxzF46Qm2Jno8xWH2GFkIE4Zr-dAoDHVI1xTx3_vQIcffUSlws_xkU3Xouaor6Tur0ZRPjY3O428HQUW1jcc2daE897Bk_ztRnVqFqgf_LJYrP9Cq2kczo-U8tMgrfx97DnXZou5BzQ760r8wZEFOsS0gagMt1cxtHmOKaTT0XUK13Q8N9CjcRNXI-Hwu5cXXV-ORP2Ku4jUwvgBzUn1-H5bpDJDgi_yGIRgSqLDa7JWxTkYHA-vD2AgyZnkvOex7uOROHUcxx1nbKtpneRaDzJVKz1H7slo00SwRDOscBY-iZId7wX8mV05hJ5ziXs7-B3F4mVmB4MornwhzEkBb-bUSgiiaJQyP_0eRBGB__zlE2EG8qGlU-xSGncSZ2aC2dEKA0olYWPh5p16CVFfb2eDRPieTYUC5L-b_CdI5wf03RqPUTc3lq9dkoeHtqx1RRSfncgh1Le_myGt1SMT0N61g9Jkg_dGsgSvprt8F2EkWbstSGfVWpxf_8WEvbPrMKRAivsow9SoG_d8A1zXPE8Zp9l299tlzxTGTzEQrD7PXjqgPTs6uJ_TJIQXkuE2-kEaL556WHykFGQr7Rtfnk_7o0HSLrDCuUVGHoIwKOUIKpgUoaLPPpDYnF_L9bI3yk9hY_jYBDFrbNFXZ9RiMXi9iQBRwsPW3ypS7mCJ75qvJy8Iibdy_t1WkdYmt4dASL4x28QjU9Z4mZd9t-Qv387cWL-Gp-yRHJW-hHRp6DbybaSkPGsXZLQK7B6HMVcluBqY_VK9pHJgrl3MpPwLLyT_AKPmHIw1knuB_-Ufo5kuQCXhzyVKLcn2WlPfgm6ql8sSCN5XiB7UrR9yUnM9Eb98VL-GSfMLmeb8DFcWrKkF1uorxv2dlSCidxjadymVHf_ZVUumyZqs628TjR154yZZSQn8G6o9Tee7_9Nd2Gjd1WCSax0JHW2GUdRCq6z9yQ0&cid=CAASEuRo-kvGMqq4CtVZllvLwG7bnA&rfl=1%2Chttps%253A%252F%252Ftrithucvn.org%252F%240

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

32dc84ae0e7950541341bd5add303d38e5d0d8a97e5a05b5f9f489494c98de4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28921
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A143 42 B
63 B 39ms
39ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DdrJCBvQTGxObQZp59hUQXj5mxAiltSqzDhi4rQGnFQ0IGRsXFJ8aqk0ET6G5-KrbmE3D2mhe4jq8SEW9gg4o-LmskW25J6dK29Y19_S-FlqNwCSI

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame A143 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/window_focus_fy2019.js

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Sep 2021 15:26:27 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A143 124 KB
37 KB 45ms
31ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be8e3fb00d98e93afe954eb362d24a5d80537eb55c896bba9734e5771b6b34b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:38 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629458990649126"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38246
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:38 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame A143 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 111
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Sep 2021 15:28:47 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame A143 0
0 14ms
13ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ7Td4SiFBPvbAjr352J9Vd5Ih-6lcV5Y3LHsRsoyWcOGBSt1UuJ7jCFO4AqHkbAUH2rxDzp85t_6IlhyORxSiaK-ExZw
Requested by: Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0D61 478 B
251 B 17ms
16ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARiIy56mATAB&v=APEucNVH5QajnbzlGO0fbIabQe4ra_z5Q9K9ZTJGpDFmH2-jBI7vvXhyp-oMaEksHNBt5b2dG7sYCHBx-sLGfR1mDd4cnZvzJA

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMW7lQEQ4oWWARiIy56mATAB&v=APEucNVH5QajnbzlGO0fbIabQe4ra_z5Q9K9ZTJGpDFmH2-jBI7vvXhyp-oMaEksHNBt5b2dG7sYCHBx-sLGfR1mDd4cnZvzJA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnLmQfBykm7jHkiRQf4SgavfbFCU5ZyTprkdnKOJGEba3w4vvmke4_T3oU6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 23 Aug 2021 15:30:38 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7066 72 KB
28 KB 58ms
56ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DyHber9ZIx7oEICBXjsrA0Z-OVfQEMWeh5055rHESnRvwl5-jPA5F34PINl5y0wp0l6akVfyMoEKnj8j11qtFavYGA-BOpSoFKynEi3UvaBCzFoYo293HbKfqPhnqPOWnggcuS-Sie_GYvfyZSOAH4PNiguw&dbm_d=AKAmf-CAhBQ7tWmd6BU6qRcUkGm7MaVcGr2gOezHU5Y5Dm-i7O6OUUBIGIg54pBwj2t4RyheRlml9OT2laEf00-SCm0XR75n8yPcD1jYN0xCDlxFNzBqhfHjXeSCHug4NPDk_vYN4rz0Tx_l8W6RX0WRkl9Lx7WRsb8f4ZZdpyhv09-KaRZjHRMvIpf8vh9OTCHCFlDIy5wvg6dVY6nSbK0PmCDiCfEuB1i4yyA7omJFDrOsUi1ftToP_rr0WjB9SZ-4g7l4YJ9-QyVDOJkEE3yDBO8e8oNa2mZ1K2FZTK9Tu_dI893guR6__ltHR07fwzxf-LTA4p808vd7uAdKZ1RfI8xIOzOonJafK-0_Q9jxjNiZ8n6G0RL4fw5_qayyUMzkBxJa6kk1wd_nDThskW5DnF48Lp4I4CQyz3Fv8TMeck6abPFwMLlgaRJ7qXyReughCgnjVNOnb1z478bJht40dWNHgY77QWvTRVCpbl3gl0q7esYlkhA_IgyKLy80XZO2PdUSDTmGATG0s18xsmlUcbuqPdqQfRX6J-hCcRHngIBoGLNu7vh7kgsM3qET72yEdrjJlRbFB1qXpNHDBhZiKNxcULLbSbnDiULc3SKCpuKdZy5jZgUzpk2Zq8FnyPeb4aiv0SNTA0AQCb5MzoYP39Cn9cNmrQFeN3za1RBjV3WStUWKXVOVwpb1UjAyK1m7aKGtEodcSBxdxy6z5t6sk9NHIitxLWZEavpcGXrHoaOywZjvQ30pd12iHw_rqappW3Nbq9rJNmgruFy4w5ilqfVCamQTk7I-Lzqaacvchj2ADLPoEIjbOxn_O_B2_BwDbhkzOtn30GYUEwsszzFwIIlTZMoe6VGxvAAnC-ZCKREerm1r4zBs78Twy8-fystrOMuV1mVet_EJUIrw0QLfKaMRp_5trr-EL3c4kGXwtsmzDobZkEvCvcNaFU4dLjAJ38jMUesaf8Gm8s9F7xaoVbY9-HFIqxkx9wG_0gOJzNcPuTZ_wJGv8faRz_kUQk_cHLbYTzjQQd5rAFHJnlY-KZs6VGxC4_AQiKtBkOkSjA9QsPWgNQYdj_pMeztigsVP8y0_kgfbv9_O-P8v4KoZH0DvdzIBQt4hgq5DbvBG86B4AUJaBTr-PamSFqNE62xGLyEOF_7dWI4UA_xqEMn5R2ed7saphCqlMrIFmprLEg7GwVUMVQTnd7Tkd9jeTc7u8gSUtLs_WBMCIlu--WLXzwCBbst3bfu6eZD69gY6XLeqBLka7uT-WHaUCToVcMN3R8-6Pcuz-xE34skuLBT_AKIkjvR0NlAfvBut2hCJcnN_i-9M9UqSqLyKMCNkoQ-dXw0JGwxhVO-S_q-OKcfavyZK5xI-w8icaBxkU5hMgcLNZqnOCAPEhMffAZ9N6p8S0Sh51BquR1bGjuGAD51L1kM5zrl0IWG63Ah_b680J7-HfDsY9_nWVdod5Iqp1XzU43tsos3WKB4rQ44TAPYw0ukJtClI3u6RQQAPyta14eDjLo2jrbY5Rx3LSTrUTCAjCU-VAoYQsKaAb8WKv9VW9Zz8T3IKyqsUBXykbWCpenG-G_VCbWdsX45xQxLyG7hCEVvB5QRZXfPY6i3SEcu7Lr8iRs8ubhwjzDdh9aVXguogohIRyLm9GgIIx6owe-SHr9T2ZLD8h8Qg64svt67CWUMiD7h5mtGqpdJJRCTh8ANrQHlCscRELbZxxCX3s6NCBjKzaRVk8qofwWUNsWXZLTGSPcGLueHjhlkhIgMf4zAV8S3-rbsBBnXveJUO4M5WIJNd5cVw7Z4uy2XM_xI8FhE0Pa2rVIVjp0uimZasXaIA4iYiqAn3-NvsjKrNytVI-3MmWLfeev_FnpvUiyXLU-_P94K2bkAnuYAXNo636S6Vm-iLrVvJe7M8aN5qxKMl1NA-jaZuOsovjTFX2zEi72Sal9RmLbSGCfnNKQ4TuuZnYuSnvIlo_SKHbQMyjfJEEL7yTaV663OIvEaijs9iZijxbVUzmGODg5h_EbnjfYrDTxX4RptPdgJBQRfAH0paYlyu0VV4NMb5OMxPp4Ky2YL77zrnLRTIUqNJIKkQaI1wDlQW--r0lccbjEBQ9wWfrJN9YrVKmwjNbUipQ7Vmbe160EwNh8UMk-qf21uYuCsqWFYoBV63Li8YEGYGAeIb8T-BXL5mKDmiRU1pQmumLZAHwNZt3DcxuU5EAAWgREwUDDSz6F2hI2Ct8eEeW8JzdsNwfHU9CFqNYmbaI6XDCkQAVGKF04ADWGmSqibFK9u_1lAPYjucdWsqWq41qoOnGMdHWsUi_RSwnc0it-NeE75HRM6-c0EXl93txDi3ViVgz97htgKLtSk7lPes-lP0W2olSdTGGYODWsf1Z4QAEWPNDeuN478E-Pxp-2xuS2jFKh7-Hxa88N1tCI3XyvRH9zJrpxcVp6ZRf3b7ZatSnzmngXxoG6vjn7-kTKQUpOtu2cvqXS-K34K2Q8NW9vQmdFBYq9okLtaJTu5QJubGwuHgzd0OiAQSEDg8iZWIbPvu14Xfago3U22mCFD2bgq_YUeqaPRAzgaN8IzeUfLRYw6RggA8_hAe4EkrxILEdP_yG0vbqzisdIqKu_3BizY_Xf6Opsnnh_wbZzTXptcZySXulTsAqny4L2oormYNsUZxWByPA11ITz0b_eSYQXvriEZOTzFmnWWbuKi8wf5U2IXa2SodIvk2UgQ7e3QdaGWtwCn3aMc-hzhCDbPD46lywKF0YLcJaA5UzkRpnXEi03jinSywHZWfirRMbqC8hh8UsYKzknAdAzLb8QJGsEKLCHnV9DFZLzNX7h_lJ3DSk9EzzlcZql68xrAA1dptfejjEjqyTie0Nd-2Oyepf5NIB1GCsGEjXP3CkzfrchKvIo-0SPj-unO-MWprcjmkS9kV3yZdFT4cy1V_xE9iqD6AQoHunNkbWRjZpXUD90L-JOhsXtUR0EpFmOseq8ub_Gk35VgPTou5koRF7zwuyfNGi6qgFmQVqMYOIm86p5ORXljz6Nr3NiwkCuKSZ9h5opbz7aopPgwnDDHaTuf9oew6yaIZU4Jv6QZN_Pj3ZAVvLTiUhNAdM-Yqc_T7NMCUpDOpnVRktQYnEBU4uD1vLQgCKOV4e4FzO9AMrrSnVMFhgmOH-ZmQI-04tWjV6Vr1Ol1fNyIywxrKXycdzZ0Q2HH1SYUrDJZbf2fJolpBCnOgG-86rH4LKb9c7vnUJQaFLNoHqman-D_on8ohXChOnXYp8QjdJC7feXkW4ZHc6kFGs-uXPn0QuiKhDy87GBgrJ-mXL9bBPOg&cid=CAASEuRon7pu-coJ0x5lWVWHCiA8lQ&rfl=1%2Chttps%253A%252F%252Ftrithucvn.org%252F%240

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

943b14c012ad3c62d80637e533ee6eee9ab1199b656cb33fe1b0b56daafa7e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29039
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7066 42 B
63 B 40ms
38ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AfrxBPEBX2Y9T-S3yb_HQwG4aSX7yXa6iHCWsJTmif4iva_PcSlFc6bbXwbQvkNQXMjTj5JOs1OyvjZ2B-RzMNkBNb4t6vmSanoOl2D_OasWDcBqM

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame 7066 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/window_focus_fy2019.js

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Sep 2021 15:26:27 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7066 124 KB
37 KB 29ms
19ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be8e3fb00d98e93afe954eb362d24a5d80537eb55c896bba9734e5771b6b34b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:38 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1629458990649126"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38246
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:38 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/ Frame 7066 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210816/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 111
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6205
x-xss-protection: 0
server: cafe
etag: 3431872159862141604
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Sep 2021 15:28:47 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame B74E 170 B
317 B 33ms
31ms Image
image/png 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARjF9Z6mATAB&v=APEucNXnm5EUJugQR9tzClh6eSxxox5MMRCfMEKUA2CmHWoyOdQl-rqVUykpsxWIkm2jGAcna0i1oqxUEd18EQTLOZtvnywv_w

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B74E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1&C=1

43 B
894 B

44ms
44ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARjF9Z6mATAB&v=APEucNXnm5EUJugQR9tzClh6eSxxox5MMRCfMEKUA2CmHWoyOdQl-rqVUykpsxWIkm2jGAcna0i1oqxUEd18EQTLOZtvnywv_w
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 23 Aug 2021 15:30:38 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:38 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 23 Aug 2021 15:30:38 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B74E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YSO-Hs-qAGFTGVRvbNaT1wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1

43 B
894 B

39ms
39ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARjF9Z6mATAB&v=APEucNXnm5EUJugQR9tzClh6eSxxox5MMRCfMEKUA2CmHWoyOdQl-rqVUykpsxWIkm2jGAcna0i1oqxUEd18EQTLOZtvnywv_w
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 23 Aug 2021 15:30:38 GMT

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 0D61 170 B
232 B 32ms
31ms Image
image/png 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARiIy56mATAB&v=APEucNVH5QajnbzlGO0fbIabQe4ra_z5Q9K9ZTJGpDFmH2-jBI7vvXhyp-oMaEksHNBt5b2dG7sYCHBx-sLGfR1mDd4cnZvzJA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0D61
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1&C=1

43 B
894 B

38ms
37ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARiIy56mATAB&v=APEucNVH5QajnbzlGO0fbIabQe4ra_z5Q9K9ZTJGpDFmH2-jBI7vvXhyp-oMaEksHNBt5b2dG7sYCHBx-sLGfR1mDd4cnZvzJA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 23 Aug 2021 15:30:38 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:38 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 23 Aug 2021 15:30:38 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0D61
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YSO-Hs-qAGFTGVRvbNaT1wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1

43 B
894 B

34ms
33ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMW7lQEQ4oWWARiIy56mATAB&v=APEucNVH5QajnbzlGO0fbIabQe4ra_z5Q9K9ZTJGpDFmH2-jBI7vvXhyp-oMaEksHNBt5b2dG7sYCHBx-sLGfR1mDd4cnZvzJA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 23 Aug 2021 15:30:38 GMT

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBenHktvhS47CVLo0tINRNU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame A143 169 KB
59 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 22:43:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60399
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 Aug 2021 22:43:59 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210816/r20110914/elements/html/ Frame A143 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210816/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CLBT6x9RswnUMiERruCb87M8dY_qliIdJ2-dK3EVzktWDmAxauHhGt_ezj7rsucWQ612um7n_L3E58EI4ENNm7TKMwRJBd8I4_lqdcyzPFj3TMSfU8yMEQAPKYnpti19loBTAHiH7lFI56reeh9z-cFDvChQ&dbm_d=AKAmf-DLfWgW1M2E_jY3Bxq9xIhtoBVkmClYwXJCN3ysgc3Z5OkFYA8NyndKqYrzXrthWVSMsG7CcGZnTAf-ts2c9uFnplzye_mHaFDv2aW6A5mBrACVPdNPa8JItpiqMgsaAo14JRVRj6KvnT2bdNEJfCR49FCmpc47oD1aKmcFpBjkm5r7ag_MjosDktZbCkJzB6G8Mx4NxdLt2VQ6WTU6o_e4DO1aGFZUeOcgTXM5Rzk7GPPh3xG-_YCT0zF2bSntEHNq2gxJuXkYhfJmqceRQgTshdOTTVBCQgPaEqMjCq56TjrO00_Idrv0HGItn0Bj4BaTeCW8yc-BUxVjxaRLHFdv2OKMD8o9CeOccKaB0JxzTW-Aw1LCLA2e4HgcQS5KL_aeJhgnC2Ay-lq4tQbvMnNfvkZ6miWRjXG0dgJ0fQNe4dJbFKsy42WoVMP8inTBCGmN9vgODMrkJLZoWIbvJqUAr7YNldUNW-bRHVu7ijQGTYdm8Hur0P61O6lU8-hNTxmggg9PB5AcDuy-uSj9mSn5g3C-QfgxkIafNIdRaHGxbn0yBukCnuSMh7wJLQI1zm7I6ZieHwhBxt7TqWqCa9XQu3oF2cT1VtbX3ssmxKU2tMMcqjDvgPv5Yv6BAzycYgZmXfbo1oqIAbVf_n0J6QIF4P9nBjOv_3y0bOuayXWadim7ABUzaSPtKp-9ONyICA1nGy_ljUmj0FZRjT_LaIkbPVD1EW4TmaJLwRbrZscBvfPI_yghROPotlcfBDLyWhCWKRpCd1m-F_HAlkWorBoeEu1W2AHrf3noXTItUaqMlAf_Rr0FPFIoZljc3jYxKCNfnFHgLkaCGPxQ_f0SqVR0_-hC-TK_GoN3zBxcck0M-RvABXArRF4N7xWEtzkITdQ_JWbOsAvvZsImqDdagvefQXqYRRNyaalzMUbe9IEyYN7gWLAf8hWD57XlzbaT5Y_dHj-V8F5liOwNPeVk0beIYzr00XLj6xcEiM7nmD2n7fjDHbF2RBvOeyv1sYGfoj9ZDlnzZcGqTmtqZeidNJrJe8YFFzhAY5nnETyvbb7MFO3f8pipqZn93X3CgE-fuZsVHriVR2bpo4TG5VdZ1oJQgKDb8c1gtAH2AfwY_yuKtfymsA-krQLgqAdkbCEZlSBR7RZTUSOsEtSVrLECDPMMIpKUKODmIQ928T7J2s225BORaJPay1zVmxXAX10PSsKccSAp5FTO_2ZYMQCrIvAzLexhtJkze7HlbV0Hvvi26Aoqj0PS3PsvuvlMCZlJFjGPg9ipfYjeMr-QrTTOl-wKbZr5Zs2ocaPe_D1fN1Jgus7kPlR7vVLPGLsAole1m-7vk9BelMGypVu5xZCHYZXQeXCFGJ83F02aSdTNNN54L1U2ea2QvR3Ud8u76ne8VS7oZRyth8tZzIvDgKd88dj1_f7VUGyvq6MxvtY3X-8J5uH9uR4roBsKOhAbUOzy5Upe8FVT4vBIx3Y4bXS17OJyhAnNYNaX7ONm841_1SOGO0bacAKSDbh8hZuOjvpbNSbFX4vQgjNcjLFkGqGTVvwctZqocuc1-3UZ-9JVIz5kMu1WFlc3UDdQTlN24JvDoDVhm9jZZMOgRjL1l4_Iz4Lc0B4CauXd35XMvo-7Yy9OwuvtXQBgZzzMrvlIMA4KaV-j0BhrcZgxKER1TqzkaURV0Ur9nzHesmcDRRKpIvKt5gQI6zk49VVvDo6JkswUhpN1iSKGV6nVMQMPPucacib5H4qInde8Z19rrUMO68JQLfeUQZZVPvZDd5PJrPEbkQo481FNtjv7MfvsWSglSwydAnEhpyjlsL9dmNL-fMJkVClfXprJkfLN-Cyq2NFy1peBRndZQSdA3870AX-_5M78Tb7Sgt50MglVqG7fcAvbm3AU4NxKceKYpXCQjzpkxouBGeE5eiX89T1YTy_vZEkPr0wGZg2ahRu4kEbRCcYB442aLyKG5TmBQEuGvzwZUF_FCjcEZzLMFlmPQPEggFSzzL3lVrLKhI5oxbU2HIB6dZwHacOzeFCX7-dWe-5G4D2KdnJsVuoalhQsqxUDf5z1TvwSpgnq9h9Ilt1TNeJWawA3g74l1wf178EVGRZb7_TZ6Cys1OYfKf-tz2rgperqPWG43zIVi4xNNECFsOi4CMzvzqss92ZX2N57VWsk22f-vbxm_pW9nOPUi12wrYulvB9GbWSgkDuvCufS7pElWULrSOYWAjxnLiVQ6uCtZTFVoUkPOOhDrzTXlro_zC0zFoK0uCkiBLqEbaC7O2wTbfdZre86k5OLwknQrdzuwyHt3LapCulxhP7Fj5vBqIVcJ9vjOuJAMbBHttb1N07QaHJMqxzF46Qm2Jno8xWH2GFkIE4Zr-dAoDHVI1xTx3_vQIcffUSlws_xkU3Xouaor6Tur0ZRPjY3O428HQUW1jcc2daE897Bk_ztRnVqFqgf_LJYrP9Cq2kczo-U8tMgrfx97DnXZou5BzQ760r8wZEFOsS0gagMt1cxtHmOKaTT0XUK13Q8N9CjcRNXI-Hwu5cXXV-ORP2Ku4jUwvgBzUn1-H5bpDJDgi_yGIRgSqLDa7JWxTkYHA-vD2AgyZnkvOex7uOROHUcxx1nbKtpneRaDzJVKz1H7slo00SwRDOscBY-iZId7wX8mV05hJ5ziXs7-B3F4mVmB4MornwhzEkBb-bUSgiiaJQyP_0eRBGB__zlE2EG8qGlU-xSGncSZ2aC2dEKA0olYWPh5p16CVFfb2eDRPieTYUC5L-b_CdI5wf03RqPUTc3lq9dkoeHtqx1RRSfncgh1Le_myGt1SMT0N61g9Jkg_dGsgSvprt8F2EkWbstSGfVWpxf_8WEvbPrMKRAivsow9SoG_d8A1zXPE8Zp9l299tlzxTGTzEQrD7PXjqgPTs6uJ_TJIQXkuE2-kEaL556WHykFGQr7Rtfnk_7o0HSLrDCuUVGHoIwKOUIKpgUoaLPPpDYnF_L9bI3yk9hY_jYBDFrbNFXZ9RiMXi9iQBRwsPW3ypS7mCJ75qvJy8Iibdy_t1WkdYmt4dASL4x28QjU9Z4mZd9t-Qv387cWL-Gp-yRHJW-hHRp6DbybaSkPGsXZLQK7B6HMVcluBqY_VK9pHJgrl3MpPwLLyT_AKPmHIw1knuB_-Ufo5kuQCXhzyVKLcn2WlPfgm6ql8sSCN5XiB7UrR9yUnM9Eb98VL-GSfMLmeb8DFcWrKkF1uorxv2dlSCidxjadymVHf_ZVUumyZqs628TjR154yZZSQn8G6o9Tee7_9Nd2Gjd1WCSax0JHW2GUdRCq6z9yQ0&cid=CAASEuRo-kvGMqq4CtVZllvLwG7bnA&rfl=1%2Chttps%253A%252F%252Ftrithucvn.org%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:29:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Sep 2021 15:29:35 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210816/r20110914/ Frame A143 24 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210816/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63ed4c66bf3ba06512f7028be62a4bd53295e1ba68a919a7591f5fd392e72b90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:29:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9341
x-xss-protection: 0
server: cafe
etag: 177112232901409761
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Sep 2021 15:29:12 GMT

GET
H2 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 7066 169 KB
59 KB 32ms
24ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 22:43:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60399
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 Aug 2021 22:43:59 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210816/r20110914/elements/html/ Frame 7066 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210816/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DyHber9ZIx7oEICBXjsrA0Z-OVfQEMWeh5055rHESnRvwl5-jPA5F34PINl5y0wp0l6akVfyMoEKnj8j11qtFavYGA-BOpSoFKynEi3UvaBCzFoYo293HbKfqPhnqPOWnggcuS-Sie_GYvfyZSOAH4PNiguw&dbm_d=AKAmf-CAhBQ7tWmd6BU6qRcUkGm7MaVcGr2gOezHU5Y5Dm-i7O6OUUBIGIg54pBwj2t4RyheRlml9OT2laEf00-SCm0XR75n8yPcD1jYN0xCDlxFNzBqhfHjXeSCHug4NPDk_vYN4rz0Tx_l8W6RX0WRkl9Lx7WRsb8f4ZZdpyhv09-KaRZjHRMvIpf8vh9OTCHCFlDIy5wvg6dVY6nSbK0PmCDiCfEuB1i4yyA7omJFDrOsUi1ftToP_rr0WjB9SZ-4g7l4YJ9-QyVDOJkEE3yDBO8e8oNa2mZ1K2FZTK9Tu_dI893guR6__ltHR07fwzxf-LTA4p808vd7uAdKZ1RfI8xIOzOonJafK-0_Q9jxjNiZ8n6G0RL4fw5_qayyUMzkBxJa6kk1wd_nDThskW5DnF48Lp4I4CQyz3Fv8TMeck6abPFwMLlgaRJ7qXyReughCgnjVNOnb1z478bJht40dWNHgY77QWvTRVCpbl3gl0q7esYlkhA_IgyKLy80XZO2PdUSDTmGATG0s18xsmlUcbuqPdqQfRX6J-hCcRHngIBoGLNu7vh7kgsM3qET72yEdrjJlRbFB1qXpNHDBhZiKNxcULLbSbnDiULc3SKCpuKdZy5jZgUzpk2Zq8FnyPeb4aiv0SNTA0AQCb5MzoYP39Cn9cNmrQFeN3za1RBjV3WStUWKXVOVwpb1UjAyK1m7aKGtEodcSBxdxy6z5t6sk9NHIitxLWZEavpcGXrHoaOywZjvQ30pd12iHw_rqappW3Nbq9rJNmgruFy4w5ilqfVCamQTk7I-Lzqaacvchj2ADLPoEIjbOxn_O_B2_BwDbhkzOtn30GYUEwsszzFwIIlTZMoe6VGxvAAnC-ZCKREerm1r4zBs78Twy8-fystrOMuV1mVet_EJUIrw0QLfKaMRp_5trr-EL3c4kGXwtsmzDobZkEvCvcNaFU4dLjAJ38jMUesaf8Gm8s9F7xaoVbY9-HFIqxkx9wG_0gOJzNcPuTZ_wJGv8faRz_kUQk_cHLbYTzjQQd5rAFHJnlY-KZs6VGxC4_AQiKtBkOkSjA9QsPWgNQYdj_pMeztigsVP8y0_kgfbv9_O-P8v4KoZH0DvdzIBQt4hgq5DbvBG86B4AUJaBTr-PamSFqNE62xGLyEOF_7dWI4UA_xqEMn5R2ed7saphCqlMrIFmprLEg7GwVUMVQTnd7Tkd9jeTc7u8gSUtLs_WBMCIlu--WLXzwCBbst3bfu6eZD69gY6XLeqBLka7uT-WHaUCToVcMN3R8-6Pcuz-xE34skuLBT_AKIkjvR0NlAfvBut2hCJcnN_i-9M9UqSqLyKMCNkoQ-dXw0JGwxhVO-S_q-OKcfavyZK5xI-w8icaBxkU5hMgcLNZqnOCAPEhMffAZ9N6p8S0Sh51BquR1bGjuGAD51L1kM5zrl0IWG63Ah_b680J7-HfDsY9_nWVdod5Iqp1XzU43tsos3WKB4rQ44TAPYw0ukJtClI3u6RQQAPyta14eDjLo2jrbY5Rx3LSTrUTCAjCU-VAoYQsKaAb8WKv9VW9Zz8T3IKyqsUBXykbWCpenG-G_VCbWdsX45xQxLyG7hCEVvB5QRZXfPY6i3SEcu7Lr8iRs8ubhwjzDdh9aVXguogohIRyLm9GgIIx6owe-SHr9T2ZLD8h8Qg64svt67CWUMiD7h5mtGqpdJJRCTh8ANrQHlCscRELbZxxCX3s6NCBjKzaRVk8qofwWUNsWXZLTGSPcGLueHjhlkhIgMf4zAV8S3-rbsBBnXveJUO4M5WIJNd5cVw7Z4uy2XM_xI8FhE0Pa2rVIVjp0uimZasXaIA4iYiqAn3-NvsjKrNytVI-3MmWLfeev_FnpvUiyXLU-_P94K2bkAnuYAXNo636S6Vm-iLrVvJe7M8aN5qxKMl1NA-jaZuOsovjTFX2zEi72Sal9RmLbSGCfnNKQ4TuuZnYuSnvIlo_SKHbQMyjfJEEL7yTaV663OIvEaijs9iZijxbVUzmGODg5h_EbnjfYrDTxX4RptPdgJBQRfAH0paYlyu0VV4NMb5OMxPp4Ky2YL77zrnLRTIUqNJIKkQaI1wDlQW--r0lccbjEBQ9wWfrJN9YrVKmwjNbUipQ7Vmbe160EwNh8UMk-qf21uYuCsqWFYoBV63Li8YEGYGAeIb8T-BXL5mKDmiRU1pQmumLZAHwNZt3DcxuU5EAAWgREwUDDSz6F2hI2Ct8eEeW8JzdsNwfHU9CFqNYmbaI6XDCkQAVGKF04ADWGmSqibFK9u_1lAPYjucdWsqWq41qoOnGMdHWsUi_RSwnc0it-NeE75HRM6-c0EXl93txDi3ViVgz97htgKLtSk7lPes-lP0W2olSdTGGYODWsf1Z4QAEWPNDeuN478E-Pxp-2xuS2jFKh7-Hxa88N1tCI3XyvRH9zJrpxcVp6ZRf3b7ZatSnzmngXxoG6vjn7-kTKQUpOtu2cvqXS-K34K2Q8NW9vQmdFBYq9okLtaJTu5QJubGwuHgzd0OiAQSEDg8iZWIbPvu14Xfago3U22mCFD2bgq_YUeqaPRAzgaN8IzeUfLRYw6RggA8_hAe4EkrxILEdP_yG0vbqzisdIqKu_3BizY_Xf6Opsnnh_wbZzTXptcZySXulTsAqny4L2oormYNsUZxWByPA11ITz0b_eSYQXvriEZOTzFmnWWbuKi8wf5U2IXa2SodIvk2UgQ7e3QdaGWtwCn3aMc-hzhCDbPD46lywKF0YLcJaA5UzkRpnXEi03jinSywHZWfirRMbqC8hh8UsYKzknAdAzLb8QJGsEKLCHnV9DFZLzNX7h_lJ3DSk9EzzlcZql68xrAA1dptfejjEjqyTie0Nd-2Oyepf5NIB1GCsGEjXP3CkzfrchKvIo-0SPj-unO-MWprcjmkS9kV3yZdFT4cy1V_xE9iqD6AQoHunNkbWRjZpXUD90L-JOhsXtUR0EpFmOseq8ub_Gk35VgPTou5koRF7zwuyfNGi6qgFmQVqMYOIm86p5ORXljz6Nr3NiwkCuKSZ9h5opbz7aopPgwnDDHaTuf9oew6yaIZU4Jv6QZN_Pj3ZAVvLTiUhNAdM-Yqc_T7NMCUpDOpnVRktQYnEBU4uD1vLQgCKOV4e4FzO9AMrrSnVMFhgmOH-ZmQI-04tWjV6Vr1Ol1fNyIywxrKXycdzZ0Q2HH1SYUrDJZbf2fJolpBCnOgG-86rH4LKb9c7vnUJQaFLNoHqman-D_on8ohXChOnXYp8QjdJC7feXkW4ZHc6kFGs-uXPn0QuiKhDy87GBgrJ-mXL9bBPOg&cid=CAASEuRon7pu-coJ0x5lWVWHCiA8lQ&rfl=1%2Chttps%253A%252F%252Ftrithucvn.org%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:29:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Sep 2021 15:29:35 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210816/r20110914/ Frame 7066 24 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210816/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63ed4c66bf3ba06512f7028be62a4bd53295e1ba68a919a7591f5fd392e72b90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:29:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9341
x-xss-protection: 0
server: cafe
etag: 177112232901409761
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Sep 2021 15:29:12 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A143 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 23:04:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 145564
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Aug 2022 23:04:34 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5987 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 23 Aug 2021 03:09:05 GMT
expires: Tue, 24 Aug 2021 03:09:05 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44493
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A143 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b12020af078d64c790e13244578fd2dbcbd8d6c83186f6e2b93814a9db7471a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/ Frame 8CA9 28 KB
7 KB 36ms
22ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7e2ae4787f43060398562665da7265404a4bb6df8c5b11bfcc458bf4d2315c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7400
date: Mon, 23 Aug 2021 15:30:38 GMT
expires: Tue, 24 Aug 2021 15:30:38 GMT
cache-control: public, max-age=86400
last-modified: Wed, 21 Apr 2021 13:02:59 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A143 0
592 B 112ms
63ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuG23M4PkFyW4Q_9GzKaYTDGOvQkpY_x3T2af7MN2Xnmb1b8-n_RVcttaxlxtTyNyu4tVjntpbdYUf1_ITgWU28n9CdOStUWrusdNZP7GlCL8IBhCqzybNO2DQntrC8gXeUOpExFlQIwcBn0dQTJyntHzsZ26pV4apc7stM90_aqQypsFrWmLhGWYAYzAznC31kjW1DdY0Lg6kmoLm66F-5UutAhHI7SlOjiv3_NzUxGFhIyMxRx6X5pi1fHjcBJaggvG9XiEWSewV-erTebMH-dFZpwMblB1lPAuMxE5e0ly3rJwN40aTfz84BUnOEEzImlaf1Hbpb6dPYWLDdwtziIM0OjiuliuFt73pLByxDwntz2JrL4isIwC6TGaRbt6wC7URQEdEW3g6RdVC9dmh5R1NSP-kxA4FoUVpJXVUhOFFSuWjXY7NX7auL-XJoSaAZXWvzpchmFgsx7pyPsjiAF0L7CRzIjnQQxWicJz3acCRh3OV6Jd2eNm5bV5nW7YuILn3USEH8H-nV6kYZQYzTTz3O_ROFJBuifmB7HUIUcVvMsCyIYn0bpnf6UarBusZonzY2L-V-jLLQbWzFKjH6P2t_TEZWiD8kTuaqn_h07gdg0DbahzttcGkipgqigMYhRrUbqIuVvKZ8X-g6pjLYzSPtdcmDCj1knq-n93HCmXmqc2X68_uDajIQ_jy4UCXqbNojZGv__Gcf27dBJvJA2h5OrvqewoimhXG_nWAX2brAfgjmB8imDBssFrUSFezxCWBgvVzFyV9zBnAqBPM8s82GPjG-YkkmrhtMb6S6FrKhf6eni0K9__AIq3yWH3_pWTnot6y58OaxeDPumVtRI3mk3GWD9W6AHsqxQJqAj92ZZcyHuAZNeHVWklZmlUtLkFp2fRgpYDuVn8EOUVS2NhwoSwhovaHQBQOrwPUuzk7BeDGJ14ZIBwAWQQ0BuYzYDv3SPm0fB_ckLagQavCR0w6_SPR_ZpyI3M58oI3sDTQ89vWLbhmSKrWSLzoo1sdrJcmk35V43DglbcM7LdjhuzDsZZdijW1KN_iu-W96IA4vsWZGih4vnO_5zQHg3_K_0JUWPLXAzfVpttTS0ajjPFkBLVtb3YflWtiHSWpCmV104T3MeGnKodH5_cJElxdtnYMpKrEFlR_akuxIYKJys7WcX2Or8npw7Qk4GeGwgcgk5ldc0M6e2G8hNrqF8V1PlsSqOI1pFyTnU2ZNsC0oeU9Cd5t3iOZYdxoQntqSCbXLLTg7p_ShgvNtkS3LoONl2pLkUIje2qF26jKMTn5-OP4E&sai=AMfl-YQIVANwMNDxjwoX60tzEqnkj9Qb1cxrjNb4uGplJQQ1iagWStCcA2OrMVAC-5Afiv_hGDVIeFZ3N2igaQZxV7vOEdFuJzoKpwI4WtvtnNDixzZK9sA4ltGREViz5swx5b46Y7Z6N3Noh5FonBhYEFH49cJEMA&sig=Cg0ArKJSzKOHrUVLRoTcEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=114&cbvp=1&cstd=105&cisv=r20210816.40426&adurl=

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 23 Aug 2021 15:30:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7066 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 21 Aug 2021 23:04:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 145564
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Aug 2022 23:04:34 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 717F 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 23 Aug 2021 03:09:05 GMT
expires: Tue, 24 Aug 2021 03:09:05 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44493
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 7066 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad01f6d51bfed239572b324c02b86614df135c40ef0e8b095c9d88972265076a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B4BA 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sat, 21 Aug 2021 23:04:36 GMT
expires: Sun, 21 Aug 2022 23:04:36 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 145562
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/ Frame 6261 27 KB
7 KB 21ms
21ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83b51c8033d176c1e7f7d00f21129e48c9e18128477052b89d4ed0e5c522a779

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7389
date: Mon, 23 Aug 2021 15:30:38 GMT
expires: Tue, 24 Aug 2021 15:30:38 GMT
cache-control: public, max-age=86400
last-modified: Wed, 21 Apr 2021 11:04:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7066 0
52 B 65ms
65ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuXtRnqfaRBcjKvABp9iJWQaPw-bzi6uOakeIH7-kNpphxL6uepCH2uFZ_HOPKfLh6nnmClDMOC7CTdDIXYufCzlFvUyS36buAg0kvwWZANXWTJmhUXHT6n1T3Mi1i04HfSve3ZE0scBPMfdSlIbUunko8MGhB16qg1UuEKhpmvPb1U9taUL5IsoPrsphgCJEVMMcITqqHSQohM_OSTzUgdhuw6YrK3wXS6FWWc5RaNJksZj6fASjt9LzxJ5fKBGW-O12-cz10kJMZUI-KDmAyrr-wrPQTkooWcKGZO6jKRJbAvoxHCsNeNuQYUKzPU2-oPvQyJZPrPigBkpxaT3kXdZLBn9l38AeUUUuFkSRKDgGQyAaB54aQhVDA2JpWzsI4wMfG5f2BJmJUZDynohjxvz-RW_OKpK4ze0BcOe0SMSG6Z9TF6CcFgali7gzbeNV_7WyRov88R4L8g-BgZzMfYQUksworTQChGAEby65W39SzuazBLG35IWMoMJQsL7jPPYQAK1wkCbKvSaNR7Ui7uizqxjAh0KSIKgkwPc2VeJL7ClVmH4oQTUrImmtH1WAZkCkkcxUmXzFGV4Rw1i0yRXIa5wEjmUKlN987nsaTBFdtBwBd2ptiL68oEpQITa1Fri5R_RGWDft0W8qAJKf5Xblypc23eMQfJB6Pn6eNag1HrES5EWohX-CdPxNMnuj01SLBAgqj-FBWYrATK5QPkzEqxR9hqgUpqLPLAHkOV6v1tugrUWA3IIsn9nPRi0l2k0qeca9OSzZXYP7agHuuYSjthPlLMpQr5_4uAPXeccd7gDCtpjvYWqqg0s4QP6KTL4VnKEv2d1CWC_a60-qjvwE6qjyRntdtL67sUlDgh0RjBZzGsIw_8Uba5ro2e3FA1pwyZk-HgfqjM1Ia23_QnkjpzojgX1zKx1iYHEBnKj0m6aPom5T3sMeAdMfd1x6sXLahHdHZIhpQFz152R7WOXdlUwDmBk1MPBBxA0BX-Q9QFt7MSeZmrwOy75YC6cA4HbWPTHBODtTNb76CZh86wIHgOFmXoer_htewH_X1fD9RHxMYjUqTmctHdqdNgCWhszX_iFMuErwoefcVgOIlnw0E-wyIibRo-XKRK9o97LiH0Zrw4oWeRWrng5Zrh-B0nVgG1dgzYFzV97XFJHeUuQDQFjPu814HmqEMqCbjvMhnIpEdt9LD0k9Xissu0lXCaqDW9-cPLtRdv85qAQoxBi-Q70mKrlHrfot7QnY6xjku3J3jWxI-Cy99x_0PT1lwXnQhFzog0saeo2_4XAtTq6aiF&sai=AMfl-YRC9K44vZK-Gy3R3Qj-Jt2RMdxS-r7IrzpxHSTBi_aIpjnahx6HmAseHTZ7yZ2hAe1PVf2nF7XVoZTet5wwIkhSpv1R9VJNOH35qPn8Y5v043rX5lUgby4OzjqK5YvGQ5pLWVjPKW1pS9PDKc1rkTMYfPINig&sig=Cg0ArKJSzA0ICgUAoAxtEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=178&cbvp=1&cstd=173&cisv=r20210816.04594&adurl=

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 23 Aug 2021 15:30:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8389 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sat, 21 Aug 2021 23:04:36 GMT
expires: Sun, 21 Aug 2022 23:04:36 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 145562
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5987
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESENaBDUnF_yYBx8GjwIibDf8&google_cver=1&google_push=AYg5qPJlM_029PfujxFXvXEDGJABqVKMoFveaHVKJVhHXRiSfbQfswUNgl9KnzHuQEeEHyRYfSbf3M8JWLOrwoC8Y4U3nSAXoAY
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8FA5075F8FE64E1F873AC4007E5CADB8&google_push=AYg5qPJlM_029PfujxFXvXEDGJABqVKMoFveaHVKJVhHXRiSfbQfswUNgl9KnzHuQEeEHyRYfSbf3M8JWLOrwoC...

170 B
188 B

36ms
35ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8FA5075F8FE64E1F873AC4007E5CADB8&google_push=AYg5qPJlM_029PfujxFXvXEDGJABqVKMoFveaHVKJVhHXRiSfbQfswUNgl9KnzHuQEeEHyRYfSbf3M8JWLOrwoC8Y4U3nSAXoAY

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 23 Aug 2021 15:30:38 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=8FA5075F8FE64E1F873AC4007E5CADB8&google_push=AYg5qPJlM_029PfujxFXvXEDGJABqVKMoFveaHVKJVhHXRiSfbQfswUNgl9KnzHuQEeEHyRYfSbf3M8JWLOrwoC8Y4U3nSAXoAY
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Sun, 22 Aug 2021 15:30:38 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5987
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEPbF14eRk7MtbYNESg1hnYU&google_cver=1&google_push=AYg5qPJVHQ48eC6KiVvQxreXCrAOTz5JTHlGU1dfOfBVTbwSd__CHrISXDancaXqSX67COKc4ahtU2Csu7UNCc...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk5OTY0ODM4MTQ2ODYwNDU1Ng%3D%3D&google_push=AYg5qPJVHQ48eC6KiVvQxreXCrAOTz5JTHlGU1dfOfBVTbwSd__CHrISXDancaXqSX67COKc4ahtU2Csu7UNCc9Mfi...

170 B
188 B

36ms
35ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk5OTY0ODM4MTQ2ODYwNDU1Ng%3D%3D&google_push=AYg5qPJVHQ48eC6KiVvQxreXCrAOTz5JTHlGU1dfOfBVTbwSd__CHrISXDancaXqSX67COKc4ahtU2Csu7UNCc9Mfi39l8el4zE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk5OTY0ODM4MTQ2ODYwNDU1Ng%3D%3D&google_push=AYg5qPJVHQ48eC6KiVvQxreXCrAOTz5JTHlGU1dfOfBVTbwSd__CHrISXDancaXqSX67COKc4ahtU2Csu7UNCc9Mfi39l8el4zE
Date: Mon, 23 Aug 2021 15:30:38 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5987
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDvbUvoXE5DAPT08JQ-Ii3k&google_cver=1&google_push=AYg5qPILmLS4PKTWfq4Yx8EU9PKJX_rzHTYvQLG0qtUPozqQYX55GZ6Vz28EZ_OPMnvYcMdiKCLOh5Q3OhPkSuoHD_aA...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEDvbUvoXE5DAPT08JQ-Ii3k&google_cver=1&google_push=AYg5qPILmLS4PKTWfq4Yx8EU9PKJX_rzHTYvQLG0qtUPozqQYX55GZ6Vz28EZ_OPMnvYcMdiKCLOh5Q3OhPkSu...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPILmLS4PKTWfq4Yx8EU9PKJX_rzHTYvQLG0qtUPozqQYX55GZ6Vz28EZ_OPMnvYcMdiKCLOh5Q3OhPkSuoHD_aAEXdVJV7t&google_hm=QRGbhcgYSSeHbzw4iqgRvQ==

170 B
188 B

31ms
30ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPILmLS4PKTWfq4Yx8EU9PKJX_rzHTYvQLG0qtUPozqQYX55GZ6Vz28EZ_OPMnvYcMdiKCLOh5Q3OhPkSuoHD_aAEXdVJV7t&google_hm=QRGbhcgYSSeHbzw4iqgRvQ==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPILmLS4PKTWfq4Yx8EU9PKJX_rzHTYvQLG0qtUPozqQYX55GZ6Vz28EZ_OPMnvYcMdiKCLOh5Q3OhPkSuoHD_aAEXdVJV7t&google_hm=QRGbhcgYSSeHbzw4iqgRvQ==
date: Mon, 23 Aug 2021 15:30:38 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5987
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=N8_FmXE8RXiLbMiN2ecc0w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

30ms
29ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=N8_FmXE8RXiLbMiN2ecc0w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKJp3uD8qYD1DR6YDenKgBIZU_EoxbE1c4kLMRagGGN_jZ9fOOPiD_rGBVxsCfW9nD99SiLQu_dVpJvnZcVdwYVTQv-TYNc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=N8_FmXE8RXiLbMiN2ecc0w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKJp3uD8qYD1DR6YDenKgBIZU_EoxbE1c4kLMRagGGN_jZ9fOOPiD_rGBVxsCfW9nD99SiLQu_dVpJvnZcVdwYVTQv-TYNc
date: Mon, 23 Aug 2021 15:30:38 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5987
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEM2HwtXmOecbkYiAVP-2NqM&google_cver=1&google_push=AYg5qPJswqoum41SV39egSJ1c-DZECgvXU8IlPYMFuet5A7MMwsKy4ngLkaNJTGgKBail-U3H4KtaBTpohNDxG7...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZCa17hNiQDxRsjeDPA5yO7nsyeI&google_push=AYg5qPJswqoum41SV39egSJ1c-DZECgvXU8IlPYMFuet5A7MMwsKy4ngLkaNJTGgKBail-U3H4KtaBTpohNDxG...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZCa17hNiQDxRsjeDPA5yO7nsyeI&google_push=AYg5qPJswqoum41SV39egSJ1c-DZECgvXU8IlPYMFuet5A7MMwsKy4ngLkaNJTGgKBail-U3H4KtaBTpohNDxG...

170 B
188 B

31ms
31ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZCa17hNiQDxRsjeDPA5yO7nsyeI&google_push=AYg5qPJswqoum41SV39egSJ1c-DZECgvXU8IlPYMFuet5A7MMwsKy4ngLkaNJTGgKBail-U3H4KtaBTpohNDxG7MdJdtb8NJCrmL&google_tc=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:39 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ZCa17hNiQDxRsjeDPA5yO7nsyeI&google_push=AYg5qPJswqoum41SV39egSJ1c-DZECgvXU8IlPYMFuet5A7MMwsKy4ngLkaNJTGgKBail-U3H4KtaBTpohNDxG7MdJdtb8NJCrmL&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 431
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5987
Redirect Chain

https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEK6AEbqdKS4Puk5_-j2ryrg&google_cver=1&google_push=AYg5qPIcNq-0t7qQaQZAUjs_DpD9NgEDN5jyg_N3MTfs73_k494NSHsHwwLIAC9_TrN9dgP0Q4b5Mqkh5o_lLtJzD...
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NDU2ZTY1NzEtZmY5Yy00Y2NiLTg1YWEtMDgyNDc5YzVmMTA1&google_push=AYg5qPIcNq-0t7qQaQZAUjs_DpD9NgEDN5jyg_N3MTfs73_k494NSHsHwwLIAC9_...

170 B
188 B

30ms
30ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NDU2ZTY1NzEtZmY5Yy00Y2NiLTg1YWEtMDgyNDc5YzVmMTA1&google_push=AYg5qPIcNq-0t7qQaQZAUjs_DpD9NgEDN5jyg_N3MTfs73_k494NSHsHwwLIAC9_TrN9dgP0Q4b5Mqkh5o_lLtJzDLA8l7A10y8TrA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NDU2ZTY1NzEtZmY5Yy00Y2NiLTg1YWEtMDgyNDc5YzVmMTA1&google_push=AYg5qPIcNq-0t7qQaQZAUjs_DpD9NgEDN5jyg_N3MTfs73_k494NSHsHwwLIAC9_TrN9dgP0Q4b5Mqkh5o_lLtJzDLA8l7A10y8TrA
date: Mon, 23 Aug 2021 15:30:38 GMT
content-length: 0

GET
H3-29 200 dot.gif
s0.2mdn.net/ Frame 5987 43 B
63 B 16ms
14ms Image
image/gif 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEECn-CuXB9g-qVVSlY3eBtQ&google_cver=1&google_push=AYg5qPLGT2-f6VsNMdaT3QNLhN0Z3QJTDEP2HjmIHXdVGgVhP_VviMHEa2NrM8yt46-16KLAv7lP1MpAAatW-k40FdMMWWye4qyK

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Tue, 24 Aug 2021 15:30:38 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 5987 0
12 B 30ms
28ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KLXBn-6SZY8tOelRynB4y1TDjn6XnvDMwC2ujBWi8Fo3UFX2X4LwbGqIeV7zGwpyeZLSh9OQo

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:38 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 8CA9 236 KB
63 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 Aug 2021 15:30:38 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 8CA9 110 KB
38 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 22:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60398
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 Aug 2021 22:44:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 717F 35 B
464 B 31ms
9ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEIpKmxUF84LjPfHXFqX48m4&google_cver=1&google_push=AYg5qPJzzSHx_b5XeQAhYAv5ilgCktarzQjRskyF28hZ3SLIDriiTk4GcFbSv2Mykfm7B0t2ffWPxUm5yAKjLODCZZHCt8c0HaJF

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:38 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 717F 0
104 B 91ms
63ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEG1fmme104CpLnbwaAjavj4&google_cver=1&google_push=AYg5qPIhH5EYnrP7jhNuZErm9ZMggOtpkr1QhXoKmZxj07z97VGO1brug3LcgFGOfgc6Up7HlHEw26QXr_Y2ka5ECaojzFl9T3s
Requested by: Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:38 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 717F
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEDqiUmsI9V6HPC7D3Akj70E&google_cver=1&google_push=AYg5qPLxgYrw5taof8LVnq63embP6mSJ7kQcSi-E8XXzwT241PxsvAxi_NQ8MVLRVB3Vq6LSsM-UI5k8CNY64RgiYfmYRBe...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEDqiUmsI9V6HPC7D3Akj70E&google_cver=1&google_push=AYg5qPLxgYrw5taof8LVnq63embP6mSJ7kQcSi-E8XXzwT241PxsvAxi_NQ8MVLRVB3Vq6LSsM-UI5k8CNY64RgiYfmYR...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLxgYrw5taof8LVnq63embP6mSJ7kQcSi-E8XXzwT241PxsvAxi_NQ8MVLRVB3Vq6LSsM-UI5k8CNY64RgiYfmYRBeLH2UA

170 B
188 B

29ms
29ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLxgYrw5taof8LVnq63embP6mSJ7kQcSi-E8XXzwT241PxsvAxi_NQ8MVLRVB3Vq6LSsM-UI5k8CNY64RgiYfmYRBeLH2UA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLxgYrw5taof8LVnq63embP6mSJ7kQcSi-E8XXzwT241PxsvAxi_NQ8MVLRVB3Vq6LSsM-UI5k8CNY64RgiYfmYRBeLH2UA
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 717F
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEA9VAW4WG8QMa-zKsjiimdQ&google_cver=1&google_push=AYg5qPIpwljmqe2mwDTRQgLP9CGTNL1W_ei7wZLkk93dXm2y3IJGgXRkyutfvMbgCvRt41TytrHhezSHIOReumb9...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=71830c1fdcf53416cfbe&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AYg5qPIpwljmqe2mwDTRQgLP9CGTNL1W_ei7...

170 B
188 B

31ms
30ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=71830c1fdcf53416cfbe&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AYg5qPIpwljmqe2mwDTRQgLP9CGTNL1W_ei7wZLkk93dXm2y3IJGgXRkyutfvMbgCvRt41TytrHhezSHIOReumb9vmnQ33o2fVw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 23 Aug 2021 15:30:38 GMT
via: 1.1 792f70324a941726ce7e749514e6fc3c.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=71830c1fdcf53416cfbe&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AYg5qPIpwljmqe2mwDTRQgLP9CGTNL1W_ei7wZLkk93dXm2y3IJGgXRkyutfvMbgCvRt41TytrHhezSHIOReumb9vmnQ33o2fVw
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: eZo9RoHNcTuy9ap351fAsErqqDNeoWDTVZKnqdO_xdyzKip8sfiU1A==

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 717F
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEOLOYu6XRM0NtEat1Y1S2Is&google_cver=1&google_push=AYg5qPKaGt31HUa_6QCjM9yScdsR3IfAN6IoiF9zQPKdvVq5MuYOMUmzGEa1yi6zOQ8oZ-UQe8GruduHSz7sm2vFFgkEWpfoch9i
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjcyNzM0MjM5MDMxMzg2ODAwMFYxMA%3d%3d&mn_hm=MjcyNzM0MjM5MDMxMzg2ODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPKaGt31HUa_6QCjM9yScdsR3If...

170 B
188 B

31ms
30ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjcyNzM0MjM5MDMxMzg2ODAwMFYxMA%3d%3d&mn_hm=MjcyNzM0MjM5MDMxMzg2ODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPKaGt31HUa_6QCjM9yScdsR3IfAN6IoiF9zQPKdvVq5MuYOMUmzGEa1yi6zOQ8oZ-UQe8GruduHSz7sm2vFFgkEWpfoch9i&gdpr=&gdpr_consent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:39 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjcyNzM0MjM5MDMxMzg2ODAwMFYxMA%3d%3d&mn_hm=MjcyNzM0MjM5MDMxMzg2ODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPKaGt31HUa_6QCjM9yScdsR3IfAN6IoiF9zQPKdvVq5MuYOMUmzGEa1yi6zOQ8oZ-UQe8GruduHSz7sm2vFFgkEWpfoch9i&gdpr=&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html
Content-Length: 154
X-MNET-HL2: E
Expires: Mon, 23 Aug 2021 15:30:39 GMT

GET
H/1.1 200
OK sync
rtb2-useast.e-volution.ai/ Frame 717F 42 B
233 B 338ms
104ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESELFGcr6p_q5QyZIqpxm5EEw&google_cver=1&google_push=AYg5qPIq35sQsAqM8AABwD4OTz2WlXdwZpWGQfR4mQPBhkhlSn-Nq5xWIbruaMkub7VAGCAyJpyzgN_w1TRPscjryT1Jjaj4icmtEw
Requested by: Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:39 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 717F
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEP3IdqqkGV2-J9_g_AI_R7E&google_cver=1&google_push=AYg5qPKBRiUuKyd8AYJWLEkvIJRkNlNrSP_6gS75srskknRR-Ipm6tY33eDNv4EcVRc6Qz_6g7...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEP3IdqqkGV2-J9_g_AI_R7E&google_cver=1&google_push=AYg5qPKBRiUuKyd8AYJWLEkvIJRkNlNrSP_6gS75srskknRR-Ipm6tY33eDNv4EcVRc6Qz_6g7...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS16MEU1azI5RTJ1SF9fMnlfcHpQRk9aUF80RHp6ZUJTOX5B&google_push=AYg5qPKBRiUuKyd8AYJWLEkvIJRkNlNrSP_6gS75srskknRR-Ipm6tY33...

170 B
188 B

31ms
30ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS16MEU1azI5RTJ1SF9fMnlfcHpQRk9aUF80RHp6ZUJTOX5B&google_push=AYg5qPKBRiUuKyd8AYJWLEkvIJRkNlNrSP_6gS75srskknRR-Ipm6tY33eDNv4EcVRc6Qz_6g7G-S9oZtp4ipzKuiyGMz2gueRMQAA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 23 Aug 2021 15:30:39 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS16MEU1azI5RTJ1SF9fMnlfcHpQRk9aUF80RHp6ZUJTOX5B&google_push=AYg5qPKBRiUuKyd8AYJWLEkvIJRkNlNrSP_6gS75srskknRR-Ipm6tY33eDNv4EcVRc6Qz_6g7G-S9oZtp4ipzKuiyGMz2gueRMQAA
Connection: keep-alive
Content-Length: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 717F 0
12 B 29ms
28ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IfEqPOwcCRuxJIlPN1t8zb4FJNOULX1i77woRI61t_CmKOKxABsrWBWQVVOFixm30jOl6UkvM

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:38 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 ESHX-PsTG84Fy6-bdaEnL5--1XpTzSOdL-kezmPtlCQ.js Show response
pagead2.googlesyndication.com/bg/ Frame B4BA 35 KB
13 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ESHX-PsTG84Fy6-bdaEnL5--1XpTzSOdL-kezmPtlCQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1121d7f8fb131bce05cbaf9b75a1272f9fbed57a53cd239d2fe91ece63ed9424

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 12:43:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10034
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13272
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 12:43:24 GMT

GET
H3-29 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 6261 236 KB
63 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 Aug 2021 15:30:38 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 6261 110 KB
38 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 22:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60398
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 Aug 2021 22:44:00 GMT

GET
H3-29 200 ESHX-PsTG84Fy6-bdaEnL5--1XpTzSOdL-kezmPtlCQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 8389 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ESHX-PsTG84Fy6-bdaEnL5--1XpTzSOdL-kezmPtlCQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1121d7f8fb131bce05cbaf9b75a1272f9fbed57a53cd239d2fe91ece63ed9424

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 12:43:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10034
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13272
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 12:43:24 GMT

GET
H3-29 200 Bubble.png
s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/ Frame 8CA9 4 KB
4 KB 7ms
7ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/Bubble.png?1618217636189

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87db09b1ea5bdf163eb74269947fa37e1d868fb54084b9a90952e1d12d365551

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 18:21:13 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 13:02:59 GMT
server: sffe
age: 76165
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4540
x-xss-protection: 0
expires: Mon, 23 Aug 2021 18:21:13 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame A143 0
23 B 89ms
58ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 23 Aug 2021 15:30:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Bubble.png
s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/ Frame 6261 4 KB
4 KB 8ms
7ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/Bubble.png?1617968692711

Requested by

Host: c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
URL: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87db09b1ea5bdf163eb74269947fa37e1d868fb54084b9a90952e1d12d365551

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 11:03:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:04:03 GMT
server: sffe
age: 16044
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4540
x-xss-protection: 0
expires: Tue, 24 Aug 2021 11:03:14 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7066 0
23 B 63ms
62ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 23 Aug 2021 15:30:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 CTA.png
s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/ Frame 8CA9 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/CTA.png?1618217636189

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b59ce734978b3ce7f65e27c14b852fde5460120430d9dad398b86e4580c5472

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 18:21:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 13:02:59 GMT
server: sffe
age: 76165
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1914
x-xss-protection: 0
expires: Mon, 23 Aug 2021 18:21:14 GMT

GET
H3-29 200 CTA.png
s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/ Frame 6261 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/CTA.png?1617968692711

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b59ce734978b3ce7f65e27c14b852fde5460120430d9dad398b86e4580c5472

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 11:03:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:04:03 GMT
server: sffe
age: 16044
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1914
x-xss-protection: 0
expires: Tue, 24 Aug 2021 11:03:15 GMT

GET
H3-29 200 degradado.png
s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/ Frame 8CA9 23 KB
23 KB 7ms
7ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/degradado.png?1618217636189

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f2ee75591995df2191444d7d388c2838bc5483ac23ce23cfb8faece6032335a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 18:21:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 13:02:59 GMT
server: sffe
age: 76165
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23927
x-xss-protection: 0
expires: Mon, 23 Aug 2021 18:21:14 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6261 6 KB
4 KB 17ms
16ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c4049fbc35c854059810a209f0e7e3682f5986199705720cd706c2394eaa7ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 23 Aug 2021 15:30:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4405
x-xss-protection: 0

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8CA9 6 KB
4 KB 17ms
16ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b9a46e0657fcce4901ab04ea9e3f08c2462a7e7ce68f9e202d643be4da56ef4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 23 Aug 2021 15:30:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4381
x-xss-protection: 0

GET
H3-29 200 degradado.png
s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/ Frame 6261 23 KB
23 KB 7ms
7ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/degradado.png?1617968692711

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f2ee75591995df2191444d7d388c2838bc5483ac23ce23cfb8faece6032335a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 11:03:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:04:03 GMT
server: sffe
age: 16044
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23927
x-xss-protection: 0
expires: Tue, 24 Aug 2021 11:03:15 GMT

GET
H3-29 200 header350x250.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/ Frame 8CA9 3 KB
3 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/header350x250.jpg?1618217636189

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7122dce8dd88621a43f4e4b6568d7b409170a76449facc7b53db7e36cf020d9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 18:21:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 13:02:59 GMT
server: sffe
age: 76165
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3142
x-xss-protection: 0
expires: Mon, 23 Aug 2021 18:21:14 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6261 17 KB
6 KB 201ms
200ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:39 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8CA9 17 KB
6 KB 212ms
212ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:39 GMT

GET
H3-29 200 header350x250.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/ Frame 6261 3 KB
3 KB 10ms
6ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/header350x250.jpg?1617968692711

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7122dce8dd88621a43f4e4b6568d7b409170a76449facc7b53db7e36cf020d9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 12:56:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:04:03 GMT
server: sffe
age: 9245
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3142
x-xss-protection: 0
expires: Tue, 24 Aug 2021 12:56:34 GMT

GET
H3-29 200 prodcut1.png
s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/ Frame 8CA9 12 KB
12 KB 7ms
6ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/prodcut1.png?1618217636189

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3729a330888186b19468c883fa40c08cdc92ec8b33ccac02f633fb7c8a886420

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 18:21:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 13:02:59 GMT
server: sffe
age: 76165
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12205
x-xss-protection: 0
expires: Mon, 23 Aug 2021 18:21:14 GMT

GET
H3-29 200 prodcut1.png
s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/ Frame 6261 12 KB
12 KB 8ms
7ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/prodcut1.png?1617968692711

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3729a330888186b19468c883fa40c08cdc92ec8b33ccac02f633fb7c8a886420

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 12:56:35 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:04:03 GMT
server: sffe
age: 9244
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12205
x-xss-protection: 0
expires: Tue, 24 Aug 2021 12:56:35 GMT

GET
H3-29 200 product2.png
s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/ Frame 8CA9 10 KB
10 KB 7ms
6ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/product2.png?1618217636189

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4514a87aa2d11360c18e3a96b7053a931da4a5cfab33095fcef684fd707b974

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 18:21:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 13:02:59 GMT
server: sffe
age: 76165
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10599
x-xss-protection: 0
expires: Mon, 23 Aug 2021 18:21:14 GMT

GET
H3-29 200 product2.png
s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/ Frame 6261 10 KB
10 KB 7ms
7ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/product2.png?1617968692711

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4514a87aa2d11360c18e3a96b7053a931da4a5cfab33095fcef684fd707b974

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 12:56:35 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:04:03 GMT
server: sffe
age: 9244
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10599
x-xss-protection: 0
expires: Tue, 24 Aug 2021 12:56:35 GMT

GET
H3-29 200 product3.png
s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/ Frame 8CA9 10 KB
10 KB 7ms
6ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/product3.png?1618217636189

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38ba5e9ca406f2d19de5e44d1c3f7d3ec018d2a8488f4cccc4e72437ff0ef037

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 18:21:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 13:02:59 GMT
server: sffe
age: 76164
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10584
x-xss-protection: 0
expires: Mon, 23 Aug 2021 18:21:15 GMT

GET
H3-29 200 product3.png
s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/ Frame 6261 10 KB
10 KB 7ms
7ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/product3.png?1617968692711

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38ba5e9ca406f2d19de5e44d1c3f7d3ec018d2a8488f4cccc4e72437ff0ef037

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 12:56:35 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:04:03 GMT
server: sffe
age: 9244
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10584
x-xss-protection: 0
expires: Tue, 24 Aug 2021 12:56:35 GMT

GET
H3-29 200 Slide1.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/ Frame 8CA9 65 KB
65 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/Slide1.jpg?1618217636189

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ff7fec7eb7f86f5f13b0a9c07cb411b7f1fe11ea7c536c3867e7a0d01d2e5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 18:21:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 13:02:59 GMT
server: sffe
age: 76164
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66623
x-xss-protection: 0
expires: Mon, 23 Aug 2021 18:21:15 GMT

GET
H3-29 200 Slide1v1.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/ Frame 6261 52 KB
52 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/Slide1v1.jpg?1617968692711

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

677e6a67b3a9ac3751a882237595446efac89fe4bf90275b24f734b1191adb26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 12:56:36 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:04:03 GMT
server: sffe
age: 9243
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53515
x-xss-protection: 0
expires: Tue, 24 Aug 2021 12:56:36 GMT

GET
H3-29 200 Slide2.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/ Frame 8CA9 53 KB
53 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/images/Slide2.jpg?1618217636189

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

387b5dab281c93be7687c6fe7aa79170a27d335cf0a4d3f4c2657937708a0a6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759381/20210421060259564/index.html?e=69&leftOffset=0&topOffset=0&c=pXxyNBzhl1&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 22 Aug 2021 18:21:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 13:02:59 GMT
server: sffe
age: 76164
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54171
x-xss-protection: 0
expires: Mon, 23 Aug 2021 18:21:15 GMT

GET
H3-29 200 Slide2v1.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/ Frame 6261 58 KB
58 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/images/Slide2v1.jpg?1617968692711

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

809c215f839301e86bb3acebe49f6677764e271fb33d196248146e9d249c7ecb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61759213/20210421040402974/300x250/index.html?e=69&leftOffset=0&topOffset=0&c=vgYzrqXx8f&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 12:56:36 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 11:04:03 GMT
server: sffe
age: 9243
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59533
x-xss-protection: 0
expires: Tue, 24 Aug 2021 12:56:36 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B4BA 0
121 B 41ms
41ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BJjz1Hr8jYcafJt_c7_UP_LGcgA0AAAAAOAHgBAI&bg=!k5ClkNTNAAZvV8FTb1c7ACkAdvg8WmbRFXXGW9hbQosda0_60opMB7HCIzGbxF4hRQBWpCkTYx5qOQIAAAELUgAAAB5oAQcKAC7bUi_x9q2_X0L2m_DmEOiNT4VdBLDXzWO4COIekRXXwgzvUGrFbb57EORysDKDmQLJrOw9Xh4TDhYfk3u1avkcT3RFVac-FFA24yu9N3OwP-F3_o6DSaxJ9fMz352YXSe9QJ0MOCS8A6pHW2eMiljepaspS2kcRyj5Aqob1bcMLLgQm-0OhM4mWJ4fvcU8t-ZYIY0Z5tVuhdveDyBCdvFnUJMMFnQ9OlphuXVRwG0aY7-LJ0_bljxkqQTDbLnpMzeoUuDdPMyoSQY9We0NxqxVXV2A3joRfGLiC9D4ZY21EQDD6pH9VMqwl8l51xLMT6NTEsqn4f_nMPpJ7FbprkLboVAchMSjo6L7VIlNzjnPHxGtGWfTDUGQyIduTo9RlIPGw0egWgiR3ymFrxVwvvmxNVFxkTEgWnAxy-OJZYK1IVLIcK_-rqjUfwOvieMXnI18MIS-6Z7eK66Xm2QyTXYIEdqcs0EsZ5Cv6riMJ_AIqWZl50KxWtHyOrAldhuVp0pEXsTL9wULexXi2ztCPd_sZfhBNWAE3R52OjqOOPP-pStMsGFdrnFj-GVVV5hUhBP1ihDZO-B_Fta_7ScbYTFG_KOH-0vEwJxOu0UJc8nIWqbgiRixeepy_ifxlF02rpKOqvABgJQrxP8Ujoi6EM4Hpjiz7LUSe6PthJKFDJ6hGil2Ad_9mlhqRgAINnHARy-OdgHTjZVSa3Tjk7EzZimx8zOjXnHdrm-yLi-wSg-XlGbBnqdhzuisR3D9kwz9QeJO8ZZ5tlFd8gwnKOBayZ8Wjvnbhxvus29k4iKCrxnsoA4cyqHSD5rx1TQ8kTIAduGpikW-ND25EcErzjYqYPxq_i7v0p1ZDBGS3jM_QUJMaG0qfq3oGx1fzp5BePmlJjy2KO6ha8213FmwkGfv7MhWA0SmJ4KfflAUGVZFi2C0qZ1hmEuP8ZkXI87G9b5t68j0b_qmf5N5s7iNYdEDb8h-F3yUuiUKjIaSotO6vNMiFib1Nm3F9GOtGvg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 1FB6 28 B
321 B 21ms
21ms XHR
application/json 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/huo7p7H7KFU?feature=oembed
X-YouTube-Client-Version: 1.20210818.1.0
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: CgtFLTZDenU2UGUxdyic_o6JBg%3D%3D
X-YouTube-Ad-Signals: dt=1629732636958&flash=0&frm=2&u_tz=120&u_his=2&u_java&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug&u_nmime&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C618%2C348&vis=1&wgl=true&ca_type=image&bid=ANyPxKpoFdOuoScaWmN5xf08XbkXlFw2NwStUt7nHSy2tt5d6Q9cNpp192DAMRt5f9oGQCb48hifVTBg37J03mnkYu4k5X2hXg

Response headers

date: Mon, 23 Aug 2021 15:30:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:39 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8389 0
56 B 41ms
41ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B0NjrHr8jYebaJoGux_APnpCs2AEAAAAAOAHgBAI&bg=!JSalJmLNAAZvV8FTb1c7ACkAdvg8Wi1AZX63H2F9hkSST_5SOudbpfExpU8GooCA72yK_q_zaSXzzgIAAAEjUgAAABBoAQcKAMYSqdXna4ElhupRu6ZwrD77y7XShFf0h1ppynz9r6-0rILeQoS8ZLAtbwwSm-vpXPfCKzaX_nw1MGCHz5v5leMq2c8oCjpsyJ4ektFXa809_M_MO9-17OteapWburD7-M1q4G1Fn70xOCxwqaOWwpsUWYiL2OijtTxj5r8o69GsRHhd8dXq8Ev-ytaAS-nSw-6E2qyeAZ5QYaEn9-ZHuiKqAPdWq2Yhs2BgHwUi9R-jEsUCS3ZUpRWfsDwBHP0RzRzLm50PZ6iZAskpBrCgudHXLeI0ekIeXkMtIgOdVDzm9-UMKt35_-ZTJMxahoZb7gQiwNuK5nT4FQ9VBPKCWF7O5TeUAcEi_2eqKZ9g211fz8hZ9vWuCGYE2jPgGFUEF47tskwux_zBhS1d_0ZuUu65bSXGfqLswfD3ZGqFIsS983Pu009TfzQX83L4UzWS350AWltcVixL1DoY9qoi1-6rhZd-Z1GlxEiKt7HbP_DRqlaQuydWOkyhRU4J4FBvzq5wM89Jp9ha7Nv-Ia1O-8rn26D0A8s49Q1yUKVVKESPayJ7hW_fOW81YtOdJFhO2pZsnTS7UnoLZUJpakqhNiffxznTW0TXmMcaaa3QnawkxDv71DRLMtDfzHpjHeNAFexKN5TzTHVOFqtzuYctFRY7zzEFuRMVyQXZowjv0yT4DpIAO1WOf0YCgBfg8V1-7at8MX6hOYe5ppEVcgZ24kcxiYCiQWUQmBJ4irU9ltSy3MmG4dQ9zh60UCVeKbJRfnVczgqafTO9vY64FWyPndWc6_nBmzet5KaMWboVE9xxCef8y1XA7G1cl3jx1a9tOW_HadnFmu-mNJ8v2IyCTjrzXgQZ2Iz2x8niRDD-JS9H4zCujgHPpYofDn274hgG0_jay4CKimXpnk45BiWXMFToqwsqypZMVpXlgDpVyweNlT_Cr-ua6JH311E_I7IEWKJOdkIP_utRjXeihYOFe1PzyfIyL7Uj0CAROkth02lkOtA3RIpeBGE_J_u3RP4m63yKi6TXBxmtJdUStaeC5syy7zVnTyW7x-VriHcp4qhEQk3oTu_ER6CpHG6lcL-cqRKraLlOYiwVbRqjS6iHFlLhumxdGUHFUaow_iONU4E1fS8MTeNWE2luO05aXny6bMS86iR1-cLHepDsszPxIvzyOBtehG_AElUVm_Jz_e4nImoCYPOCMfwSSEuks0hm_ghEfw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame F860 28 B
54 B 25ms
25ms XHR
application/json 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/www-embed-player.vflset/www-embed-player.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/7EBlRg6lWes?start=38&feature=oembed
X-YouTube-Client-Version: 1.20210818.1.0
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: CgtNOTdqZkdxZHpxRSic_o6JBg%3D%3D
X-YouTube-Ad-Signals: dt=1629732636847&flash=0&frm=2&u_tz=120&u_his=2&u_java&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug&u_nmime&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C618%2C348&vis=1&wgl=true&ca_type=image&bid=ANyPxKoP8_FQfrpm_GN5kQ1afK-p9txyspZswhJhRhG1HGZ86Yyd0v-tDx0E1klYeteWKQqpNRvDK0Ve528390kO6dJZSl7scA

Response headers

date: Mon, 23 Aug 2021 15:30:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:39 GMT

GET
H3-29 200 ESHX-PsTG84Fy6-bdaEnL5--1XpTzSOdL-kezmPtlCQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 6C3C 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ESHX-PsTG84Fy6-bdaEnL5--1XpTzSOdL-kezmPtlCQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1121d7f8fb131bce05cbaf9b75a1272f9fbed57a53cd239d2fe91ece63ed9424

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 12:43:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10035
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13272
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 12:43:24 GMT

GET
H3-29 200 ESHX-PsTG84Fy6-bdaEnL5--1XpTzSOdL-kezmPtlCQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 51B5 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ESHX-PsTG84Fy6-bdaEnL5--1XpTzSOdL-kezmPtlCQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1121d7f8fb131bce05cbaf9b75a1272f9fbed57a53cd239d2fe91ece63ed9424

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 12:43:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10035
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13272
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 14:48:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 12:43:24 GMT

POST
H3-29 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame F422 28 B
54 B 20ms
19ms XHR
application/json 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/b555ee94/www-embed-player.vflset/www-embed-player.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/ZZ7gnl5yOvI?feature=oembed
X-YouTube-Client-Version: 1.20210818.1.0
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: CgsxVGtNNG9CQTdYUSic_o6JBg%3D%3D
X-YouTube-Ad-Signals: dt=1629732636929&flash=0&frm=2&u_tz=120&u_his=2&u_java&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug&u_nmime&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C618%2C348&vis=1&wgl=true&ca_type=image&bid=ANyPxKqXM5-L_m-iAADmiiwheTzmYDkF29gdz7dFd6z2gVVo3jeQXU20WYrOOMRdH4kmYvtzmm9DRzZ7A5lVXChpWdclon5CJQ

Response headers

date: Mon, 23 Aug 2021 15:30:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Mon, 23 Aug 2021 15:30:39 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 84 KB
27 KB 39ms
14ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 9b34825eb68ebbe49410251b863c07e811c9e406286c7a8f00f88e83d9729c68

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:39 GMT
content-encoding: gzip
last-modified: Thu, 12 Aug 2021 15:58:00 GMT
server: nginx
etag: W/"61154508-14e39"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 24 Aug 2021 15:30:39 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A143 42 B
64 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssRYOHUpB9scHQP3CwikBxORxexR9fZhF5cFgd0DO_QwFC1RmrI_go3NUjoHY7sOfYxLKzL04KLOCBujnSvoJ5H5GEjKcwZDICUrIn4YQHskaEb1eM290xCIos&sai=AMfl-YS24nQkUk4lCk4OsyTV6qW1AEvKIC10N0pmvfKLOzbH1gj_62wCkjsDa0N5V_qzdfRU4wndbnO25lCPDyq74ZgFCN2t1snhG12bkFZ545YvwzvCUNCcotEKRzh2&sig=Cg0ArKJSzIuYav92zE_PEAE&cid=CAASEuRo-kvGMqq4CtVZllvLwG7bnA&id=lidar2&mcvt=1001&p=903,650,1153,950&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210820&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2960758416&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1629732638586&dlt=17&rpt=2&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 7A34 11 KB
5 KB 23ms
23ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=trithucvn.org

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

58da6480fc50a14bd6f73842552e9bfbd623d883c9a81d68b7d27b52d0afe71c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?origin=publishertag&topUrl=trithucvn.org
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 2129
set-cookie: uid=85ac02c9-6c92-41a2-842d-3d9062d07194; expires=Sat, 17 Sep 2022 15:30:39 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Mon, 23 Aug 2021 15:30:38 GMT
content-length: 4666

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 84 KB
27 KB 45ms
21ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 9b34825eb68ebbe49410251b863c07e811c9e406286c7a8f00f88e83d9729c68

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:39 GMT
content-encoding: gzip
last-modified: Thu, 12 Aug 2021 15:58:00 GMT
server: nginx
etag: W/"61154508-14e39"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 24 Aug 2021 15:30:39 GMT

GET
H2 200 / Show response
trithucvn.org/latest/ 80 KB
10 KB 208ms
207ms XHR
text/html 2606:4700:21::681b:cc59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trithucvn.org/latest/

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/wp-content/asset-108/bb4d1e87-1607098995.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:21::681b:cc59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2623ea21c7e2bd83a8f88c44a2a4cfaca0b4f896c6ad201595c33aa0b4643c55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /latest/
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: application/json, text/javascript, */*; q=0.01
cache-control: no-cache
sec-fetch-dest: empty
:authority: trithucvn.org
x-requested-with: XMLHttpRequest
:scheme: https
sec-fetch-site: same-origin
referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
:method: GET
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://trithucvn.org/khoa-hoc/sinh-menh/niem-9-chu-chan-ngon-de-diet-virus-corona-su-that-hay-me-tin.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Mon, 23 Aug 2021 15:30:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cVRZa9YA2m1UpqsTCBza5SyV6zkAXjKF3935%2BWFJo%2FTE69uYn27WrQqpkleZQc2LS1c0OBiPY9WX2C3%2BTBmW58xjFOxbalIMkGhDQSw2JR2AyOGi1d7ApeaGqDxvtAD0V7vtNRbU%2BaibPuA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68356226efb805c4-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2

200

sid Show response
mug.criteo.com/ Frame 7A34
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=trithucvn.org&sn=ChromeSyncframe&so=0&topUrl=trithucvn.org&cw=1
https://mug.criteo.com/sid?cpp=Ad2UKnxEaWsvdXZBYm4rUVgyc3pWQlRTNEFCa1NReDdtYU1iMmV5Sk9idGlyYmgyNURiZllMK211cW0zU3FMRDlGRzJmZGt1YWpJVGNkdkNHNERjekYzN2p3U1ltUGFodnBJU1BUZVlhYU1yRytSM012Q2dhM2VmY0IraG...

433 B
621 B

30ms
30ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=Ad2UKnxEaWsvdXZBYm4rUVgyc3pWQlRTNEFCa1NReDdtYU1iMmV5Sk9idGlyYmgyNURiZllMK211cW0zU3FMRDlGRzJmZGt1YWpJVGNkdkNHNERjekYzN2p3U1ltUGFodnBJU1BUZVlhYU1yRytSM012Q2dhM2VmY0IraG00RUNURVNRTXkxWWI5eXZKUWp4QU1SWGtKTXNuSGFiS0FRTG84K1d4eC90aVBBUm5ENVpPeFhUV3RUWVlxNEtLcUo1MlovR2RBNFljVzYvSDl1U3ZaazFxUWcyQUJaZ3JHVVNTakczNWlleU9xSDQreWRuS0h3cU9nRk1rbVVrb0hlQVJObCtUSzZNSlZxQlJXMWdCUVBQTjArdVJyZz09fA&cppv=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

43a271fe7bc41547c6a745f8e81f0134625d77d1084b5f9cb498f4145cb2553e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Mon, 23 Aug 2021 15:30:39 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2078
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Mon, 23 Aug 2021 15:30:39 GMT
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=Ad2UKnxEaWsvdXZBYm4rUVgyc3pWQlRTNEFCa1NReDdtYU1iMmV5Sk9idGlyYmgyNURiZllMK211cW0zU3FMRDlGRzJmZGt1YWpJVGNkdkNHNERjekYzN2p3U1ltUGFodnBJU1BUZVlhYU1yRytSM012Q2dhM2VmY0IraG00RUNURVNRTXkxWWI5eXZKUWp4QU1SWGtKTXNuSGFiS0FRTG84K1d4eC90aVBBUm5ENVpPeFhUV3RUWVlxNEtLcUo1MlovR2RBNFljVzYvSDl1U3ZaazFxUWcyQUJaZ3JHVVNTakczNWlleU9xSDQreWRuS0h3cU9nRk1rbVVrb0hlQVJObCtUSzZNSlZxQlJXMWdCUVBQTjArdVJyZz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1941
content-length: 541
expires: 0

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/7.14.1/ 19 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/7.14.1/firebase-app.js

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/messaging/ttvn-messaging.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50164b8e54940e6aa887564c4019ea046a8bca1c92dd2ddb4aa1d297ac59b7a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 20 Aug 2021 01:02:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 311287
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6580
x-xss-protection: 0
last-modified: Thu, 16 Apr 2020 20:54:07 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 20 Aug 2022 01:02:32 GMT

GET
H3-29 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/7.14.1/ 38 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/7.14.1/firebase-messaging.js

Requested by

Host: trithucvn.org
URL: https://trithucvn.org/messaging/ttvn-messaging.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7fb768f2bb0cab8b8500d603fd1ab85ebce9a7a5748b90e273050b015080843

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trithucvn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 05:36:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35668
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10590
x-xss-protection: 0
last-modified: Thu, 16 Apr 2020 20:54:09 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 05:36:11 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame EC02 14 KB
5 KB 89ms
29ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?kdntuid=1&p=158497
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=24310
expires: Mon, 23 Aug 2021 22:15:51 GMT
date: Mon, 23 Aug 2021 15:30:41 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 5694 52 KB
17 KB 68ms
21ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://trithucvn.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 30 Jul 2021 04:43:13 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 23 Aug 2021 15:30:41 GMT
Age: 38723
X-Served-By: cache-lga21936-LGA, cache-fra19169-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 326988
X-Timer: S1629732641.201368,VS0,VE0
Vary: Accept-Encoding

GET
H2

200

pd Show response
eu-u.openx.net/w/1.0/ Frame 1D28
Redirect Chain

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0

1006 B
862 B

30ms
29ms

Document
text/html

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 35e735667dc0458bf4a55e570ed307d458285fd3509c86da5d02fc381ea11c03

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://trithucvn.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=62b8a234-0e6d-0179-02f6-2c99188d8c2c|1629732641
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=62b8a234-0e6d-0179-02f6-2c99188d8c2c|1629732641; Version=1; Expires=Tue, 23-Aug-2022 15:30:41 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1629732641|mOgeginskin0vNomiygu; Version=1; Expires=Tue, 07-Sep-2021 15:30:41 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.214.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 23 Aug 2021 15:30:41 GMT
content-type: text/html
content-length: 545
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

set-cookie: i=62b8a234-0e6d-0179-02f6-2c99188d8c2c|1629732641; Version=1; Expires=Tue, 23-Aug-2022 15:30:41 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.214.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
date: Mon, 23 Aug 2021 15:30:41 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 11AD 281 B
554 B 67ms
25ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://trithucvn.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://trithucvn.org/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 23 Aug 2021 15:30:41 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 1D28
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=o5ZEe53Q1MibUl5

43 B
106 B

33ms
30ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=o5ZEe53Q1MibUl5
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:40 GMT
Server: PingMatch/v2.0.30-661-ga8ef792#rel-ec2-master i-08f8fc1eb6758b8c0@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=604800; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=o5ZEe53Q1MibUl5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 1D28
Redirect Chain

https://x.bidswitch.net/sync?ssp=openx
https://x.bidswitch.net/ul_cb/sync?ssp=openx
https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=openx
https://x.bidswitch.net/sync?dsp_id=188&user_id=sp0uLqGGTW96L10uoQV6irnsyeI&user_group=1&ssp=openx
https://us-u.openx.net/w/1.0/sd?id=537072968&val=9cf88427-7212-4f6b-bd3d-c838238ed395

43 B
106 B

35ms
30ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072968&val=9cf88427-7212-4f6b-bd3d-c838238ed395
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: //us-u.openx.net/w/1.0/sd?id=537072968&val=9cf88427-7212-4f6b-bd3d-c838238ed395
date: Mon, 23 Aug 2021 15:30:41 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 1D28
Redirect Chain

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072399%26val%3D%24UID
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8440837377965197702

43 B
106 B

32ms
29ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8440837377965197702
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:41 GMT
X-Proxy-Origin: 185.236.201.226; 185.236.201.226; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: a0a68f43-f1a0-4a38-bd66-52d60a74b233
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8440837377965197702
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 1D28
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ox
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFBczZrN0NSMzRBQUNkQXJaUi1Ydw&bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAAs6k7CR34AACdArZR-Xw&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpp%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAs6k7CR34AACdArZR-Xw&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_curre...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Cox&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=5029117218746704401
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAAs6k7CR34AACdArZR-Xw&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fuserid%3D5029117218746704401%26bee_sync_partners%3Dox%26bee_sync...
https://match.prod.bidr.io/cookie-sync?userid=5029117218746704401&bee_sync_partners=ox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=4&ev=AAAs6k7CR34AACdArZR-Xw&pid=558502&d...
https://match.prod.bidr.io/cookie-sync?userid=5029117218746704401&bee_sync_partners=ox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=4&ev=AAAs6k7CR34AACdArZR-Xw&pid=558502&d...
https://us-u.openx.net/w/1.0/sd?id=537125688&val=AACPrU7CR34AACBe-8PmiQ
https://us-u.openx.net/w/1.0/sd?cc=1&id=537125688&val=AACPrU7CR34AACBe-8PmiQ

43 B
106 B

30ms
30ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537125688&val=AACPrU7CR34AACBe-8PmiQ
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:42 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537125688&val=AACPrU7CR34AACBe-8PmiQ
date: Mon, 23 Aug 2021 15:30:42 GMT
via: 1.1 google
server: OXGW/16.214.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 1D28
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=5e616123-bf21-4300-bb63-c9b2c1c41032

43 B
106 B

54ms
53ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=5e616123-bf21-4300-bb63-c9b2c1c41032
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 23 Aug 2021 15:30:00 GMT
Server: MT3 3853 9552a83 master cdg-pixel-x4
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=5e616123-bf21-4300-bb63-c9b2c1c41032
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 23 Aug 2021 15:29:59 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 1D28
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=V-CgAAO3oAJM4qUCBOW_UFTno1dM4fYBWeE1chwf

43 B
122 B

31ms
28ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=V-CgAAO3oAJM4qUCBOW_UFTno1dM4fYBWeE1chwf
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=V-CgAAO3oAJM4qUCBOW_UFTno1dM4fYBWeE1chwf
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 1D28
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7344407860628154539

43 B
106 B

32ms
31ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7344407860628154539
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7344407860628154539
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 1D28 70 B
265 B 155ms
52ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=b1149d6d-a7ea-3e8e-5820-e4717caabfd1&gdpr=0
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 1D28
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OWQ3YjRlYTctNmU5ZC02MDJhLTRkYzAtYmVjOGI2NDg3MWIx
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OWQ3YjRlYTctNmU5ZC02MDJhLTRkYzAtYmVjOGI2NDg3MWIx&google_tc=

170 B
188 B

30ms
30ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OWQ3YjRlYTctNmU5ZC02MDJhLTRkYzAtYmVjOGI2NDg3MWIx&google_tc=

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OWQ3YjRlYTctNmU5ZC02MDJhLTRkYzAtYmVjOGI2NDg3MWIx&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 1D28
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDhPf0V1BK2f9zcDX4YJD5A&google_cver=1

43 B
106 B

32ms
32ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDhPf0V1BK2f9zcDX4YJD5A&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=569ad57e-43c9-460e-9a8f-667f824c03af&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDhPf0V1BK2f9zcDX4YJD5A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame 5694
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
807 B

55ms
41ms

Script
text/html

185.33.220.242
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:41 GMT
X-Proxy-Origin: 185.236.201.226; 185.236.201.226; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: eb0af3ab-f091-4f6f-bf5f-5850ba8af09a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:41 GMT
X-Proxy-Origin: 185.236.201.226; 185.236.201.226; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 192a2d8b-1041-4cc4-904f-7d148e90812b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 11AD 31 KB
10 KB 26ms
25ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: f38a80a1420ad17e4f3ec2fb585d11afae9b9e4c6ec4b72660b295b740ebbe93

Request headers

Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 23 Aug 2021 15:30:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 20 Aug 2021 20:15:04 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=37826
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9358
Expires: Tue, 24 Aug 2021 02:01:07 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame EC02 3 KB
4 KB 27ms
26ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=10951725&p=158497&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 879ab7c9b2de9b889509d944ad7400d1bbbdab19addc41c48b0a6a7ea8ab5b80

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:40 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 11AD 284 B
934 B 120ms
22ms Image
image/jpg 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/jpg

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame DC5E
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C

35 B
467 B

36ms
33ms

Document
image/gif

37.157.6.242
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: c1.adform.net
:scheme: https
:path: /serving/cookie/match?CC=1&party=14&cid=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: C=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 23 Aug 2021 15:30:41 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: uid=6592277541880573611; expires=Fri, 22 Oct 2021 15:30:41 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Mon, 23 Aug 2021 15:30:41 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: C=1; expires=Thu, 23 Sep 2021 15:30:41 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 7602
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5942344291156206745

42 B
288 B

36ms
34ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5942344291156206745
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5942344291156206745
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C; chkChromeAb67Sec=1; DPSync3=1630886400%3A201_197_219%7C1629763200%3A174; SyncRTB3=1630886400%3A3_13_7_8_71_220_161_56_21_54_22%7C1630281600%3A223%7C1630540800%3A63%7C1632268800%3A203%7C1630972800%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 23 Aug 2021 15:30:41 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_336=5844-5942344291156206745; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Sep-2021 15:30:41 GMT; path=/ PugT=1629732641; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Sep-2021 15:30:41 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 21-Nov-2021 15:30:41 GMT; path=/
x-lat: lhrpug008:0:779
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5942344291156206745
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 8317 43 B
360 B 99ms
29ms Document
image/gif 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Mon, 23 Aug 2021 00:00:00 GMT
server: Microsoft-IIS/10.0
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1506
x-powered-by: ASP.NET
date: Mon, 23 Aug 2021 15:30:40 GMT
content-length: 43

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 8FEB
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6999648394330110092

42 B
520 B

84ms
27ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6999648394330110092
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6999648394330110092
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C; chkChromeAb67Sec=1; DPSync3=1630886400%3A201_197_219%7C1629763200%3A174; SyncRTB3=1630886400%3A3_13_7_8_71_220_161_56_21_54_22%7C1630281600%3A223%7C1630540800%3A63%7C1632268800%3A203%7C1630972800%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 23 Aug 2021 15:30:40 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_1101=23040-6999648394330110092; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Sep-2021 15:30:40 GMT; path=/ PugT=1629732640; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Sep-2021 15:30:40 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 21-Nov-2021 15:30:40 GMT; path=/
x-lat: amspug010:0:461
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Mon, 23 Aug 2021 15:30:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=6999648394330110092; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6999648394330110092

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame EC02
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CJZ_9uyqTG6NK3HYudzPLA%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

14 KB
14 KB

31ms
28ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:41 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:03 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3945-5c4c7cc02bd56"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=24310
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5054
expires: Mon, 23 Aug 2021 22:15:51 GMT

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame EC02
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b3d86123-bf21-4f00-8e4f-0dedfa9c7804

0
260 B

91ms
27ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b3d86123-bf21-4f00-8e4f-0dedfa9c7804
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:39 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 23 Aug 2021 15:30:00 GMT
Server: MT3 3853 9552a83 master cdg-pixel-x15
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=b3d86123-bf21-4f00-8e4f-0dedfa9c7804
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 23 Aug 2021 15:29:59 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EC02
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=64b859fe9a2885a7f053060bda8bb0ba
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
https://pixel.onaudience.com/?partner=147&mapped=ab7d7599-96a4-4d94-abd3-dacdd897a8f3&icm
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=64b859fe9a2885a7f053060bda8bb0ba
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
https://pixel.onaudience.com/?partner=147&mapped=ab7d7599-96a4-4d94-abd3-dacdd897a8f3&icm
https://spl.zeotap.com/?zdid=1332&zcluid=b9072bcdcc4d7c93
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=cfe7b81f-17fc-40d2-6fbe-9a0758f45c4e&reqId=fb75e112-1cf6-4aa6-5f63-d39b42d7fb9c&zclui...
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=cfe7b81f-17fc-40d2-6fbe-9a0758f45c4e&reqId=fb75e112-1cf6-4aa6-5f63-d39b42d7fb9c&zclu...
https://mwzeom.zeotap.com/mw?google_gid=CAESEIsbfd46RSQcUcGD4dDiR9k&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=cfe7b81f-17fc-40d2-6fbe-9a0758f45c4e&reqId=fb75e112-1cf6-4aa6-5f63-d39...

95 B
164 B

35ms
33ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEIsbfd46RSQcUcGD4dDiR9k&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=cfe7b81f-17fc-40d2-6fbe-9a0758f45c4e&reqId=fb75e112-1cf6-4aa6-5f63-d39b42d7fb9c&zcluid=b9072bcdcc4d7c93&zdid=1332
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:42 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 683562388a95062d-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEIsbfd46RSQcUcGD4dDiR9k&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=cfe7b81f-17fc-40d2-6fbe-9a0758f45c4e&reqId=fb75e112-1cf6-4aa6-5f63-d39b42d7fb9c&zcluid=b9072bcdcc4d7c93&zdid=1332
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 469
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame EC02
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MDg5NjdGRjYtRUNBQS00QzZFLThEMkItNzFEOEI5RENDRjJD&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
111 B

60ms
35ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:41 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug016:0:479
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame EC02
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEE8tD1H8ukWt51lYw1jxEc&google_cver=1

42 B
591 B

60ms
34ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEE8tD1H8ukWt51lYw1jxEc&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:41 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug018:0:262
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEE8tD1H8ukWt51lYw1jxEc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame EC02 43 B
609 B 58ms
53ms Image
image/gif 159.253.128.188
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.188 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

bc.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:41 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sun, 22 Aug 2021 15:30:41 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame EC02
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=1659697753357427786

42 B
390 B

47ms
28ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=1659697753357427786
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:39 GMT
cache-control: no-store, no-cache, private
x-lat: amspug013:0:535
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=1659697753357427786
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame EC02
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:96626123-bf21-4000-8574-97bf8e89ffe8&gdpr=0&gdpr_consent=

42 B
497 B

56ms
28ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:96626123-bf21-4000-8574-97bf8e89ffe8&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:41 GMT
cache-control: no-store, no-cache, private
x-lat: amspug009:0:768
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 23 Aug 2021 15:30:00 GMT
Server: MT3 3853 9552a83 master cdg-pixel-x27
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:96626123-bf21-4000-8574-97bf8e89ffe8&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 23 Aug 2021 15:29:59 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame EC02
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=ab7d7599-96a4-4d94-abd3-dacdd897a8f3

42 B
295 B

34ms
28ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=ab7d7599-96a4-4d94-abd3-dacdd897a8f3
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:40 GMT
cache-control: no-store, no-cache, private
x-lat: amspug007:0:425
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=ab7d7599-96a4-4d94-abd3-dacdd897a8f3
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame EC02
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=9119601114556264357&gdpr=0&gdpr_consent=

42 B
210 B

61ms
34ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=9119601114556264357&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:41 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug012:0:432
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:41 GMT
X-Proxy-Origin: 185.236.201.226; 185.236.201.226; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 2720927d-ece1-4254-bf9a-de7c92398ebb
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=9119601114556264357&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame EC02
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-FFyyTh5E2uXH.N0kpc2PLXWN3ZVhHpE-~A&gdpr=0&gdpr_consent=

0
48 B

38ms
28ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-FFyyTh5E2uXH.N0kpc2PLXWN3ZVhHpE-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:39 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 23 Aug 2021 15:30:41 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-FFyyTh5E2uXH.N0kpc2PLXWN3ZVhHpE-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2 200 08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame EC02 43 B
838 B 127ms
35ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/08967FF6-ECAA-4C6E-8D2B-71D8B9DCCF2C?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:41 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame EC02
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=SteA4x6AgOFR1YXhGdKfs0nQg7RR1tbiRNYfhmBK

42 B
270 B

113ms
35ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=SteA4x6AgOFR1YXhGdKfs0nQg7RR1tbiRNYfhmBK
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:41 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug017:0:413
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=SteA4x6AgOFR1YXhGdKfs0nQg7RR1tbiRNYfhmBK
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame EC02
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://a.volvelle.tech/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_uid=9cf88427-7212-4f6b-bd3d-c838238ed395
https://a.volvelle.tech/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_uid=9cf88427-7212-4f6b-bd3d-c838238ed395
https://x.bidswitch.net/sync?dsp_id=190&expires=14&user_group=1&user_id=609db6c2-e10f-4089-bcc0-59f66ffdeba0&ssp=pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=9cf88427-7212-4f6b-bd3d-c838238ed395&gdpr=&gdpr_consent=&gdpr_pd=

1 B
200 B

26ms
26ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=9cf88427-7212-4f6b-bd3d-c838238ed395&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:40 GMT
cache-control: no-store, no-cache, private
x-lat: amspug008:0:529
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=9cf88427-7212-4f6b-bd3d-c838238ed395&gdpr=&gdpr_consent=&gdpr_pd=
date: Mon, 23 Aug 2021 15:30:41 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame EC02
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YSO-IQAEBojpmwA4&gdpr=0&gdpr_consent=&_test=YSO-IQAEBojpmwA4

1 B
237 B

32ms
32ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YSO-IQAEBojpmwA4&gdpr=0&gdpr_consent=&_test=YSO-IQAEBojpmwA4
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158497
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:41 GMT
cache-control: no-store, no-cache, private
x-lat: amspug018:0:391
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1629732642.559945,VS0,VE0
x-served-by: cache-fra19155-FRA
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YSO-IQAEBojpmwA4&gdpr=0&gdpr_consent=&_test=YSO-IQAEBojpmwA4
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 11AD
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YSO-IQAEBsTrgAA4
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YSO-IQAEBsTrgAA4&_test=YSO-IQAEBsTrgAA4

42 B
691 B

262ms
31ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YSO-IQAEBsTrgAA4&_test=YSO-IQAEBsTrgAA4
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1629732642.654214,VS0,VE0
x-served-by: cache-fra19155-FRA
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YSO-IQAEBsTrgAA4&_test=YSO-IQAEBsTrgAA4
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 11AD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMkvfNpbYJnAQ5GstP4rDlE&google_cver=1

42 B
691 B

346ms
32ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMkvfNpbYJnAQ5GstP4rDlE&google_cver=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMkvfNpbYJnAQ5GstP4rDlE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 11AD 70 B
264 B 48ms
46ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 11AD
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=a9us
https://s.amazon-adsystem.com/ecm3?id=KSOSQI61-1C-L3GM&ex=d-rubiconproject.com&status=ok

43 B
556 B

604ms
120ms

Image
image/gif

209.54.177.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=KSOSQI61-1C-L3GM&ex=d-rubiconproject.com&status=ok

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.177.54 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:42 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 7BKWB4Y3EZ249ECSZGWJ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://s.amazon-adsystem.com/ecm3?id=KSOSQI61-1C-L3GM&ex=d-rubiconproject.com&status=ok
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Expires: 0

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 11AD
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KSOSQI61-1C-L3GM&sigv=1&esig=2~f3708cbfc8e764ee50015050537e78d1bdf32574

0
446 B

24ms
7ms

Image
text/plain

2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KSOSQI61-1C-L3GM&sigv=1&esig=2~f3708cbfc8e764ee50015050537e78d1bdf32574

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:41 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KSOSQI61-1C-L3GM&sigv=1&esig=2~f3708cbfc8e764ee50015050537e78d1bdf32574
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 11AD 0
66 B 1086ms
28ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 15:30:42 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 11AD
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NPU1FJNjEtMUMtTDNHTQ==

170 B
188 B

35ms
35ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NPU1FJNjEtMUMtTDNHTQ==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NPU1FJNjEtMUMtTDNHTQ==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 11AD
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZmVmNGI0MGQ2MDY4MTY5MDA3NjUwOGNjY2QxOGZiNzJhZGIxYjQxNA

170 B
188 B

31ms
31ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZmVmNGI0MGQ2MDY4MTY5MDA3NjUwOGNjY2QxOGZiNzJhZGIxYjQxNA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZmVmNGI0MGQ2MDY4MTY5MDA3NjUwOGNjY2QxOGZiNzJhZGIxYjQxNA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame 5694
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
806 B

37ms
36ms

Script
text/html

185.33.220.242
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:42 GMT
X-Proxy-Origin: 185.236.201.226; 185.236.201.226; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 738a288a-9516-4dd4-a753-f4c89309190c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 23 Aug 2021 15:30:42 GMT
X-Proxy-Origin: 185.236.201.226; 185.236.201.226; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b4970aab-ffbd-4472-90ab-fc6de9998a8e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 dc_oe=ChMI5uGEmLvH8gIVAdcRCB0eCAsbEAAYACCO9alHQhMI66Drl7vH8gIVFwCLCh0xIQe3;met=1;&timestamp=1629732649139;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 7066 42 B
107 B 106ms
55ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI5uGEmLvH8gIVAdcRCB0eCAsbEAAYACCO9alHQhMI66Drl7vH8gIVFwCLCh0xIQe3;met=1;&timestamp=1629732649139;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIxqaEmLvH8gIVX-67CB38GAfQEAAYACCEkK1HQhMI6qDrl7vH8gIVFwCLCh0xIQe3;met=1;&timestamp=1629732649149;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame A143 42 B
515 B 94ms
54ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIxqaEmLvH8gIVX-67CB38GAfQEAAYACCEkK1HQhMI6qDrl7vH8gIVFwCLCh0xIQe3;met=1;&timestamp=1629732649149;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 23 Aug 2021 15:30:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

132 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 06:03:48	Name: IDE Value: AHWqTUnLmQfBykm7jHkiRQf4SgavfbFCU5ZyTprkdnKOJGEba3w4vvmke4_T3oU6
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: orGJv1f76m8
.youtube.com/	1970-01-20 01:01:24	Name: VISITOR_INFO1_LIVE Value: 1TkM4oBA7XQ
trithucvn.org/	1970-01-19 21:25:24	Name: _pbjs_userid_consent_data Value: 3524755945110770
.trithucvn.org/	1970-01-19 20:42:16	Name: ats_referrer_history Value: %5B%22%22%5D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.volvelle.tech
acdn.adnxs.com
adasia-d.openx.net
ade.googlesyndication.com
ads.pubmatic.com
ads.yahoo.com
adservice.google.ch
adservice.google.com
adservice.google.de
anymind360.com
bh.contextweb.com
bidder.criteo.com
c1.adform.net
c941d353facdb0e44f401f00b4bf92ce.safeframe.googlesyndication.com
certify.alexametrics.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
cs.media.net
cse.google.com
d31qbv1cthcecs.cloudfront.net
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
i.ytimg.com
ib.adnxs.com
id.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
match.adsrvr.org
match.prod.bidr.io
match.sharethrough.com
mug.criteo.com
mwzeom.zeotap.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prg.smartadserver.com
redirect.prod.experiment.routing.cloudfront.aws.a2z.com
rtb-csync.smartadserver.com
rtb2-useast.e-volution.ai
s.ad.smaato.net
s.amazon-adsystem.com
s0.2mdn.net
securepubads.g.doubleclick.net
simage2.pubmatic.com
spl.zeotap.com
static.criteo.net
static.doubleclick.net
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.mathtag.com
sync.srv.stackadapt.com
tnews.to
token.rubiconproject.com
tpc.googlesyndication.com
trithucvn.org
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.youtube.com
x.bidswitch.net
yt3.ggpht.com
104.109.78.125
13.224.102.37
13.224.102.75
13.224.102.91
13.248.242.197
142.250.181.226
142.250.184.226
142.250.185.162
151.101.13.108
151.101.14.49
159.253.128.188
174.137.133.49
178.250.0.157
178.250.0.165
178.250.2.151
18.118.38.130
18.194.125.59
185.29.134.244
185.33.220.242
185.64.189.110
185.64.189.112
185.64.189.114
185.64.189.115
185.64.190.80
185.86.137.133
185.86.137.32
198.148.27.139
2.18.233.180
2.18.234.21
2.18.235.93
209.54.177.54
213.155.156.183
2606:4700:10::ac43:db6
2606:4700:21::681b:cc59
2606:4700:3037::6815:2a1f
2620:116:800d:21:f916:5049:f87f:108e
2a00:1288:110:c305::8000
2a00:1288:80:800::7001
2a00:1450:4001:802::2003
2a00:1450:4001:802::2016
2a00:1450:4001:803::2002
2a00:1450:4001:808::2002
2a00:1450:4001:808::2003
2a00:1450:4001:808::200e
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:811::2001
2a00:1450:4001:827::2004
2a00:1450:4001:827::200e
2a00:1450:4001:828::2002
2a00:1450:4001:828::2006
2a00:1450:4001:829::2002
2a00:1450:4001:829::2006
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2001
2a02:2638:1::3
2a02:2638::1c
2a02:fa8:8806:12::1370
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42::645
3.124.93.74
3.126.175.244
3.126.56.137
34.204.19.158
34.98.64.218
35.210.178.101
35.244.174.68
37.157.6.242
51.222.80.231
52.215.67.213
54.194.226.253
69.173.144.138
69.173.144.140
69.173.144.165
85.114.159.93
019bc172b27c0a563b4854704ba4275b87ee73e12e9ecc7dd10de95318f98072
0204722de75ed2d55207f4061d0740770eaa197ad74be28653722033c9aea959
03032b7414541a98aaa00a220920ce2980d55afcb45c4328c156737f9fb995e0
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
05d2f5286667c8ab571bad311ed62c2b5a50c9f5363b72c1757241cbf5580007
0930cdf7a5ac7dd8c0eee66b6d5d1e215205f9f08228cb0b048acd4f08016920
0aa09ece4be1cd8736aefce4814c91f92667069a0131103278964a19796077d4
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1121d7f8fb131bce05cbaf9b75a1272f9fbed57a53cd239d2fe91ece63ed9424
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12fe404616b881b31805640568d3d88b0d161266d21df7bc83b1631740742f96
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
195465c6274fed7f0b1487493c51155a033758ef4ce3a9d7dbb8ca514be66275
2099aa179089fa5a04cd62fd26066191736e5f4db298231efa51e3d37b91e73d
20c978136c7f2ad511fda636a41ea7a039b067475101067a93988714d482595b
220cc9e11e3a6c61c8c92edf45d16b603f83972760341817cb6c3a0ede92850a
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
2623ea21c7e2bd83a8f88c44a2a4cfaca0b4f896c6ad201595c33aa0b4643c55
26ab8a4832ea69db1b6d39db4d840c60bd0b3cc8094cb88a32523e8993ef6484
27f1b3afeb3f460375b6bc2373299dea8b6ab76bfd94c8eb2a87457c3e9bce82
2b12020af078d64c790e13244578fd2dbcbd8d6c83186f6e2b93814a9db7471a
2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77
2f3d39c0f91d690cbec6ff9de6121e45de8d3b11606f95dd7563e4dd7a27699f
3165ba105fc925f830ff983484a82d2938b05a42348a5d8b024b289c072a96a2
32dc84ae0e7950541341bd5add303d38e5d0d8a97e5a05b5f9f489494c98de4c
35e735667dc0458bf4a55e570ed307d458285fd3509c86da5d02fc381ea11c03
3729a330888186b19468c883fa40c08cdc92ec8b33ccac02f633fb7c8a886420
387b5dab281c93be7687c6fe7aa79170a27d335cf0a4d3f4c2657937708a0a6e
38ba5e9ca406f2d19de5e44d1c3f7d3ec018d2a8488f4cccc4e72437ff0ef037
3b01c22747248c5a5f7daf5f557991202bd4a54183efe85e2c39ebce8d2af7ff
3cc4e229cc22a45146d4f3c3358e36ad1cafe05c73d07fba488da967a85a58ca
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
3ff7fec7eb7f86f5f13b0a9c07cb411b7f1fe11ea7c536c3867e7a0d01d2e5a1
416c66b64adf83bfdfcdd37b98c3d88ae15cc77370bd0f7b5edcc3e5b480e641
43a271fe7bc41547c6a745f8e81f0134625d77d1084b5f9cb498f4145cb2553e
4554cd2852d1a341daaa1308e888ae6ad9899f501328fad7cda7fbc2e74a78c2
45fb424758db2d884b16795c44e4530118ca3096caa6bd9133c772d4c4412c04
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
47d10f8bd71903511b2eba72db03abad2dab28fe1deb4511c3961285d8c299df
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eddc90b1e7d7d62967a316bb37abb25208fcca3870a34231edd97aba10b58a0
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
4fa52f6b5576b95a51157b7b318e6bf15c54cfe5013ed068c66fde0852971f28
4fad36fce49208d858bee9c235ba1e91c94672ad6ed5e238fbc78b18d61cbd7e
50164b8e54940e6aa887564c4019ea046a8bca1c92dd2ddb4aa1d297ac59b7a4
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
54d3c623be1e64f97f08319eaa852d186aa23c48b79e967a5a9a431e182adfe0
58da6480fc50a14bd6f73842552e9bfbd623d883c9a81d68b7d27b52d0afe71c
595fe6b8e8ebb1b58e9f0b99b2e82e245cab320b15938afdd18b60eccc2ef6e7
5b59ce734978b3ce7f65e27c14b852fde5460120430d9dad398b86e4580c5472
5d2cf21764edbb3de3323eae1c7fdff85d2c7d8737a3a3e264bab72528914643
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
6221d51dec89592c9f60ea68c839f932b60d6f03cb966e0e9a4afbb1e3bb5e8f
63ed4c66bf3ba06512f7028be62a4bd53295e1ba68a919a7591f5fd392e72b90
677e6a67b3a9ac3751a882237595446efac89fe4bf90275b24f734b1191adb26
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6a1383580829b6fb18cb5252a2af871c20f4fdbba5ee6d0883e9759726518aea
6a97569d9263ffaf4f3100952a7a9ddbb9a3485d6caabf04c1cd8118e33feab4
6d9f881bced29824538dfc0f6b098f5410580c1851176fa169cae6da114ebef4
6f6940be0835c3ddec9199e5fc42be4cbc61ebcfd58c623fdf719366253f1780
7122dce8dd88621a43f4e4b6568d7b409170a76449facc7b53db7e36cf020d9d
7a2478978968eefdc87127bfe6619a9de514b2ccb89b2a95824a53e6bea1f9cf
7b9a46e0657fcce4901ab04ea9e3f08c2462a7e7ce68f9e202d643be4da56ef4
809c215f839301e86bb3acebe49f6677764e271fb33d196248146e9d249c7ecb
81b8a91e8d82903afc3098abcf549f86d1af564cccc41880e6c07663ae6100cb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83b51c8033d176c1e7f7d00f21129e48c9e18128477052b89d4ed0e5c522a779
849fd3b5e548429c899c1a324842b7f6db93df60480641607fc230ec77d26eef
879ab7c9b2de9b889509d944ad7400d1bbbdab19addc41c48b0a6a7ea8ab5b80
87db09b1ea5bdf163eb74269947fa37e1d868fb54084b9a90952e1d12d365551
896192c79b551e0c6e0dcf9f37f9424e94b9ce776e74d81c9ae82537a03cb31d
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db56e6fec221efe65552cc388c5d062cc11ca951e55dfc698e8c3780049f60d
8f2606f1fea25d37aa1e007a76b58f01651ef9a09841bbd186b49f08e24f888c
8f2ee75591995df2191444d7d388c2838bc5483ac23ce23cfb8faece6032335a
92afa9485ca4ccf9d827259ae32c1868922e79a8c5677db8757acc8a0170e959
943b14c012ad3c62d80637e533ee6eee9ab1199b656cb33fe1b0b56daafa7e25
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b34825eb68ebbe49410251b863c07e811c9e406286c7a8f00f88e83d9729c68
9c4049fbc35c854059810a209f0e7e3682f5986199705720cd706c2394eaa7ec
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a68a70f7be9281f3f7148b38d7f5971f1dc946d3034a40e55021d0fb6fb78d73
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ab026f176aab0bb1f9008f90947b5e5b1c2282e0bfb7c50333f11c3fb028c871
ad01f6d51bfed239572b324c02b86614df135c40ef0e8b095c9d88972265076a
ae6b4dcfd954d517682e6b44d103ee885d9f327a2855d2c6daefaf98053c912f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b21079209e50d1340cb4adeffcf3e935a26044e7b25d8e45239e7cdd8c30032a
b32ba88afa246c3eedb5e437757888c0f1f0204deb9ab5c3526eb8fb9a5a2923
b41c9ae1ad7d3cb44874879a1ada59555bea61a666b21631fc5b4f47f0ba49d9
b4514a87aa2d11360c18e3a96b7053a931da4a5cfab33095fcef684fd707b974
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b71dbc4b9521fe4b5bbe43136728201af87bf2a0477f6de0f6db1862158f30a4
b7d63b16725222599ec53d37ecd11f9d64035183ceed61a96f22839d3fcf7fa8
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
be8e3fb00d98e93afe954eb362d24a5d80537eb55c896bba9734e5771b6b34b3
bef8c237f583c23244cae4da479099e13c3dd17f5ac0db36548292db871caaf1
bf1b8130069b44b9148eeece35e5423bedac49777ba746615b826b8276574a7b
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c41d1689b37f14b62bf2691fc809005e4e67c208194e39e39e5fe21272b93427
c46923d8cc4fc05ac518545af4dc23c6e52aee3e281c90a6495fc5ce15bc9a36
c6c777825597470d14a7e9230fe5570683be4e1167211a6e378cce2c502e2fbb
c727a03e090c4898f58b401f45f789e6b0f72bda6015ebcb37da76e70b6f45b8
c7e2ae4787f43060398562665da7265404a4bb6df8c5b11bfcc458bf4d2315c3
c82dd0fc79d5593771ae9de46118b968ec1fb6aa96d28f534308466b8c61f85e
c92f18b7882cee11d8ddcede618f6b67ef2a41707b91ba7cb7df902ee2e566ec
cc1585c0574faf5cd2a22b480728e4bb2010f270e1fa58783d8fb4eff2e6d33d
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cdaba60f54d14ad57677f7e638cab2f5aaf2f9e0774ee0193e7b35d4c925fe78
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d3bf5ec3a8fd5734657ac8fef6f26d2ba9d00419004d7be26387a3e50d4ce4a4
d5f3085127d154cbd72e219052312767d460633fafa6e38bb9a9446ddb03a270
d64656359bd2d0987aa742d5f3d99551aed713296ad215fd465768e69ab7091e
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
da254dc4b69bde849b69c2a2a3aab091fe0ce338c66b73e4551fe8fb073eaf02
dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dd34298ef3b3e7baa9cfe5128ac3a2387bdb2d0e43660ea6f933259ad043ea1e
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b5a2130c85b14f1fbcc337083fd7449b227fc06128f07a98cc0d8a66bea5bb
e50923eeab2fab42aabd0b1dd0295ed74f9bf5eec3f91bdcb4b36316a40860bc
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
ec0d8c64112cec90b99919c7901130036481ede2c19168b15c82b4c968670812
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
eeec4808b6538c30c05a03a04d1bd60ee90bb092c5dac84625bfd0aacce3690d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3915c63877f200ddb3939ffe89dd567705a04380d1463b6b5d6f426bcee667
f04b3f34fe8943a4e41492020649a5e0ce0f5663ad314057452a93ea23e1c2c7
f38a80a1420ad17e4f3ec2fb585d11afae9b9e4c6ec4b72660b295b740ebbe93
f43b23d4089e1e91b4c704a9e0080a4631af939c34a81075e56b168c715d3a9f
f7fb768f2bb0cab8b8500d603fd1ab85ebce9a7a5748b90e273050b015080843
fb01c92bcfaec84be435b67861bc9f6347fb75a09c0bbf686d5edd78332a8809
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

trithucvn.org Open in urlscan Pro 2606:4700:21::681b:cc59 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

281 Requests

100 %HTTPS

39 %IPv6

54 Domains

83 Subdomains

60 IPs

10 Countries

6312 kBTransfer

14903 kBSize

5 Cookies

40 Outgoing links

Page URL History

Redirected requests

281 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

trithucvn.org Open in urlscan Pro
2606:4700:21::681b:cc59 Public Scan

Screenshot
Live screenshot

Full Image

281
Requests

100 %
HTTPS

39 %
IPv6

54
Domains

83
Subdomains

60
IPs

10
Countries

6312 kB
Transfer

14903 kB
Size

5
Cookies

281 HTTP transactions
5 data transactions