sotaydoanhtri.com Open in urlscan Pro
2606:4700:3035::6815:105e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sotaydoanhtri.com/
Effective URL:
https://sotaydoanhtri.com/
Submission: On January 29 via api (January 29th 2024, 2:49:06 pm UTC) from US — Scanned from DE

Summary HTTP 214 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 41 IPs in 10 countries across 35 domains to perform 214 HTTP transactions. The main IP is 2606:4700:3035::6815:105e, located in United States and belongs to CLOUDFLARENET, US. The main domain is sotaydoanhtri.com.
TLS certificate: Issued by E1 on December 6th 2023. Valid for: 3 months.

This is the only time sotaydoanhtri.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 23	2606:4700:303... 2606:4700:3035::6815:105e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
25	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	45.142.212.163 45.142.212.163	44477 (STARK-IND...) (STARK-INDUSTRIES)
4	2606:4700::68... 2606:4700::6812:d73b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:34::178	15169 (GOOGLE) (GOOGLE)
1 14	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
4 14	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
27	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
8 18	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
3 7	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
2	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
3	142.250.184.198 142.250.184.198	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	2a02:fa8:8806... 2a02:fa8:8806:16::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 2	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
2 2	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1	35.214.149.91 35.214.149.91	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	16509 (AMAZON-02) (AMAZON-02)
2 2	3.64.234.178 3.64.234.178	16509 (AMAZON-02) (AMAZON-02)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	37.157.3.20 37.157.3.20	198622 (ADFORM) (ADFORM)
1	45.140.146.101 45.140.146.101	44477 (STARK-IND...) (STARK-INDUSTRIES)
1	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
8	2a02:2638:3::10 2a02:2638:3::10	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
214	41

23 2606:4700:3035::6815:105e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sotaydoanhtri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.142.212.163 (Chisinau, Moldova)

ASN44477 (STARK-INDUSTRIES, GB)
PTR: vm2028480.stark-industries.solutions

two.startperfectsolutions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:d73b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a02:6b8::1:119 (Russian Federation) 4 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.184.194 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.36.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.180 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.0.66 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.149.91 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 91.149.214.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.64.234.178 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-234-178.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Loerrach, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.3.20 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.140.146.101 (Chisinau, Moldova)

ASN44477 (STARK-INDUSTRIES, GB)
PTR: vm2027790.stark-industries.solutions

gate.getmygateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638:3::10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

post.plastformspecial.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	622 KB
35	doubleclick.net 9 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 ad.doubleclick.net — Cisco Umbrella Rank: 163	228 KB
26	criteo.net static.criteo.net — Cisco Umbrella Rank: 657 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 9386 csm.eu.criteo.net — Cisco Umbrella Rank: 8850	176 KB
25	gstatic.com fonts.gstatic.com www.gstatic.com	435 KB
23	sotaydoanhtri.com 1 redirects sotaydoanhtri.com	641 KB
11	yandex.com 3 redirects mc.yandex.com — Cisco Umbrella Rank: 8747	4 KB
7	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 8778 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 15457 dis.criteo.com — Cisco Umbrella Rank: 608 rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 15704 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 10462	97 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622	4 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 253	5 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	325 KB
4	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 843 r.turn.com — Cisco Umbrella Rank: 4167	2 KB
4	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 4149 onesignal.com — Cisco Umbrella Rank: 1446	80 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	6 KB
3	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
3	yandex.ru 1 redirects mc.yandex.ru — Cisco Umbrella Rank: 3982	72 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2029	21 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	194 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 583	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 875	2 KB
2	travelaudience.com 2 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5893	914 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 874 s.tribalfusion.com — Cisco Umbrella Rank: 2405	1 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 336	3 MB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	69 KB
1	plastformspecial.com post.plastformspecial.com	524 B
1	getmygateway.com gate.getmygateway.com	17 KB
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1552	587 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 764	465 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 373	235 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 357	149 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 716	544 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3445	104 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	185 B
1	startperfectsolutions.com two.startperfectsolutions.com — Cisco Umbrella Rank: 294923	5 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 811	7 KB
214	35

	Domain	Requested by
27	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net sotaydoanhtri.com
25	pagead2.googlesyndication.com	sotaydoanhtri.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
23	sotaydoanhtri.com	1 redirects sotaydoanhtri.com static.cloudflareinsights.com
19	fonts.gstatic.com	fonts.googleapis.com
18	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net
14	static.criteo.net	ads.eu.criteo.com
14	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com sotaydoanhtri.com googleads.g.doubleclick.net
11	mc.yandex.com	3 redirects mc.yandex.ru
8	imageproxy.eu.criteo.net	ads.eu.criteo.com
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
6	www.gstatic.com	googleads.g.doubleclick.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	sotaydoanhtri.com googleads.g.doubleclick.net
4	csm.eu.criteo.net	ads.eu.criteo.com
4	fonts.googleapis.com	sotaydoanhtri.com googleads.g.doubleclick.net
3	ad.doubleclick.net	googleads.g.doubleclick.net sotaydoanhtri.com
3	www.google.com	tpc.googlesyndication.com googleads.g.doubleclick.net
3	onesignal.com	cdn.onesignal.com
3	mc.yandex.ru	1 redirects sotaydoanhtri.com
3	www.googletagmanager.com	sotaydoanhtri.com www.googletagmanager.com
2	cat.nl3.eu.criteo.com	ads.eu.criteo.com
2	c1.adform.net	2 redirects
2	pm.w55c.net	2 redirects
2	ads.travelaudience.com	2 redirects
2	r.turn.com	googleads.g.doubleclick.net
2	ad.turn.com	2 redirects
2	ads.eu.criteo.com	googleads.g.doubleclick.net
2	www.googleadservices.com
2	s0.2mdn.net	googleads.g.doubleclick.net
2	connect.facebook.net	sotaydoanhtri.com connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	post.plastformspecial.com	sotaydoanhtri.com
1	rtb.fr3.eu.criteo.com	googleads.g.doubleclick.net
1	gate.getmygateway.com	two.startperfectsolutions.com
1	dis.criteo.com	googleads.g.doubleclick.net
1	dsp.adfarm1.adition.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	rtb.nl3.eu.criteo.com	googleads.g.doubleclick.net
1	x.bidswitch.net	googleads.g.doubleclick.net
1	match.adsrvr.org	googleads.g.doubleclick.net
1	sync-tm.everesttech.net	1 redirects
1	s.tribalfusion.com	googleads.g.doubleclick.net
1	a.tribalfusion.com	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	www.facebook.com
1	region1.google-analytics.com	www.googletagmanager.com
1	cdn.onesignal.com	sotaydoanhtri.com
1	two.startperfectsolutions.com	sotaydoanhtri.com
1	static.cloudflareinsights.com	sotaydoanhtri.com
214	49

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.linkedin.com
twitter.com
www.youtube.com
www.dmca.com
filegi.com

Subject Issuer	Validity	Valid
sotaydoanhtri.com E1	`2023-12-06` - `2024-03-05`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
one.startperfectsolutions.com R3	`2024-01-15` - `2024-04-14`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-12-26` - `2024-06-05`	5 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-11-07` - `2024-02-05`	3 months	crt.sh
onesignal.com E1	`2023-12-25` - `2024-03-24`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-03` - `2024-02-28`	3 months	crt.sh
quantserve.com R3	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
gate.getmygateway.com R3	`2024-01-15` - `2024-04-14`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-03-03`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-15` - `2024-03-10`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-27` - `2024-03-21`	3 months	crt.sh
plastformspecial.com GTS CA 1P5	`2024-01-19` - `2024-04-18`	3 months	crt.sh

This page contains 25 frames:

Primary Page: https://sotaydoanhtri.com/
Frame ID: C00BE286C33F2A6EDB8321E871B03FAC
Requests: 80 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20190131/zrt_lookup_fy2021.html
Frame ID: 3D17E99BEF28C2B5F50CF6197588C19D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&adk=1812271804&adf=3025194257&lmt=1706520747&plat=3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x810_r&format=0x0&url=https%3A%2F%2Fsotaydoanhtri.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539735200&bpp=3&bdt=303&idt=242&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4735770572856&frm=20&pv=2&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=255
Frame ID: 73A564639BB61A528D8A90372CDA9E80
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=250&slotname=7720883551&adk=1428232898&adf=2703960325&pi=t.ma~as.7720883551&w=970&lmt=1706520747&format=970x250&url=https%3A%2F%2Fsotaydoanhtri.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539735203&bpp=1&bdt=306&idt=255&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=259
Frame ID: AC8D6C23D70683F42CF7FE080D6D8DF2
Requests: 13 HTTP requests in this frame

Frame: https://mc.yandex.com/metrika/metrika_match.html
Frame ID: 57F464449DE38FB135D8C3631E0BFA96
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1A687622FC4A06B6741A97CDA1E0E6B6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 951E0891F26630DC3FB78F4976213106
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=326101615&adf=3347376195&pi=t.aa~a.1062062165~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250&nras=2&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2660&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=4
Frame ID: 0D8A371CFD40870F099AFEF577523C0F
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=469371209&adf=2601185397&pi=t.aa~a.2210050546~rp.2&w=1116&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1116x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250%2C1200x280&nras=3&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=242&ady=3002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=8
Frame ID: 1976A1553B84C81057446B34A169B8E5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=0&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250%2C1200x280%2C1116x280&nras=4&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3690&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=10
Frame ID: 6DEC77A2A56A215F96D50D4736C1901C
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: DB2BC66412A0F282E11B7CB20E616568
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 495A876276444153A98CA60D31702B21
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: BE6510C92FC35837F104659BDDA1A24C
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnsBxC-xMcCGNXj8a0BMAE&v=APEucNVm8CvOM2DyM3ePjYy4OTtw0yxGeKGcsv6V5MKX77y6j4MBNiOPDj_44BKVhM8MBPEPG4t5JNWyB0doPzdDOHlFO3bU1nEIoejG-TQ2rD1lXr_jBCXJ4zVcdA9kZ_7uPcOQEN5Ia472eDzBWpOJ3cSyqNMt3Xf7IGfA3jYEQUYZcaGRKXk
Frame ID: 1AC9E8C29C0AAB74C5CD23B072E00B6F
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js
Frame ID: CCFEC6965694E2FE7BCBCB6D3187FFED
Requests: 11 HTTP requests in this frame

Frame: https://www.gstatic.com/mysidia/4b0ef9dfa83525e0607f42119c034d23.js?tag=client_fast_engine_2019
Frame ID: 4CB5BA60228C88C1D412AC425D3E32BC
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 297BF4D500E3A50F79D883D2337627ED
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js
Frame ID: 8A65231FDBFA5C60F862A49731ECC862
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js
Frame ID: F28B1CE3B4C674D7DAC2400DDE90A96C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnsBxC-xMcCGOjg8a0BMAE&v=APEucNW0G6hq8kmK-SOewLiT9p6XOZt3pR8LfGAGr-EwAgRfdbKN1Pdaj9qXxjoJKvyAMVULNa6oLKbS5wgbgOgbC_Bp6KxvIAzOAJAsOb44UAIwPxQ9k0bK-3DOtcs7ker9YN0EeMq9TRJF4-7yqyW8q77j6oA19cNlBV2wIuE_UVI_RS4QImI
Frame ID: 708DE2D142DE142A9985336E43E31F8C
Requests: 5 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Zbe62AAHsCkD5-KtAAIyuY1_u7txtfE2IpwnQA&u=%7Cn9n5BqZzeWiv1Sv355cYsRXVKucs%2FZauljMKCqLpQjU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANSWY8jeVe2k8jkXO22AzZT_yFwjn8Vb01uoPnKeaplVf1YZ_d32P4Zyae-vr47s4vG36PwEGodbEpqvOprLLlqUpIcVR0qFbsSxmJsCkHXM0Rbj_W20mwGNavvKraiv4Ma7nIwdLObFZqHPf17LlmkIZfPJDry68TLXPxInVU53ZQ0yP2J2sahIDe4dAHZBSCwIoENP3XdFcf3VW8Rpmw6q3a3SUZdsq-ZCzixMm5x2ckfOBJxBfACwsczc9BbFA6LVTe7AnP8jyIejXVZR_D4SSXQQ2_wLR5_mNzy9lde40KLr9yQ-Yc_UK6Rp2bfbznuv1-VJ8kqm_1ekd6FbLczVFD4Xfwx8KfJ-vYrie4X3tne00RrU9z8qxLBfvevGDlGm9xwim9IpMnBWUP8LnTvP88wo305HkajqdIV5PnfosZ6JXFfyoM3gE_X3azDnMZAUhGbr3vLsJ1j-VzAuQME9aO5BxNMWbluI48oUb6KFnFrLOgyDJpUNI41MWxKK8fDScTemEjDDLi5mLoBBMb8pb1g-fdij7lHQ5lcgNDplkJt2ObNW7B25s7R9CFTFisCigZy5jEGNGOcIelbryxXMdj123fDZbH5rFeX_dE3kn&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8Yxe2Lq3ZangHq3Fn88PueWI-AzJntKxXL3plfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTkxOTEyMjUwMzM4Mjk2MjXIAQmpAiyU_HG8KLI-qAMByAMCqgTSAU_QpFal9anB7suGVSNlEvhOGrSmH-Flar2Hm6tdpuidp20sVY5GyBuR15uqTzqU-ChPMzHtGSy-wT8XoRqdOQMMbe1_sfwVfL_CrOLW856W_HP2l13LhcYOZcjlV5IEyBb5fHOky1iA67KpiO20tMonpws75j9jxNqvIAtw4zRL-8_IvjFoyyOTXxFibMRH2Cfyn9oT6psjO-JD0JLj18Lm4fJ9DbNQUgAbf49-aojNJ_hASC1Tf148b7afc_Q-4w1zcenMexifdYeYgHA9n_pnKoAG9aedkJiV_rhwoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIXXo_brgoQD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RRTXLtjvCD3OCtuqf9DnGqJbkoQ%26client%3Dca-pub-9191225033829625%26adurl%3D
Frame ID: 9F34A5F4258EC072294DEE335461E329
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 61020950A62D2D794E06F5DA5B422C25
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 57627CCFA6F03657EA5A86AA817DBD60
Requests: 3 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Zbe62AAGgusH_YKEAAypbFb-IlG56lzr33bEgw&u=%7Cn9n5BqZzeWjg95vBwGVBWAg3V0khI3vA1dpH3UFg1uE%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANSWY8jeVe2k8EEuC07WHjq5U-cnXCDWR6UGl-kiIe97IUFcKwawroPa17zb9yx3kRLOhwoWKSitPEP5yTUQM2OevjwTY5a0hpCC27AHOQmxWJFcY8bJBqGoENAbOcvcmJYbJGwrGbFWZeXMcbyyctC7bUhZ9qIYr6ZED3jiy_5gBDy0xzya78RxIr_bF15AO_02d6G57ZIp9_PvEw37SRkLx681UrFe5qd_ePF4b_1m5i9AN3Xb9k4IHfLIfvXaJsKDPWU27bc3WtyTOAmAnMhiQkXMMv_0yogIwHUtKp6nbC5OA_f9dIOi1G31P_LZvJeBmNGCJP6P080hSNDtVzkwKEkH4n5RPCNrdHbZX91yGVa6EoAlsr2nGkkdqavsKaLUn8DT0GNgfbM6k9bqVWGZUvjn4PyrS_T0clQR9OxH551r8BlGsW45toN6sn9RlRGsEtZb2F2g05Wz8zh-5rwAIVYhTyOqdA86nIfhgIHMo4yFKbU_Az8PLisyRFQVz4zTZks96vf6td7YY399VbVVnlTbfvx2Xcdu7NSuFUDTtcvCzsH8Uiu1_k9Fgnfx-Aw_EwM7C-7U7oHvxocLF02pdwd5AG85r9Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCraXx2Lq3ZeuFGoSF9u8P7NKyiA7JntKxXMWymPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTkxOTEyMjUwMzM4Mjk2MjXIAQmpAiyU_HG8KLI-qAMByAMCqgTKAU_QFtHKQ-CtFktv0tjxXjNeyi09ZjmMtquAvFsFcitvULNZLm9Vo306gWaX_3oWM8shXLiu_WTRRoHKR3Bd3AhctkOZvpzplvQvghjhAm48L45Yvhgs7nS0FGR6jEdNDjyslF87JmpjHFO70JgJ27pYfSUnHI5zSTZnbOQRhY2UDJhvp0tv2XueDoAhYTW5XKJsj0y3XyVYwLz6IE2fl70-DCWP9BXmCXMS83cs2Lg91Zy-EbD6ECRVuZV9DiVg5iqJzHf0Yosnf72ABtLMod-Djvfv6gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYi7ej9uuChAP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3DzBgqnlfJprr_4d1efoFukSg9PA%26client%3Dca-pub-9191225033829625%26adurl%3D
Frame ID: 2A261C3F59A8CF8725BCEB73F2B9FFA3
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 768117E57293832E5A7AC5BB9B38B1B2
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sổ tay doanh trí - Kiến thức, kỹ năng và tin tức kinh doanh

Page URL History Show full URLs

http://sotaydoanhtri.com/ HTTP 301
https://sotaydoanhtri.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

214
Requests

91 %
HTTPS

64 %
IPv6

35
Domains

49
Subdomains

41
IPs

10
Countries

6456 kB
Transfer

11410 kB
Size

48
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sotaydoanhtrioffical

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sotaydoanhtri

Search URL Search Domain Scan URL

URL: https://twitter.com/sotaydoanhtri

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC6OIs1vCDPHWMhrfZwPrp4Q

Search URL Search Domain Scan URL

URL: https://www.dmca.com/Protection/Status.aspx?ID=7a492b78-8385-405f-ba16-656dcf25b27b&refurl=https://sotaydoanhtri.com/
Title: <img src ="https://images.dmca.com/Badges/dmca_protected_sml_120n.png?ID=7a492b78-8385-405f-ba16-656dcf25b27b" alt="DMCA.com Protection Status" />

Search URL Search Domain Scan URL

URL: https://filegi.com/
Title: Filegi.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sotaydoanhtri.com/ HTTP 301
https://sotaydoanhtri.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 69

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10263.BWgehZqofFcila6jYe0cegkZoVO2b1uE1BiYlOdJfJ8i7Wi-6FJRo8Rcv5jjw3TN.bWLDbjbSjt7lUeYQHxLavX8KLbw%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=10263.bdHAWwdUNc8oS5l1LLhOSSBanfPNiE9qOO8mwoCt-UWXFjHi-1a9kXFyQ80x45Cb7mJeXqwHURaHMu26kWvFk1r8lkY4wQDZrYZDAzIa-JnDzIvwF9_4IrnvM_vOyuVVK1QnqUURhrIuvPCfcshqrEBx-6S2VCqNv5Ht45cIBLOrjq22cu05dkKDYpaXkM4rJ2qcQklT40-jE5BGYgZaAeXtSddODsXal2YXAnb4Ztw%2C.Tb6vAW9py7LLQ5kCUAdcHNT18Vw%2C HTTP 302
https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10263.Rso0tGmMBCwNhFfH1ZYOctX5v3gXaYT7PnfZseY10NpzZgieLAWJb-PHVbJDW1wzA8JvWnH5CBTYEbKaV8zgb5Q6BWQtxf0edWCTrc9fIPg0Vx0I8_mvp55ev60CyNcUbxpJNEBlnikKk3kTiPD-DiEA2TxIcJtEzDLG2RYUEf5gQ_U9raBAyQqo3lu9NMs4UYbnQ1AzsBIEQw3uvOtCXg%2C%2C.MnmOmj7xOOcSq1dd0NUsrEeRuHw%2C

Request Chain 75

https://mc.yandex.com/watch/55962472?wmode=7&page-url=https%3A%2F%2Fsotaydoanhtri.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A0%3Als%3A394758846119%3Ahid%3A910118676%3Az%3A60%3Ai%3A20240129154855%3Aet%3A1706539736%3Ac%3A1%3Arn%3A515802829%3Arqn%3A1%3Au%3A1706539736176624470%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C28%2C1384%2C2%2C641%2C0%2C%2C90%2C0%2C2256%2C2256%2C0%2C2188%3Aco%3A0%3Acpf%3A1%3Ans%3A1706539732841%3Agi%3AR0ExLjIuMTc3Njg0NzI1Mi4xNzA2NTM5NzM1%3Afp%3A2159%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706539736%3At%3AS%E1%BB%95%20tay%20doanh%20tr%C3%AD%20-%20Ki%C3%AA%CC%81n%20th%C6%B0%CC%81c%2C%20ky%CC%83%20n%C4%83ng%20va%CC%80%20tin%20t%C6%B0%CC%81c%20kinh%20doanh&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)ti(1) HTTP 302
https://mc.yandex.com/watch/55962472/1?wmode=7&page-url=https%3A%2F%2Fsotaydoanhtri.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A0%3Als%3A394758846119%3Ahid%3A910118676%3Az%3A60%3Ai%3A20240129154855%3Aet%3A1706539736%3Ac%3A1%3Arn%3A515802829%3Arqn%3A1%3Au%3A1706539736176624470%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C28%2C1384%2C2%2C641%2C0%2C%2C90%2C0%2C2256%2C2256%2C0%2C2188%3Aco%3A0%3Acpf%3A1%3Ans%3A1706539732841%3Agi%3AR0ExLjIuMTc3Njg0NzI1Mi4xNzA2NTM5NzM1%3Afp%3A2159%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706539736%3At%3AS%E1%BB%95%20tay%20doanh%20tr%C3%AD%20-%20Ki%C3%AA%CC%81n%20th%C6%B0%CC%81c%2C%20ky%CC%83%20n%C4%83ng%20va%CC%80%20tin%20t%C6%B0%CC%81c%20kinh%20doanh&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

Request Chain 120

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo3tT1w5eHPoYFlLowY_dw&google_cver=1

Request Chain 121

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zbe62Nctj8vRzZHe4ixY-AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo3tT1w5eHPoYFlLowY_dw&google_cver=1

Request Chain 122

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEnYlYiu5ncJfn-V57ctRWU&google_cver=1

Request Chain 123

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzQxMDMyMjc4MzE5MzQzMTgwNw%3D%3D

Request Chain 130

https://googleads.g.doubleclick.net/pagead/adview?ai=Cp1zm17q3Zbf_IYWY2OMP6MqGmAzG5dXGdfC51rGqEpiS-IezAhABILbv4nFgleKQgqAHoAGcj5P_A8gBCagDAcgDywSqBMcBT9B7AhZm5Hjx3qciemfC4Okh_dxfty6TFuYPvXxxm-MK41uaUrMhdktBmiHYXay2yMAL6pLB2GlrRj98icirQns-Y1vfjkebotUhrNdEVXj63Jk1KcMjHfwY994GOooXcykdBlmlD9QACsTwxdyhsjNxn5EBObyaMYhVu_h3VNkvsa3CGLeJXwhY4PpIuLpnSfXX_EGiN_SkkdygUTQJaq0MLiXL99fndqqN7fVNqUObkvSCZl2VETQvEt1vZUga3NiHotf0VMAE9cmjor8EiAXLoIu5OpIFBAgEGAGSBQQIBRgEoAYugAfM8GyoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBD_ukXSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WLP56fXrgoQDmgnWAWh0dHBzOi8vaW5zaWdodHNvZnR3YXJlLmNvbS9kZS9yZXNvdXJjZXMvb3B0aW1pZXJ1bmctZGVzLWFic2NobHVzc3Byb3plc3Nlcy8_dXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1kaXNwbGF5JnV0bV9jYW1wYWlnbj1nZG4tZGlyZWN0LWlkbGtvbnNpcy1yZW1hcmtldGluZy1kYWNoX2RlJnV0bV9jb250ZW50PTE1NDQyMjI3MzI2OSZ1dG1fdGVybT02Nzc3NzU0Mjc5MTGACgHICwGiDAgqBgoErLqxArgT5APYEw3QFQGAFwGyFxwKGggAEhRwdWItOTE5MTIyNTAzMzgyOTYyNRgA&sigh=vx6AZH6joEI&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgAvHhf_VjIVNI_RVzs7EX3FNYkUPJN-h-mBr1aJfQ_7HAVumcd-bRfzYuDIr3E4Lc6YDwaxWWkaA4Ox5fL8xmsO0mDbyehmwOuJ2DHNqhgB&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22989513783828343090%22,%22debug_reporting%22:true,%22destination%22:%22https://insightsoftware.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221071957916%22],%2222%22:[%22true%22],%224%22:[%2201-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211150690293100179649%22}&andc=true

Request Chain 148

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOBANbMdqgHfhZ3NHq4QdWM&google_cver=1

Request Chain 149

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zbe62Nctj8vRzZHe4ixY-AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOBANbMdqgHfhZ3NHq4QdWM&google_cver=1

Request Chain 150

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELv6iDhSLyEZuu8yIITEyEY&google_cver=1

Request Chain 151

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzQxMDMyMjc4MzE5MzQzMTgwNw%3D%3D

Request Chain 163

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEH9TOQVTd1gj6UzIiuqS2QQ&google_cver=1&google_push=AXcoOmQn20ebAuHf5TLhWtP6f918brIrNBwH8siU4-KpSAH0TzPvmEK7-nn-qNerscQRX6TZ6XYMN-NZMNRwj1uq-G-HUXy4s0r5ooQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzMwNTc2OTE3OTMwNDA0MTcxMg==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOP-0-kjqR6xHEi1YUMiJgo&google_cver=1

Request Chain 165

https://a.tribalfusion.com/i.match?p=b6&u=CAESENB5PGRjE5wgOBzZS0_mzD0&google_cver=1&google_push=AXcoOmR_XHCh4NDRoCkrRJzlNwUrwG5pSSwN0bIue3YIm__IGCBcdKQCg-x6r_H7HaHVP165NR4kkkMGnZQV9SHi0lU3ah_4vAeOnbg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmR_XHCh4NDRoCkrRJzlNwUrwG5pSSwN0bIue3YIm__IGCBcdKQCg-x6r_H7HaHVP165NR4kkkMGnZQV9SHi0lU3ah_4vAeOnbg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENB5PGRjE5wgOBzZS0_mzD0&google_cver=1&google_push=AXcoOmR_XHCh4NDRoCkrRJzlNwUrwG5pSSwN0bIue3YIm__IGCBcdKQCg-x6r_H7HaHVP165NR4kkkMGnZQV9SHi0lU3ah_4vAeOnbg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmR_XHCh4NDRoCkrRJzlNwUrwG5pSSwN0bIue3YIm__IGCBcdKQCg-x6r_H7HaHVP165NR4kkkMGnZQV9SHi0lU3ah_4vAeOnbg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 166

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEHJTYLqXr1Yh90pMGHS9NXc&google_cver=1&google_push=AXcoOmSJlyVywMbClFEMvHWR25cH_I1pffAlfj38VtZNeZ_l-y4YyRdmeCAmu-xpmfX2VSqYcd82kwew5h_wwAofxeb5WOr9KZVq9Po HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEHJTYLqXr1Yh90pMGHS9NXc&google_push=AXcoOmSJlyVywMbClFEMvHWR25cH_I1pffAlfj38VtZNeZ_l-y4YyRdmeCAmu-xpmfX2VSqYcd82kwew5h_wwAofxeb5WOr9KZVq9Po

Request Chain 168

https://ads.travelaudience.com/google_pixel?google_gid=CAESELwc9V420nT3TlcoMboXFqY&google_cver=1&google_push=AXcoOmRncJdDi4hjjzrEu6YxRghJ2XjPwCeR00kDkGd975M4BcHPbj69-PDXIWRb_QnB5ZDsVbxjVRIAdxYwDAXsG7wSXA02RW0kBrk HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=C-FM7Jp0T_A_0HUO6j-Qpw&google_push=AXcoOmRncJdDi4hjjzrEu6YxRghJ2XjPwCeR00kDkGd975M4BcHPbj69-PDXIWRb_QnB5ZDsVbxjVRIAdxYwDAXsG7wSXA02RW0kBrk

Request Chain 175

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEOP-0-kjqR6xHEi1YUMiJgo&google_cver=1&google_push=AXcoOmTI6OzBaC7Me2oyXy7s7Ow3S7mzxso1pnJQNaRw_BiqjIX3yIh62MXohs8prVe_Xy4ZvcyXBz2vSug_WtDZ1bsi62N868Spmg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzIzMzcxMTU4NTI2NjExMzc3Ng==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOP-0-kjqR6xHEi1YUMiJgo&google_cver=1

Request Chain 177

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESED5fBo7vX2YdfC-fOFTS7Hk&google_cver=1&google_push=AXcoOmTq4jdEAlILUwA7zz8SnhpTGy--cUbs-W23X6eOwVfbIb0wNr6P3oNf77GyvZfBXH9HXCCwo9Y6zYoYMDGPqsLL8N0vAPrfNVQ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESED5fBo7vX2YdfC-fOFTS7Hk&google_cver=1&google_push=AXcoOmTq4jdEAlILUwA7zz8SnhpTGy--cUbs-W23X6eOwVfbIb0wNr6P3oNf77GyvZfBXH9HXCCwo9Y6zYoYMDGPqsLL8N0vAPrfNVQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y3NnSGhPeUoxUnVzV3Q1&google_gid=CAESED5fBo7vX2YdfC-fOFTS7Hk&google_cver=1&google_push=AXcoOmTq4jdEAlILUwA7zz8SnhpTGy--cUbs-W23X6eOwVfbIb0wNr6P3oNf77GyvZfBXH9HXCCwo9Y6zYoYMDGPqsLL8N0vAPrfNVQ

Request Chain 178

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEN0tpxhH56QWIilIDY8V4pM&google_cver=1&google_push=AXcoOmRmRdCz1f7aDh6_c_izmEApfTWwW79RlpSOMi55UzTNOUB3XPPWamABDbPnZcQ-3r_5Ix_B-YE3xHlhtmhJ1w8ld9I8EjyJW6M HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyOTUzMjM1OTc0MTAxMjExNg%3D%3D&google_push=AXcoOmRmRdCz1f7aDh6_c_izmEApfTWwW79RlpSOMi55UzTNOUB3XPPWamABDbPnZcQ-3r_5Ix_B-YE3xHlhtmhJ1w8ld9I8EjyJW6M

Request Chain 179

https://ads.travelaudience.com/google_pixel?google_gid=CAESEBNqWKI_FIwujZEYI4H4GDM&google_cver=1&google_push=AXcoOmQ8tH7j3l5Wxk47v8TPGvc9jk_HSQofOB5mcQ1dSHJzSmkqiSWM4yXb9TaHX_90H5NiHhMS2TXrI7p9HJzeICOiIX0XXHbi8H0 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=C-FM7Jp0T_A_0HUO6j-Qpw&google_push=AXcoOmQ8tH7j3l5Wxk47v8TPGvc9jk_HSQofOB5mcQ1dSHJzSmkqiSWM4yXb9TaHX_90H5NiHhMS2TXrI7p9HJzeICOiIX0XXHbi8H0

Request Chain 181

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHHYf0r3fbFHGFP01pwGUOc&google_cver=1&google_push=AXcoOmR4LuQqocQQ2uE4nC0FPgMR9Fz8bsF6Y0wwDmtMXqFSvQwXSiZH_rATjr23jONZLA0HR03FT4KnmTyC_pOsij4Xaxkcnh3lPg HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEHHYf0r3fbFHGFP01pwGUOc&google_cver=1&google_push=AXcoOmR4LuQqocQQ2uE4nC0FPgMR9Fz8bsF6Y0wwDmtMXqFSvQwXSiZH_rATjr23jONZLA0HR03FT4KnmTyC_pOsij4Xaxkcnh3lPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTcyMzk5MjAyOTE4MDQ4OTIzMw&google_push=AXcoOmR4LuQqocQQ2uE4nC0FPgMR9Fz8bsF6Y0wwDmtMXqFSvQwXSiZH_rATjr23jONZLA0HR03FT4KnmTyC_pOsij4Xaxkcnh3lPg

214 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
sotaydoanhtri.com/
Redirect Chain

http://sotaydoanhtri.com/
https://sotaydoanhtri.com/

112 KB
20 KB

1413ms
1384ms

Document
text/html

2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sotaydoanhtri.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6a91d9568a8a1b802a2312777b1a5d5dcbdad808c476097fc75081e340d3c69

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 84d2475679901911-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 29 Jan 2024 14:48:54 GMT
last-modified: Mon, 29 Jan 2024 09:32:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rSdwAjpxIEUSGev%2BaBPxywrl3tv5XU19UHORfx7zyuSv64YwSJRho4JQKpc19PIurNAbL4NS2QGiw5BHGovTMVthKcPm8HiI2%2BSZTTcfr%2BoM6ev13GBwCYJFeBgeDbrE0qd3rR9xDU1pL%2F5XipfWzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
vary: Accept-Encoding
x-content-type-options: "nosniff" always
x-xss-protection: "1; mode=block" always

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 84d247529c6f2285-CDG
Connection: keep-alive
Content-Type: text/html
Date: Mon, 29 Jan 2024 14:48:53 GMT
Location: https://sotaydoanhtri.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Referrer-Policy: no-referrer-when-downgrade
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cXXFNbujLaWJVabQI43NK4SElwaCRBxnDV0UKFafvzWhFU0myEZMojOiZciehF5ufWI4MzVcSTnIwFEU3%2BGgpak8Dj%2FXIrCE1BnX2KON4WZF%2B2yRedWWinyGM4D6WM9M6mEVqebWOCl5uk8ygg2azw%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload" always
Transfer-Encoding: chunked
X-Content-Type-Options: "nosniff" always
X-XSS-Protection: "1; mode=block" always
alt-svc: h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 53 KB
3 KB 54ms
24ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Droid%20Serif%3A400%7CRoboto%20Slab%3A400%7COpen%20Sans%3A300italic%2C400%2C400italic%2C600%2C600italic%2C700%7CRoboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700%2C900&display=swap

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

60675e3c4dc2cad3a9bb668113c31f842e1c3b746ef1a0c4a935099c419c7215

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 29 Jan 2024 14:48:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 29 Jan 2024 14:48:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Jan 2024 14:48:54 GMT

GET
H2 200 rocket-loader.min.js Show response
sotaydoanhtri.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 15ms
14ms Script
application/javascript 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sotaydoanhtri.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 26 Jan 2024 10:32:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b38a27-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qoFqZyfrMvWMgQNEvumETmBtBlAHfbKDvIaFWh3ZgP5a2Iy2iA9zod2ktY%2BhhkLyN71NaPBVV%2FBOvJb4jXMkNp3PNoEVE1pwnYxTyQHOiCTo4yx3XKAtyj7hSzf3HnWGKG5WLnb66RBD%2FBWaVvmHdw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 84d2475f2c5a1911-FRA
expires: Wed, 31 Jan 2024 14:48:54 GMT

GET
H2 200 ae082f636dbbcccefb98fe1194809065.css
sotaydoanhtri.com/wp-content/cache/min/1/ 1008 KB
118 KB 27ms
27ms Stylesheet
text/css 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sotaydoanhtri.com/wp-content/cache/min/1/ae082f636dbbcccefb98fe1194809065.css

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7063335af5b092c450e712519cfff0f6904a08e3ee6687cead439d1e5d8b0034

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:54 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1666441
cf-polished: origSize=1036817
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Sun, 18 Jun 2023 19:28:25 GMT
server: cloudflare
etag: W/"648f5ad9-1d7c9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HHbdsm2%2B%2FSj7qe8BopcU3ygzZl88Nex%2F%2FIhFxwIHF7v37vy2L1ltRgBbdWh1Si31aiWN4%2FQrc0UdA7a4f%2FYhc%2FHdr1NcvlYzJcpZ1ta0pVOi%2F7EK0%2F3FnysOSzq7EudpGUs9PGPkgq46R1GqbhD5iA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 84d2475f2c591911-FRA
expires: Thu, 09 Jan 2025 07:54:53 GMT

GET
H2 200 email-decode.min.js Show response
sotaydoanhtri.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
959 B 16ms
15ms Script
application/javascript 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sotaydoanhtri.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 26 Jan 2024 10:32:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b38a27-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uVaXv1vIgR36g%2FamreROiQRFLho%2FP0wEcALrKSVxwEF1hG11nC51x8AhFZquyy8RyvB7a0iurR94sLWT5Xi6T%2FpWnS9mNYTO%2B%2FisxKkbrzSzJd5PwcqQPjaJpUOb5a6mfmPb2jFtNUCdVVH1vlJLuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 84d2475f2c5c1911-FRA
expires: Wed, 31 Jan 2024 14:48:54 GMT

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 106ms
62ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer: https://sotaydoanhtri.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 84d2475f9ddf4d7c-FRA

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 857389921159836682fb791faa16d00e1f37ffda7609a4117f4727344352800c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cba242d5fa4a5366b924a5006ccea9a61e4eb4bfa80276ab3d80f7cea4690ec2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7284f5ca048d0e9e8c235ccff23defe9707ff0af66da214c304e3f31660418cc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 37cb1de791edc59cd8d6aaacff513c02fffb59dccf7499e255a6c1e32e9e33b9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 424e69515e9bf55087274704d19093781ee10d7b6dd075bcc4d9b25701ccc5f3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7d37483473b7bfa427eb6909c9326aaa9ef1b5c4ea5e5df3fe904b47521a74d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 11937fa5ca9840559aa83bbccde8e63b88c3e3ce486ef8d47a0abcd5d79b78b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 newspaper.woff
sotaydoanhtri.com/wp-content/themes/Newspaper/images/icons/ 120 KB
121 KB 22ms
22ms Font
font/woff 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sotaydoanhtri.com/wp-content/themes/Newspaper/images/icons/newspaper.woff?16

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/wp-content/cache/min/1/ae082f636dbbcccefb98fe1194809065.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f74eda5ca917f0146ec28a71e0602f7a3b9dae063acfeecfe6549bdb165d47a

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

Referer: https://sotaydoanhtri.com/wp-content/cache/min/1/ae082f636dbbcccefb98fe1194809065.css
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:54 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20489
alt-svc: h3=":443"; ma=86400
content-length: 123260
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:40:47 GMT
server: cloudflare
etag: "648f4faf-1e17c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kwOkw%2F%2F3vUC6sRti7959D%2BXaKs%2BOhtFqN%2FKUCgbG3yJ1887CKPbr%2Fy6qI3vn7TmQG8345geckCoaEGycrNz8f1Jhl1%2FJvhx1Ui3kUetCwzsmfHWaIuo4DQ8KnURfo1N41CG77CEmNkLvUGn%2FRlW%2BmA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 84d2475f9b7137f8-FRA
priority: u=0,i=?0
expires: Tue, 28 Jan 2025 09:07:24 GMT

GET
H3 200 e995919d397a5ceae9dd3b0361794ec7.js Show response
sotaydoanhtri.com/wp-content/cache/min/1/ 284 KB
76 KB 45ms
44ms Script
application/javascript 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sotaydoanhtri.com/wp-content/cache/min/1/e995919d397a5ceae9dd3b0361794ec7.js

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a5443f81f44bcb998d873dbadb1b68ce642f469fe91c5b161964e7e8e40a395

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20490
cf-polished: origSize=291326
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
cf-bgj: minify
last-modified: Thu, 14 Dec 2023 20:27:12 GMT
server: cloudflare
etag: W/"657b6520-12c21"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cCdx1b4XaI0tiKEJKhusCjsB6w6k%2B%2FPQiNEn8NmH9MiBIN946mvYiMyiQh4ih13oSkP0HGhgAM%2B%2BlAwvp5nWBGWhROPUzYUcz4B8HgpRsolIYiUcuWwyD7%2BX0sgGeYwiBLlCPIXxz5vZbyCVti6bBA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 84d2475fbbe837f8-FRA
priority: u=1,i=?0
expires: Tue, 28 Jan 2025 09:07:24 GMT

GET
H3 200 lazyload.min.js Show response
sotaydoanhtri.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/ 8 KB
4 KB 34ms
33ms Script
application/javascript 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sotaydoanhtri.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 197596
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:41:53 GMT
server: cloudflare
etag: W/"648f4ff1-2063"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KylROzjLMjmoyvzPjzcom2Iy65jcnlrdyv3fs898RVDUP63f3LfkV8QHji9MES95ywaVRogGicIkgs6fZVx7%2F6u7CyXxA7yHTn1M%2BByJrdPK%2F6zngTUwTq2XkNIdUjF1RC2PVaS8W6l2dR5F12P6Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
cf-ray: 84d2475fbbed37f8-FRA
priority: u=1,i=?0
expires: Sun, 26 Jan 2025 07:55:39 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 152 KB
51 KB 126ms
96ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d79df0df26c761dbe2189c93357d3ac1d8ed5d625d77701e33032713139be07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51886
x-xss-protection: 0
server: cafe
etag: 2832996097675950143
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Mon, 29 Jan 2024 14:48:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
68 KB 59ms
28ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-150915968-1

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

29b96ed7148160167722b465376a36f4a772cb095ebee64cb6fc9fcfdc71419d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69493
x-xss-protection: 0
last-modified: Mon, 29 Jan 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 29 Jan 2024 14:48:55 GMT

GET
H3 200 jquery.min.js Show response
sotaydoanhtri.com/wp-includes/js/jquery/ 88 KB
32 KB 35ms
34ms Script
application/javascript 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sotaydoanhtri.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 197597
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 19:26:17 GMT
server: cloudflare
etag: W/"648f5a59-15ed7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1ur2%2FTduKu%2Fquf2ro5GJB8VJOw3ps7cpHzdl9d2nWvOmZaGnZq%2F8tzD9scipHbzV5oUAXoFWthOD5Kh6ryShvR%2FBj%2BTeW6GY5JCUKRihWpcjvPpLJEJmvk%2B0sZxmu3AxlwN6%2FYRX8E%2FoF109P850g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
cf-ray: 84d2475fbbf037f8-FRA
priority: u=1,i=?0
expires: Sun, 26 Jan 2025 07:55:37 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
48 KB 49ms
14ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Droid%20Serif%3A400%7CRoboto%20Slab%3A400%7COpen%20Sans%3A300italic%2C400%2C400italic%2C600%2C600italic%2C700%7CRoboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700%2C900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 23:43:45 GMT
x-content-type-options: nosniff
age: 486310
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 23:43:45 GMT

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v40/ 49 KB
49 KB 77ms
44ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d8601a776b7dc777cd23bc42392d05a43df0d6402328e8913b58811083b513d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 18:56:50 GMT
x-content-type-options: nosniff
age: 503525
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50296
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:10:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 18:56:50 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 61ms
28ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 20:44:46 GMT
x-content-type-options: nosniff
age: 497049
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 20:44:46 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 5 KB
6 KB 81ms
48ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0948409a22b5979aa7e1ec20da9e61f12e7d403800b541ece053881bd2542b70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 00:01:57 GMT
x-content-type-options: nosniff
age: 571618
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5604
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 00:01:57 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 87ms
55ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 23:28:52 GMT
x-content-type-options: nosniff
age: 487203
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 23:28:52 GMT

GET
H2 200 tDbI2oqRg1oM3QBjjcaDkOr9rAU.woff2
fonts.gstatic.com/s/droidserif/v19/ 22 KB
22 KB 81ms
50ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/droidserif/v19/tDbI2oqRg1oM3QBjjcaDkOr9rAU.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aee4051a20e975b9bb6fdc20984a091eb1f55c35ea87abe441db4cdbe8c116d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 16:24:39 GMT
x-content-type-options: nosniff
age: 512656
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22476
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:19:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 16:24:39 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
fonts.gstatic.com/s/opensans/v40/ 35 KB
35 KB 92ms
60ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

adfa45260a1306cb5fefc1f17c1b5e7b61135534a82bf1b8e3d0540af7e07e3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 23:32:30 GMT
x-content-type-options: nosniff
age: 486985
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35328
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:00:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 23:32:30 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2
fonts.gstatic.com/s/opensans/v40/ 16 KB
16 KB 71ms
39ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35e5eea83f2e5f2bad1213aa4b4aef30a380720e35c1821f19bc894f8e61e406

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 08:54:25 GMT
x-content-type-options: nosniff
age: 21270
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16552
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Jan 2025 08:54:25 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu7WxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 5 KB
6 KB 74ms
43ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

77b24796a3d4ab521f66765651875338ed50cb9306cfe4603a3e79618e429cec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 17:08:58 GMT
x-content-type-options: nosniff
age: 509997
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5560
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 17:08:58 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 12 KB
12 KB 63ms
32ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 17:54:00 GMT
x-content-type-options: nosniff
age: 507295
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11872
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 17:54:00 GMT

GET
H2 200 BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rj.woff2
fonts.gstatic.com/s/robotoslab/v34/ 14 KB
14 KB 89ms
58ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v34/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rj.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

438099da1cf057f5b48133f7a74b2d506751fb1b2e888d22ca397fa1983a8f9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 08:59:02 GMT
x-content-type-options: nosniff
age: 20993
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13992
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 01:50:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Jan 2025 08:59:02 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 82ms
53ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 16:39:21 GMT
x-content-type-options: nosniff
age: 252574
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jan 2025 16:39:21 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ 17 KB
17 KB 86ms
58ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 12:54:58 GMT
x-content-type-options: nosniff
age: 6837
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17368
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Jan 2025 12:54:58 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 12 KB
12 KB 81ms
56ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc66f942651a9fe1a598770d3d896529dcd7a03d02f40655451513093103e61b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 12:54:59 GMT
x-content-type-options: nosniff
age: 6836
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11824
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Jan 2025 12:54:59 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 5 KB
6 KB 82ms
57ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ec57f2a80b91090971b83970230ca09ab3568c5f5b224896ca9aa6180a76aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 23:26:41 GMT
x-content-type-options: nosniff
age: 487334
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5548
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 23:26:41 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
9 KB 15ms
15ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 23:36:17 GMT
x-content-type-options: nosniff
age: 486758
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9628
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 23:36:17 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 119 KB
45 KB 29ms
28ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KQGNTNC

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

468607182c6b0c79323266092526bf3c7e97df9d729dfdca76091865562bbc1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46429
x-xss-protection: 0
last-modified: Mon, 29 Jan 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 29 Jan 2024 14:48:55 GMT

GET
H2 200 stars Show response
two.startperfectsolutions.com/ 12 KB
5 KB 1813ms
168ms Script
application/javascript 45.142.212.163
STARK-INDUSTRIES

General

Check archive.org

Show headers Download Go to

Full URL: https://two.startperfectsolutions.com/stars?se=&wi=sotaydoanhtri.com
Requested by: Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/wp-content/cache/min/1/e995919d397a5ceae9dd3b0361794ec7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.142.212.163 Chisinau, Moldova, ASN44477 (STARK-INDUSTRIES, GB),
Reverse DNS: vm2028480.stark-industries.solutions
Software: nginx / PHP/7.4.33
Resource Hash: 54753bd05c9a14e23b2ecd6fb242faf57272cc3e1c12688fe1fb117b9f4d4f36

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
content-encoding: gzip
server: nginx
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 29 Jan 2024 14:48:56 GMT

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
68 KB 137ms
34ms Script
application/javascript 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151602

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/wp-content/cache/min/1/e995919d397a5ceae9dd3b0361794ec7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebe0f94ca53bc5f7d865f89aec5b0315bca03ace6942d6c1c76d94d5b59d419a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 3
etag: W/"e3be409ac3c100e2a5d3f264ec260551"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 84d2476148674db5-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Feb 2024 14:48:55 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 227 KB
80 KB 36ms
36ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8GL1QMLJR3&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150915968-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4bd63652fcf6def45665c5c83222992aca2f1ed3a8b69dacb6470ea51b767d49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81783
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 29 Jan 2024 14:48:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 96ms
10ms Script
text/javascript 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150915968-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 29 Jan 2024 13:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 3646
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 29 Jan 2024 15:48:09 GMT

GET
H3 200 KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ 17 KB
17 KB 12ms
12ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

661d4b208656c006e7aab58acf7784857963123675de2302279fbe6c05313547

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://sotaydoanhtri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 20:44:48 GMT
x-content-type-options: nosniff
age: 497047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17336
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 20:44:48 GMT

POST
H3 204 rum Show response
sotaydoanhtri.com/cdn-cgi/ 0
142 B 16ms
16ms XHR
text/plain 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sotaydoanhtri.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://sotaydoanhtri.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type: application/json

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://sotaydoanhtri.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 84d24760de3d37f8-FRA

GET
H3 200 S%C3%B4%CC%89-tay-doanh-tri%CC%81-Logo-300x106.png
sotaydoanhtri.com/wp-content/uploads/2019/07/ 12 KB
13 KB 22ms
21ms Image
image/png 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sotaydoanhtri.com/wp-content/uploads/2019/07/S%C3%B4%CC%89-tay-doanh-tri%CC%81-Logo-300x106.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f923adf1b132c50ea79e9e1d9550c655d432df5214582937d4051e37a0367df0

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20488
alt-svc: h3=":443"; ma=86400
content-length: 12676
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:41:50 GMT
server: cloudflare
etag: "648f4fee-3184"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sZJuZ08sfvLOZ6G8JWFOFrUfZW%2B8UwEtmtnDKegUbA585G%2BZPGgGBO80SLu5wr4ucsCWUlcXksCLCzO%2B5VZ0sO8n2XR4yQPM4TXl%2FjuyQhbSoy%2FmUZvVlyAtbdgqYuVbEK4pN%2BJc%2FfiNcUAr2wfXyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 84d24760ee6537f8-FRA
priority: u=3,i
expires: Tue, 28 Jan 2025 09:07:26 GMT

GET
H3 200 Friday-CRM.png
sotaydoanhtri.com/wp-content/uploads/2019/11/ 3 KB
4 KB 23ms
21ms Image
image/png 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sotaydoanhtri.com/wp-content/uploads/2019/11/Friday-CRM.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

081e05f68c4d2d900384f19a5d503c9bad0ff00b1f44a8e4e64afd63917e08c9

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20488
alt-svc: h3=":443"; ma=86400
content-length: 3011
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:41:33 GMT
server: cloudflare
etag: "648f4fdd-bc3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqNiIBkqAZhEFicMUHcuelKBG%2FIWSqn0jx%2FXt2%2FpWxO9pQU3f%2B43ZDxbfZaKv2YdcZ%2BjuwGI64q27sg68%2F%2B0kI4NimsmbX3V%2BNjwq0O3OILy40iTPvtJBeh2M%2BAi4Vg2fFKPslJGK8vTPazcyCDyMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 84d24760ee6a37f8-FRA
priority: u=3,i
expires: Tue, 28 Jan 2025 09:07:26 GMT

GET
H3 200 Bisq.jpg
sotaydoanhtri.com/wp-content/uploads/2019/11/ 9 KB
10 KB 23ms
22ms Image
image/jpeg 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sotaydoanhtri.com/wp-content/uploads/2019/11/Bisq.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffbfcd78b15d92e860631c9b22915d95eb7b5548464198274397c2c3e151ef45

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20488
alt-svc: h3=":443"; ma=86400
content-length: 9374
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:41:35 GMT
server: cloudflare
etag: "648f4fdf-249e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2BsSYc0W9istZ7WGe%2BnAKZnk6yGO6UgkLMfSGVv5aavkIEeFGtIcEQoqjp7LmFE3jsRGfG7bBZ4H3teCd5F%2Bno51ACE7AKWxZb1d88L5xAh9a9HYimRJbC2jy4Hsxs9fhuRU%2FKYisSGaTGzRr1iPkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 84d24760ee6d37f8-FRA
priority: u=3,i
expires: Tue, 28 Jan 2025 09:07:26 GMT

GET
H3 200 TracxTMS-4.png
sotaydoanhtri.com/wp-content/uploads/2019/11/ 52 KB
53 KB 25ms
24ms Image
image/png 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sotaydoanhtri.com/wp-content/uploads/2019/11/TracxTMS-4.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22e2bc9dcf5d047977267ed09d28d9e09b67f8b634a88ba001d9e551028dd138

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20488
alt-svc: h3=":443"; ma=86400
content-length: 53094
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:41:33 GMT
server: cloudflare
etag: "648f4fdd-cf66"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAUZJrn5Je%2FAIGzcFR8Ia7lgRBzyckwPFtw3MAHKOx4G0IlB8l4Dp3tgheRBc7Em14wkQalf6rBZFFZirDKcz91x7uM%2BMTUWLdiHec8k8pvEqCDqYVS8fnCDRAGy1r20q7yQbLrmKuk40UYAFSeJ0g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 84d24760ee6e37f8-FRA
priority: u=3,i
expires: Tue, 28 Jan 2025 09:07:26 GMT

GET
H3 200 one45.png
sotaydoanhtri.com/wp-content/uploads/2019/11/ 43 KB
44 KB 33ms
32ms Image
image/png 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sotaydoanhtri.com/wp-content/uploads/2019/11/one45.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38407e9cd3322103dfb941c7d8e32f4fd1da45c28aa43389b537b4a9658ff572

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20488
alt-svc: h3=":443"; ma=86400
content-length: 44233
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:40:54 GMT
server: cloudflare
etag: "648f4fb6-acc9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WfTjwejRyp0KS59yVBf0Q4va2TsjHGHvjfJNVTZr5IITjunS8szeZwFkQPTeHJYbtLtYZmdZnLgN9XF%2FlftEwMy13qKYlwMu32wNIrL1cDiey6N0ct8EQoA6Hl%2F6Lkw2O0h2vl9xNVhpWMjQW3Jd6A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 84d24760ee7037f8-FRA
priority: u=3,i
expires: Tue, 28 Jan 2025 09:07:26 GMT

GET
H3 200 Quid-265x187.png
sotaydoanhtri.com/wp-content/uploads/2019/11/ 8 KB
9 KB 34ms
33ms Image
image/png 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sotaydoanhtri.com/wp-content/uploads/2019/11/Quid-265x187.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

040909fa61daff2c0b3373909136b3bfdfd7ef335ed88b5a77652a35768ddc79

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20488
alt-svc: h3=":443"; ma=86400
content-length: 8664
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:41:08 GMT
server: cloudflare
etag: "648f4fc4-21d8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMW2%2F9VIn72iN6zltLZ5Fs4q%2F%2BweWpgMcjs0KZVmWpDXGApcsGKzz%2Fz%2B9vobQLWNZI97SvOYfSSQm7BSB2NGbX9d2bD%2F1hfUOBz%2Bo87V4aKU8LwBA9ThsABZLks%2BuW4Z70UgssXyo2HXXDlT8ITdmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 84d24760ee7437f8-FRA
priority: u=3,i
expires: Tue, 28 Jan 2025 09:07:26 GMT

GET
H3 200 Life360.png
sotaydoanhtri.com/wp-content/uploads/2019/11/ 29 KB
30 KB 35ms
33ms Image
image/png 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sotaydoanhtri.com/wp-content/uploads/2019/11/Life360.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

296e3410271b4b395fd650f2da000e0ebd6241db28dfcf750d200902e4ddbd83

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20488
alt-svc: h3=":443"; ma=86400
content-length: 29748
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:41:45 GMT
server: cloudflare
etag: "648f4fe9-7434"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ootvnWweYWnfeAU%2BpikEW88hRs8OPSyuZXBTgTh9%2FZd02rglATRolBiO4WizlCfaI%2Bm6d2GOXbHkGirRV78lEP%2FEgtLfbPvdXlFkPtfzEY45tU4K64L2bTH5rhkdWgZL7pJzfHNzwMY8BlzmaRTHRw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 84d24760ee7737f8-FRA
priority: u=3,i
expires: Tue, 28 Jan 2025 09:07:26 GMT

GET
H3 200 Opas.jpg
sotaydoanhtri.com/wp-content/uploads/2019/11/ 4 KB
5 KB 25ms
24ms Image
image/jpeg 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sotaydoanhtri.com/wp-content/uploads/2019/11/Opas.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9f48948c2924525ac9827d996f98c169fe375351bc07ac295dd68679874038e

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20488
alt-svc: h3=":443"; ma=86400
content-length: 4184
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:40:52 GMT
server: cloudflare
etag: "648f4fb4-1058"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ORXGBX4hAfKpBULo3yKI8AgAp8SEd2QVJ3wta91fMOv5%2BQ2K6HRHpjL99Jntgdvu7z7uoBTK%2B0QbQ9jHWhHrY7LWL577mymdHshHWeUKUo7Ftm%2F%2FMZh5JZVrqA4%2BVuXnF9wOqny24J5ZNUdkqhkBSg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 84d24760ee7a37f8-FRA
priority: u=3,i
expires: Tue, 28 Jan 2025 09:07:26 GMT

GET
H3 200 OnePulse.jpg
sotaydoanhtri.com/wp-content/uploads/2019/11/ 9 KB
10 KB 35ms
34ms Image
image/jpeg 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sotaydoanhtri.com/wp-content/uploads/2019/11/OnePulse.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d218022944e3af5fae0616b4556bd8f5bbe6cba0e664e9282363a1bc0e54c04a

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20488
alt-svc: h3=":443"; ma=86400
content-length: 9283
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:41:09 GMT
server: cloudflare
etag: "648f4fc5-2443"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DJuGio3Lqhu0n3FaGkNzsKoS9%2F6bsZmIXpmb%2FSILqrGsq26LwQzcN2cIIoebEl1vpYXdorRxDP5z%2FOjzyM0VX6MT0m8uJdd%2FgYUWoc%2FHnRh3f2jvr9Pt%2FYYg5X69C0Gw%2BweyBVdwfW1%2BYx%2BuwI07nQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 84d24760ee7d37f8-FRA
priority: u=3,i
expires: Tue, 28 Jan 2025 09:07:26 GMT

GET
H3 200 Desmos.png
sotaydoanhtri.com/wp-content/uploads/2019/11/ 50 KB
50 KB 36ms
35ms Image
image/png 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sotaydoanhtri.com/wp-content/uploads/2019/11/Desmos.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

740a88d0172009ea787e87750901157cdfedbce814b6cf4c2912cb56e47b4b2f

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20488
alt-svc: h3=":443"; ma=86400
content-length: 50921
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:41:13 GMT
server: cloudflare
etag: "648f4fc9-c6e9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BMU4NOWzwI58liN9yEEFnDtrDfWj%2BH2jQ%2Bwb8Q4XqCH4qJ850P2PT89nEL95KhIk2CC%2F9gEbFS4J3ClOIbWL9HbnDUS6s8yJcVmD6pbtZHmPg3nJuHCxV9ICZFPl64rJo7cmRLyFXD%2FKp4xIPMS8vQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 84d24760ee8137f8-FRA
priority: u=3,i
expires: Tue, 28 Jan 2025 09:07:26 GMT

GET
H3 200 Windows-Virtual-Desktop.jpg
sotaydoanhtri.com/wp-content/uploads/2019/11/ 5 KB
6 KB 23ms
23ms Image
image/jpeg 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sotaydoanhtri.com/wp-content/uploads/2019/11/Windows-Virtual-Desktop.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b463fe24ae47b4ae238f48c140f17df1caf8b5ed0e957b82f9e608a6d6a4d862

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20488
alt-svc: h3=":443"; ma=86400
content-length: 4976
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:41:39 GMT
server: cloudflare
etag: "648f4fe3-1370"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fxXzV1XjzTRaL%2Fnz7vwV5qe4%2BEL7gsU3zKsGVcJPYOuB2dM724Iay8jnbsysb%2BuOG5fvrY6ZES3VPS5iGEFl4xGMU5G345xFj5eKigWo1ny4P36xtVq4LDQ21qNFEgPr2xWaR%2FkKYnxf%2F14bNK3fxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 84d24760ee8437f8-FRA
priority: u=3,i
expires: Tue, 28 Jan 2025 09:07:26 GMT

GET
H3 200 Stickyposts.png
sotaydoanhtri.com/wp-content/uploads/2019/11/ 29 KB
30 KB 25ms
25ms Image
image/png 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sotaydoanhtri.com/wp-content/uploads/2019/11/Stickyposts.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8980d8816ac9e1fbf4a741de11319b07af004b8247580eb23aa2dea0b29092a

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20488
alt-svc: h3=":443"; ma=86400
content-length: 30031
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:41:18 GMT
server: cloudflare
etag: "648f4fce-754f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AztXlgifUdVuBrIYH1629x7HWstGsGzXr80a6ZT3vP1%2BnYkqz7Kqx1EpN1Du8VgeU5ycZ%2B4n%2F1PSXhd5EZaYDjLfcUi9CMPT6sZiQ7g1dy%2BElZ4UM76oaosimwC6tpZepbDlV4xBPLJ7Jw3CmEE6JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 84d24760ee8737f8-FRA
priority: u=3,i
expires: Tue, 28 Jan 2025 09:07:26 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/ 406 KB
138 KB 79ms
75ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9191225033829625&plah=sotaydoanhtri.com&bust=31080697

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

337d15e8840b832ea50d1b12850f71fdea79296deb50f5e5498549c99dfc5f23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140882
x-xss-protection: 0
server: cafe
etag: 1100826402874935577
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 29 Jan 2024 14:48:55 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240122/r20190131/ Frame 3D17 9 KB
5 KB 42ms
11ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240122/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sotaydoanhtri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54498
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 28 Jan 2024 23:40:37 GMT
etag: 3890843268177463596
expires: Sun, 11 Feb 2024 23:40:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 204 KB
71 KB 273ms
127ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

9c641fd8ad8fc0517d4ee8d937866e2542fe7e0b07761c710a5c9a423b269dd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Fri, 26 Jan 2024 12:09:51 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65b3a10f-11840"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 71744
expires: Mon, 29 Jan 2024 15:48:55 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 213 KB
58 KB 48ms
17ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f54d3a9011dd18c3a6b2c5ca5c5bf3d490d5428046d806c4aa9ecec5f82139ca

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 29 Jan 2024 14:48:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57158
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
pragma: public
x-fb-debug: 6lzR+bE9J5uEOhY7acwYu/3tT74m3s3ehiPn2sm7n509nm8z50Sf1jHL12pEoDAl9ylF6oTXBOUUZ8gCIFRmxw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
246 B 63ms
24ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8GL1QMLJR3&gtm=45je41o0v9114137280&_p=1706539735104&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1776847252.1706539735&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1706539735&sct=1&seg=0&dl=https%3A%2F%2Fsotaydoanhtri.com%2F&dt=S%E1%BB%95%20tay%20doanh%20tr%C3%AD%20-%20Ki%C3%AA%CC%81n%20th%C6%B0%CC%81c%2C%20ky%CC%83%20n%C4%83ng%20va%CC%80%20tin%20t%C6%B0%CC%81c%20kinh%20doanh&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2445
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8GL1QMLJR3&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://sotaydoanhtri.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
207 B 18ms
18ms XHR
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1329212662&t=pageview&_s=1&dl=https%3A%2F%2Fsotaydoanhtri.com%2F&ul=en-us&de=UTF-8&dt=S%E1%BB%95%20tay%20doanh%20tr%C3%AD%20-%20Ki%C3%AA%CC%81n%20th%C6%B0%CC%81c%2C%20ky%CC%83%20n%C4%83ng%20va%CC%80%20tin%20t%C6%B0%CC%81c%20kinh%20doanh&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=732414067&gjid=1437199458&cid=1776847252.1706539735&tid=UA-150915968-1&_gid=1396045187.1706539735&_r=1&gtm=457e41o0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=1890242174

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://sotaydoanhtri.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://sotaydoanhtri.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 web Show response
onesignal.com/api/v1/sync/4e242ee6-1a71-4aaf-9a14-3ed4dca2a63d/ 3 KB
2 KB 77ms
77ms Script
text/javascript 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/4e242ee6-1a71-4aaf-9a14-3ed4dca2a63d/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151602

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3cdaa7134faacf7bf9ee381e7711b534d8ecffed86a110685dc94a1f7202997

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 1f83d26c-e456-47c4-af54-5d84bf8e465f
x-runtime: 0.031280
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"e3cdaa7134faacf7bf9ee381e7711b53"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 84d24761b8ed4db5-FRA
access-control-allow-headers: SDK-Version
expires: Mon, 29 Jan 2024 15:48:55 GMT

GET
H2 200 2590722831007978 Show response
connect.facebook.net/signals/config/ 53 KB
11 KB 108ms
107ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2590722831007978?v=2.9.143&r=stable&domain=sotaydoanhtri.com&hme=1e96626f56fb37feabdb16bd09d3dbece570479b2ec677eec7364c762eaf296e&ex_m=62%2C104%2C92%2C96%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C146%2C149%2C160%2C156%2C157%2C159%2C25%2C89%2C45%2C68%2C158%2C141%2C144%2C153%2C154%2C161%2C113%2C13%2C43%2C165%2C164%2C115%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C93%2C95%2C31%2C94%2C26%2C22%2C142%2C145%2C122%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C91%2C38%2C70%2C60%2C97%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C98

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3bcb6ab2e2a54167cd69ad25f78b804012f5cc5785d8b9e292f29b7f60f9f5f7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 29 Jan 2024 14:48:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
pragma: public
x-fb-debug: w+c/SXRR+GfffxcVF/Hw4XykkB/uPSKANpHTmo9x1tlGDPTVUVxThZIL8rRjO5qYa1V6iQUtLNjU2XX0PkXGnA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 43ms
42ms Stylesheet
text/css 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151602

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 2603
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 84d2476249c24db5-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Wed, 28 Feb 2024 14:48:55 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 73A5 530 KB
133 KB 847ms
846ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&adk=1812271804&adf=3025194257&lmt=1706520747&plat=3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x810_r&format=0x0&url=https%3A%2F%2Fsotaydoanhtri.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539735200&bpp=3&bdt=303&idt=242&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4735770572856&frm=20&pv=2&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=255

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9191225033829625&plah=sotaydoanhtri.com&bust=31080697

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

acb73466e72ac22ee1885b8fbe0a12d575fd20fbe0ccc1ec92c9b68a484b6671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sotaydoanhtri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 135735
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 14:48:56 GMT
expires: Mon, 29 Jan 2024 14:48:56 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 99ms
65ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240122&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

272f86fef742939035a910f5a68ceef80061caaa360b744a139d50b5ef74d25a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12295
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AC8D 90 KB
42 KB 1338ms
1337ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=250&slotname=7720883551&adk=1428232898&adf=2703960325&pi=t.ma~as.7720883551&w=970&lmt=1706520747&format=970x250&url=https%3A%2F%2Fsotaydoanhtri.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539735203&bpp=1&bdt=306&idt=255&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=259

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba3126278b694116e1b6f41f05bcd369c9adb33eae71ce23d4c813ac0ee73b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sotaydoanhtri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 42670
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 14:48:56 GMT
expires: Mon, 29 Jan 2024 14:48:56 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 icon Show response
onesignal.com/api/v1/apps/4e242ee6-1a71-4aaf-9a14-3ed4dca2a63d/ 180 B
824 B 390ms
54ms Fetch
application/json 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/apps/4e242ee6-1a71-4aaf-9a14-3ed4dca2a63d/icon

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151602

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

985625c2fcf1acd7d17faaa780bb1df0985117d7f96427db3607f3c87dc85262

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 11acff62-d868-44b6-a79e-0a65b3dde3b1
x-runtime: 0.021763
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"985625c2fcf1acd7d17faaa780bb1df0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept, Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
cf-ray: 84d24764d90a2bb0-FRA
access-control-allow-headers: SDK-Version

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 50ms
17ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2590722831007978&ev=PageView&dl=https%3A%2F%2Fsotaydoanhtri.com%2F&rl=&if=false&ts=1706539735480&sw=1600&sh=1200&v=2.9.143&r=stable&ec=0&o=4126&fbp=fb.1.1706539735480.1378852446&ler=empty&cdl=API_unavailable&it=1706539735364&coo=false&exp=d1&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 29 Jan 2024 14:48:55 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 315ms
34ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 14:48:55 GMT

GET
H2

200

sync_cookie_image_finish
mc.yandex.ru/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10263.BWgehZqofFcila6jYe0cegkZoVO2b1uE1BiYlOdJfJ8i7Wi-6FJRo8Rcv5jjw3TN.bWLDbjbSjt7lUeYQHxLavX8KLbw%2C
https://mc.yandex.com/sync_cookie_image_decide?token=10263.bdHAWwdUNc8oS5l1LLhOSSBanfPNiE9qOO8mwoCt-UWXFjHi-1a9kXFyQ80x45Cb7mJeXqwHURaHMu26kWvFk1r8lkY4wQDZrYZDAzIa-JnDzIvwF9_4IrnvM_vOyuVVK1QnqUURhr...
https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10263.Rso0tGmMBCwNhFfH1ZYOctX5v3gXaYT7PnfZseY10NpzZgieLAWJb-PHVbJDW1wzA8JvWnH5CBTYEbKaV8zgb5Q6BWQtxf0edWCTrc9fIPg0V...

43 B
612 B

71ms
70ms

Image
image/gif

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10263.Rso0tGmMBCwNhFfH1ZYOctX5v3gXaYT7PnfZseY10NpzZgieLAWJb-PHVbJDW1wzA8JvWnH5CBTYEbKaV8zgb5Q6BWQtxf0edWCTrc9fIPg0Vx0I8_mvp55ev60CyNcUbxpJNEBlnikKk3kTiPD-DiEA2TxIcJtEzDLG2RYUEf5gQ_U9raBAyQqo3lu9NMs4UYbnQ1AzsBIEQw3uvOtCXg%2C%2C.MnmOmj7xOOcSq1dd0NUsrEeRuHw%2C

Protocol

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10263.Rso0tGmMBCwNhFfH1ZYOctX5v3gXaYT7PnfZseY10NpzZgieLAWJb-PHVbJDW1wzA8JvWnH5CBTYEbKaV8zgb5Q6BWQtxf0edWCTrc9fIPg0Vx0I8_mvp55ev60CyNcUbxpJNEBlnikKk3kTiPD-DiEA2TxIcJtEzDLG2RYUEf5gQ_U9raBAyQqo3lu9NMs4UYbnQ1AzsBIEQw3uvOtCXg%2C%2C.MnmOmj7xOOcSq1dd0NUsrEeRuHw%2C
date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
475 B 74ms
63ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 26 Jan 2024 12:09:51 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65b3a10f-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Mon, 29 Jan 2024 15:48:55 GMT

GET
H2 200 metrika_match.html Show response
mc.yandex.com/metrika/ Frame 57F4 2 KB
1 KB 66ms
65ms Document
text/html 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/metrika/metrika_match.html

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

9df4ea0c8c25b6c96ccb4ef96780a7b074ee266972670f2572d38a961f1b481f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://sotaydoanhtri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-origin: *
cache-control: max-age=3600
content-encoding: br
content-length: 869
content-type: text/html
date: Mon, 29 Jan 2024 14:48:55 GMT
etag: "65b3a10f-365"
expires: Mon, 29 Jan 2024 15:48:55 GMT
last-modified: Fri, 26 Jan 2024 12:09:51 GMT
strict-transport-security: max-age=31536000
timing-allow-origin: *

GET
H3 200 favicon-16x16.png
sotaydoanhtri.com/wp-content/uploads/2019/10/ 1 KB
2 KB 24ms
23ms Image
image/png 2606:4700:3035::6815:105e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sotaydoanhtri.com/wp-content/uploads/2019/10/favicon-16x16.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:105e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aeac6316353c65986e52aae63bbef4be62a9e7abfbb39910d52e8a64e78dfd2a

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20488
alt-svc: h3=":443"; ma=86400
content-length: 1462
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 18 Jun 2023 18:40:47 GMT
server: cloudflare
etag: "648f4faf-5b6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CRAQffwWNezl3MW9R%2BO5biMDK9uTWPbGnWltjNLcWNZ22ITLUd07DyrrFdeCrwWvNjcwooqOcWlPuzp22MvWhPpam62WDOD7aboieoNGAh9RETLQ5VHsVGgzskdLGCir5BcwSj1odu3MWB79xQV9wg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 84d247653d7237f8-FRA
priority: u=3,i
expires: Tue, 28 Jan 2025 09:07:27 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1A68 13 KB
5 KB 23ms
22ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sotaydoanhtri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5911
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 13:10:24 GMT
expires: Tue, 28 Jan 2025 13:10:24 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 951E 829 B
1 KB 61ms
25ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9657b75886d8424a9440ab898778c1033e8d2bafac34a14cb25a58d0863fe6f9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7kbYXA-v2D_FKqcn6ZNewg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sotaydoanhtri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-7kbYXA-v2D_FKqcn6ZNewg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 14:48:55 GMT
expires: Mon, 29 Jan 2024 14:48:55 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

200

1 Show response
mc.yandex.com/watch/55962472/
Redirect Chain

https://mc.yandex.com/watch/55962472?wmode=7&page-url=https%3A%2F%2Fsotaydoanhtri.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Afu%3A0%3Aen%3Autf-8%3Ala%...
https://mc.yandex.com/watch/55962472/1?wmode=7&page-url=https%3A%2F%2Fsotaydoanhtri.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Afu%3A0%3Aen%3Autf-8%3Al...

494 B
649 B

69ms
69ms

Fetch
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/55962472/1?wmode=7&page-url=https%3A%2F%2Fsotaydoanhtri.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A0%3Als%3A394758846119%3Ahid%3A910118676%3Az%3A60%3Ai%3A20240129154855%3Aet%3A1706539736%3Ac%3A1%3Arn%3A515802829%3Arqn%3A1%3Au%3A1706539736176624470%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C28%2C1384%2C2%2C641%2C0%2C%2C90%2C0%2C2256%2C2256%2C0%2C2188%3Aco%3A0%3Acpf%3A1%3Ans%3A1706539732841%3Agi%3AR0ExLjIuMTc3Njg0NzI1Mi4xNzA2NTM5NzM1%3Afp%3A2159%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706539736%3At%3AS%E1%BB%95%20tay%20doanh%20tr%C3%AD%20-%20Ki%C3%AA%CC%81n%20th%C6%B0%CC%81c%2C%20ky%CC%83%20n%C4%83ng%20va%CC%80%20tin%20t%C6%B0%CC%81c%20kinh%20doanh&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

Protocol

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

f550e9d8226bcdd512b74a8de30c6c7798e262784b092e08d447e68ccbb25985

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Mon, 29-Jan-2024 14:48:56 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://sotaydoanhtri.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 494
x-xss-protection: 1; mode=block
expires: Mon, 29-Jan-2024 14:48:56 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:55 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 29-Jan-2024 14:48:55 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/55962472/1?wmode=7&page-url=https%3A%2F%2Fsotaydoanhtri.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A0%3Als%3A394758846119%3Ahid%3A910118676%3Az%3A60%3Ai%3A20240129154855%3Aet%3A1706539736%3Ac%3A1%3Arn%3A515802829%3Arqn%3A1%3Au%3A1706539736176624470%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C28%2C1384%2C2%2C641%2C0%2C%2C90%2C0%2C2256%2C2256%2C0%2C2188%3Aco%3A0%3Acpf%3A1%3Ans%3A1706539732841%3Agi%3AR0ExLjIuMTc3Njg0NzI1Mi4xNzA2NTM5NzM1%3Afp%3A2159%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706539736%3At%3AS%E1%BB%95%20tay%20doanh%20tr%C3%AD%20-%20Ki%C3%AA%CC%81n%20th%C6%B0%CC%81c%2C%20ky%CC%83%20n%C4%83ng%20va%CC%80%20tin%20t%C6%B0%CC%81c%20kinh%20doanh&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29
access-control-allow-origin: https://sotaydoanhtri.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Mon, 29-Jan-2024 14:48:55 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 1A68 39 KB
15 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 12:30:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8305
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Jan 2025 12:30:30 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 951E 0
0 161ms
161ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240122&jk=2011981395262102&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1A68 0
10 B 25ms
25ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?9B_ywQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/ 165 KB
56 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401250101/reactive_library_fy2021.js?bust=31080697

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a36d4b1d771c9049cb777c11edfdd0f424cdce9a2def0a1a2485b187fb62592

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57008
x-xss-protection: 0
server: cafe
etag: 1075304546388269206
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Jan 2024 14:48:56 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0D8A 39 KB
16 KB 480ms
479ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=326101615&adf=3347376195&pi=t.aa~a.1062062165~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250&nras=2&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2660&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e55195f91032793c319cd9601747242ab3affeebf3b0194c73e8062bf1c218df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sotaydoanhtri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 16665
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 14:48:56 GMT
expires: Mon, 29 Jan 2024 14:48:56 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1976 730 B
388 B 701ms
700ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=469371209&adf=2601185397&pi=t.aa~a.2210050546~rp.2&w=1116&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1116x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250%2C1200x280&nras=3&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=242&ady=3002&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=8

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0d332580c543c1026ff26c7a3155a32f02b6bb62b09fcfa920fbcbf7419b18c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sotaydoanhtri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 363
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 14:48:57 GMT
expires: Mon, 29 Jan 2024 14:48:57 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6DEC 39 KB
16 KB 453ms
453ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=0&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250%2C1200x280%2C1116x280&nras=4&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3690&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

099bd0471fb58a4a0cbc78a18bfed8e7bab548ae8d0c5bd99979ca21686445d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sotaydoanhtri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 16809
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 14:48:56 GMT
expires: Mon, 29 Jan 2024 14:48:56 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/ Frame DB2B 9 KB
4 KB 15ms
14ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sotaydoanhtri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 55234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 28 Jan 2024 23:28:22 GMT
etag: 3890843268177463596
expires: Sun, 11 Feb 2024 23:28:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/ Frame 495A 9 KB
4 KB 14ms
14ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sotaydoanhtri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 55234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 28 Jan 2024 23:28:22 GMT
etag: 3890843268177463596
expires: Sun, 11 Feb 2024 23:28:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/ Frame BE65 9 KB
4 KB 14ms
14ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sotaydoanhtri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 55234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 28 Jan 2024 23:28:22 GMT
etag: 3890843268177463596
expires: Sun, 11 Feb 2024 23:28:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame DB2B 4 KB
767 B 26ms
26ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 29 Jan 2024 14:48:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 29 Jan 2024 13:01:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Jan 2024 14:48:56 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame DB2B 205 B
295 B 55ms
19ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 09:14:30 GMT
x-content-type-options: nosniff
age: 20066
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 28 Jan 2025 09:14:30 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame DB2B 604 B
1 KB 50ms
14ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:09:46 GMT
x-content-type-options: nosniff
age: 2350
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 28 Jan 2025 14:09:46 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/ Frame DB2B 16 KB
7 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c2a69649d15f908464902e679f465757cff39c3f59f8d92f4117987152c50303

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54811
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6870
x-xss-protection: 0
server: cafe
etag: 16407976921096022632
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 23:35:25 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/ Frame DB2B 22 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3384e396c88e07cd7d0e46d5361eff9ab20ff9f65dfb94436030ccd116943bc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:31:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55060
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9462
x-xss-protection: 0
server: cafe
etag: 4236850132385514013
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 23:31:16 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1AC9 624 B
246 B 54ms
54ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnsBxC-xMcCGNXj8a0BMAE&v=APEucNVm8CvOM2DyM3ePjYy4OTtw0yxGeKGcsv6V5MKX77y6j4MBNiOPDj_44BKVhM8MBPEPG4t5JNWyB0doPzdDOHlFO3bU1nEIoejG-TQ2rD1lXr_jBCXJ4zVcdA9kZ_7uPcOQEN5Ia472eDzBWpOJ3cSyqNMt3Xf7IGfA3jYEQUYZcaGRKXk

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 14:48:56 GMT
expires: Mon, 29 Jan 2024 14:48:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame CCFE 23 KB
9 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 10:29:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15544
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 16165788300067284045
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Feb 2024 10:29:52 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/ Frame CCFE 8 KB
3 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 11:54:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10479
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3206
x-xss-protection: 0
server: cafe
etag: 12640889860211258669
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Feb 2024 11:54:17 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame CCFE 41 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 11:54:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 356079
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jan 2025 11:54:17 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame CCFE 3 KB
1 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame CCFE 20 KB
8 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:41:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 23:41:57 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame CCFE 205 KB
65 KB 91ms
36ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 14:48:56 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CCFE 42 B
63 B 165ms
165ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BQGaYFXUbQcMAcNu4bd6TQp7QHCyjwa2TY4MOjED113ohxO-zghpVtUs7klUT5yt4sS19RMuC_T6c62xMoNIrXivXmC_c-l2uBVzBLN1B0XSNH6fE

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 11655382945734941485
s0.2mdn.net/simgad/ Frame CCFE 1 MB
1 MB 79ms
25ms Image
image/gif 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/11655382945734941485

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7136685cd925ac53f86d8ea27987776e4d4a845b38b8b3e364e990ce76d68d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 22 Jan 2025 17:56:07 GMT
date: Tue, 23 Jan 2024 17:56:07 GMT
x-content-type-options: nosniff
age: 507169
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1100047
x-xss-protection: 0
last-modified: Sat, 30 Dec 2023 11:39:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 css
fonts.googleapis.com/ Frame BE65 4 KB
728 B 23ms
23ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 29 Jan 2024 14:48:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 29 Jan 2024 13:39:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Jan 2024 14:48:56 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame BE65 2 KB
822 B 28ms
28ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 11:54:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10479
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Feb 2024 11:54:17 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame BE65 23 KB
9 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:08:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 16165788300067284045
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:08:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame BE65 3 KB
1 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame BE65 20 KB
8 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:41:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 23:41:57 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame BE65 205 KB
65 KB 118ms
74ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 14:48:56 GMT

GET
H2 200 5ff8bb2821e31fbf08fa14f5007a6efe.js Show response
www.gstatic.com/mysidia/ Frame BE65 37 KB
15 KB 27ms
15ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5ff8bb2821e31fbf08fa14f5007a6efe.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54db8dca7039b548a0aa4e5e22fcea2a4e536b8aaec0b13a750dbc61ca3f3538

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 08:38:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22214
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15476
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 22:40:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 28 Apr 2024 08:38:42 GMT

GET
H3 200 6592766407814317453
tpc.googlesyndication.com/simgad/9634525090698344841/ Frame BE65 35 KB
35 KB 32ms
30ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9634525090698344841/6592766407814317453

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

085431fe060a4226ca15188a99e7ea382947b5420345d72086cdfbb861b4c725

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 23 Jan 2025 13:20:32 GMT
date: Wed, 24 Jan 2024 13:20:32 GMT
x-content-type-options: nosniff
age: 437304
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35505
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 08:28:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 11216492984285224642
tpc.googlesyndication.com/simgad/ Frame BE65 2 KB
2 KB 40ms
39ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11216492984285224642?w=100&h=100&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b613c9f97c7a5ff665d78ed984e8352e9d0acbb5879b5b17a02478b8b1104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 28 Jan 2025 10:14:08 GMT
date: Mon, 29 Jan 2024 10:14:08 GMT
x-content-type-options: nosniff
age: 16488
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2285
x-xss-protection: 0
last-modified: Fri, 20 Oct 2023 13:27:04 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 4b0ef9dfa83525e0607f42119c034d23.js Show response
www.gstatic.com/mysidia/ Frame 4CB5 9 KB
4 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4b0ef9dfa83525e0607f42119c034d23.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97c530c44249746307c2b01b37eed0f53757d139bc4243798f468c71da9844da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 13:26:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4946
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4079
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 22:40:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 28 Apr 2024 13:26:30 GMT

GET
H2 200 4f26b05aa9d204d980ccb41a4ef3c654.js Show response
www.gstatic.com/mysidia/ Frame 4CB5 146 KB
54 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4f26b05aa9d204d980ccb41a4ef3c654.js?tag=video_mra/web_interstitial_raspberry_ms

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a17ee63744e6ac921153b2af8c461b5948dbca82c968f593411ed6aab72a81e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 07:26:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 285736
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54875
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 22:40:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 25 Apr 2024 07:26:40 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 4CB5 21 KB
1 KB 26ms
25ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500%2C600

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

76740b2a7b0a35eed6ceb509cefd8ddd6955bd5c656b0581f2dcdb48040ced8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 29 Jan 2024 14:48:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 29 Jan 2024 14:10:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Jan 2024 14:48:56 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 4CB5 2 KB
822 B 28ms
27ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 11:54:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10479
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Feb 2024 11:54:17 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame 4CB5 23 KB
9 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:08:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 16165788300067284045
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:08:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 4CB5 3 KB
1 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 4CB5 20 KB
8 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:41:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 23:41:57 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4CB5 205 KB
65 KB 112ms
87ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 14:48:56 GMT

GET
H2 200 5ff8bb2821e31fbf08fa14f5007a6efe.js Show response
www.gstatic.com/mysidia/ Frame 4CB5 37 KB
15 KB 34ms
32ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5ff8bb2821e31fbf08fa14f5007a6efe.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54db8dca7039b548a0aa4e5e22fcea2a4e536b8aaec0b13a750dbc61ca3f3538

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 08:38:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22214
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15476
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 22:40:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 28 Apr 2024 08:38:42 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 173ms
168ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240122&jk=2011981395262102&bg=!HxylHFPNAAa8BdJLnAU7ADQBe5WfONbxrMrcqzseSlxcZBM9ZiO-juJnGqyWjqjmqZxwZmETt26BGGhxufNHcv30V3_xAgAAAEZSAAAAAWgBB5kCtOMevVISTb7wcIJ8VLFkqQ6_9FtfB6PcWECgT8FJnhmPy5ea3ZPP0FRCUyjT5grF-6KVEJzz5hh971yE6AA_7mhS5AI0vrXe79AaIUr7lwT7W3sfyhHmPUJ6BWxt5w843i1oprVIRwmH83yzJjP-VfYgUeRC3Hdz9bsoZgEPsRRoFZu2AoAY5Ed1i9XlZbQAyTtChvXGX6loTxgpB9o9SwH17x2ITXeRajtaN6jjktPgQkj-GZpssdvZFBgAXkBb_OaV51IhvUbo-22ncEzgB2_aD9ApP62JbF8UurWxa461RBHcWHlxVIu1uWlD_6WH1gO3nQ2u_3-XSG1QW4JZu-E8_J5d6MNBvNy4Mo42jfT5l2Vuu_-DwPuYpyRU-HqxRnEAXH5KEMwKygObFuGPPuxH8vf64DnlHWJHYUN_aLb6PzCPZicxtxwm9NehRkGXyYkEJ2pygUlFasrzL8dtrN3TcdruKwb1keMyayrGpMUbnK3lBSxhR8SMzNetgrVWscmHMC1VsAzM8zhJpu1rYl1u_CEnVbK4A422psE_VOxaF2aJULyltFWMoSNv8BwXMVNrHLRyhdsrnmtUCpKPTKwsv8TyEMMj7mdsCj3VaPD8zkKeGXF80HoegQFccxHWjRvk7U4xvjYQgKptnQgbSKjuWSw9FTA8p_sQ1iUi0uXhKrN2EvoRBpdAoX4PFm__aZZbW2Lj4bflhMBqy0KpN0IKGvdPtJZ3O2weE_JJLy3JcEKByOjogpIKgcn0YS23YWrmPWDeiMvqcKtPLTdFBiMefiIT2_6Df6JNTcPBR4cSFU2BJgwLWtXd4iehg1pS8dR7xnAelQ8dV9MIrjHUnMEaOxT_5Ro1Bz9S_LWm1aVAJgMkr733K3Xs3VKKMVI8Ba89zOe2lF7PJ4GwmEPLjlmOXUE8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 297B 38 KB
13 KB 26ms
23ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 356079
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 25 Jan 2024 11:54:17 GMT
expires: Fri, 24 Jan 2025 11:54:17 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 1AC9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo3tT1w5eHPoYFlLowY_dw&google_cver=1

43 B
337 B

43ms
42ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo3tT1w5eHPoYFlLowY_dw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnsBxC-xMcCGNXj8a0BMAE&v=APEucNVm8CvOM2DyM3ePjYy4OTtw0yxGeKGcsv6V5MKX77y6j4MBNiOPDj_44BKVhM8MBPEPG4t5JNWyB0doPzdDOHlFO3bU1nEIoejG-TQ2rD1lXr_jBCXJ4zVcdA9kZ_7uPcOQEN5Ia472eDzBWpOJ3cSyqNMt3Xf7IGfA3jYEQUYZcaGRKXk
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5bs2l%2B2EO%2BdxkzVVKbN5zPOVw0tF51cJgbBor0X5NQ%2BR6BGPaAW5IE4QOd2iLyMlWcDRATswreTWhGgmq6AzbjoWzlZsp68z305TRRKkPW067xTYY16tSCR2nLv%2BSdYAcPaDscFL8m7WGg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84d2476a3ed971cd-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo3tT1w5eHPoYFlLowY_dw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 1AC9
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zbe62Nctj8vRzZHe4ixY-AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo3tT1w5eHPoYFlLowY_dw&google_cver=1

43 B
765 B

39ms
38ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo3tT1w5eHPoYFlLowY_dw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnsBxC-xMcCGNXj8a0BMAE&v=APEucNVm8CvOM2DyM3ePjYy4OTtw0yxGeKGcsv6V5MKX77y6j4MBNiOPDj_44BKVhM8MBPEPG4t5JNWyB0doPzdDOHlFO3bU1nEIoejG-TQ2rD1lXr_jBCXJ4zVcdA9kZ_7uPcOQEN5Ia472eDzBWpOJ3cSyqNMt3Xf7IGfA3jYEQUYZcaGRKXk
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bcKVCsI5Uyaj8E3S4EuiR1vF723t7yFvF25NILvXLxMZ94Tgv7a8Ra2cjWVNObQtLcTGfmfZ9fweydUo4kdtmHHJ%2FnCkEi1GOimTRMsVgbJuYRq8HvjWH0KuyNsnpooZOaciVWe3YBLEiw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84d2476b0c399290-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGo3tT1w5eHPoYFlLowY_dw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 1AC9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEnYlYiu5ncJfn-V57ctRWU&google_cver=1

43 B
1 KB

22ms
21ms

Image
image/gif

185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEnYlYiu5ncJfn-V57ctRWU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnsBxC-xMcCGNXj8a0BMAE&v=APEucNVm8CvOM2DyM3ePjYy4OTtw0yxGeKGcsv6V5MKX77y6j4MBNiOPDj_44BKVhM8MBPEPG4t5JNWyB0doPzdDOHlFO3bU1nEIoejG-TQ2rD1lXr_jBCXJ4zVcdA9kZ_7uPcOQEN5Ia472eDzBWpOJ3cSyqNMt3Xf7IGfA3jYEQUYZcaGRKXk

Protocol

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
an-x-request-uuid: a5371a19-f3d1-4777-a7ff-10a28941f7af
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.76; 45.141.152.76; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEnYlYiu5ncJfn-V57ctRWU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 1AC9
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzQxMDMyMjc4MzE5MzQzMTgwNw%3D%3D

170 B
243 B

26ms
25ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzQxMDMyMjc4MzE5MzQzMTgwNw%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
an-x-request-uuid: 39252f1e-a1cd-47cc-ae88-23d111aaf7a4
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzQxMDMyMjc4MzE5MzQzMTgwNw%3D%3D
x-proxy-origin: 45.141.152.76; 45.141.152.76; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame BE65 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: abd60d8a615f0e179ae52ccf5df084cc184c61d1da8887260287242b64ae94b9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 297B 39 KB
15 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 12:30:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8306
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Jan 2025 12:30:30 GMT

GET
H3 200 i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js Show response
pagead2.googlesyndication.com/bg/ Frame 8A65 51 KB
19 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8bf23b82d939bb7f3d64650989894b9e00534789e8e782a07069005d8bed094c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 11:59:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19704
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 24 Jan 2025 11:59:51 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame BE65 15 KB
16 KB 14ms
14ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 16:39:21 GMT
x-content-type-options: nosniff
age: 252575
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jan 2025 16:39:21 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame BE65 15 KB
15 KB 15ms
14ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 23:28:52 GMT
x-content-type-options: nosniff
age: 487204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 23:28:52 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 297B 0
20 B 168ms
167ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BH41L17q3Zbb_IYWY2OMP6MqGmAwAAAAAOAHgBAI&bg=!8POl87zNAAa8BdJLnAU7ADQBe5WfOA2HtGdLSt42XFrdhQBd9IixP9bDuTNSYrMvqTpB4FQJLtzgIUfgh9nTtHTIc22KAgAAAGtSAAAAAWgBB5kDFHYNkXHdujqIqrg8O4Aed0FoJx2whroZIY6C_9tvTpP3hEEOQAL8t6eQFhC4UY8aAg-ft8A7IiinOfCH-_BKpuzJ33g9bvZRniAmJw-BSlOT255VljpC05WoLSpIaNp7N3dOk5_6C4h5w2fMlSZAZnmDH5x0fwxUjfy9duoLsOTdO7RJURVgNFv47U2dDGfSdyfk_JgPlNDltaSaLvqm8GnU2tUu_0VVH9EsVV7P0Rh3sTVnA-HwLFLhNTbfF1WdlOsXXcfP3OQvky8_8YwY2QtI88DF3mU9hDgQ3wVbmfRdnxr4I-xg1uIsI6vhCPNgXjuKTx-IYV5btNRbLBNAJT5Eto4V0R8R1dAC5C67iXmNjjjn-wh5SObav1C1PMfQ6uvY0HKnYfwAJDc1fXUAUc07NWBJheeN1TEGc1zUmPRv0-74qq-a7BnzMDScBFNuXO14DgRcS5rDe3pNWGRPcH9o6YIkSYcDJ2DpVC_Ohcws_EwspbO9KbQoSoNj_h0DyFfC6G4tc_wCsieUvj7PQupAMkWMJul91ImMrgADbEQuXSijzdLpJaFpmPVNW-El7RMSQRkO6fZEEnMcxF6WrlH0mIXg7uuLM-N7UuIKxNuPZgcmkT5lllWWmaYNflRuUKUlGGBmBaNDa0gFd39QZkp4wW23K_TlibMtiYnHv6ML197nU_itxUlUWgOIh8strKE3K07FO9gRNBL-LlzOtQr6cQYlPGaLQ8hioMR20V245cArTtTpmTQZRQB4J9BiQMwmu2sbkG4v1KQGe5yAWelJ39TRepN_Ak9AODjP2ytbq2XJXotSMwvRVcwtWMgfVjQ7NlbrD4yvOirT_-PMQqWzfoccmajUHSih7HZ5YnnLrDOc-G_VqLH0PGEg4zElM4U9pnnhAe6XoviFc_RRcWXK_SJGEgLq7I5MqGJHKD_P3BqVp2aCPxb5CYzStnFSdCajkeXYysoXlzdfCm-oOG8Ah_nDiSaqZ-f_GyOs4StWMLKscg1pXjwkiaUY974-5nFqtuY62Gv4uXzuaLx0WYumpLl8

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame BE65
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Cp1zm17q3Zbf_IYWY2OMP6MqGmAzG5dXGdfC51rGqEpiS-IezAhABILbv4nFgleKQgqAHoAGcj5P_A8gBCagDAcgDywSqBMcBT9B7AhZm5Hjx3qciemfC4Okh_dxfty6TFuYPvXxxm-MK41u...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22989513783828343090%22,%22debug_reporting%22:true,%22destination%22:%22https://insightsoftware.com%22,%22event_report_windo...

0
0

93ms
52ms

Fetch
text/css

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22989513783828343090%22,%22debug_reporting%22:true,%22destination%22:%22https://insightsoftware.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221071957916%22],%2222%22:[%22true%22],%224%22:[%2201-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211150690293100179649%22}&andc=true

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"989513783828343090","debug_reporting":true,"destination":"https://insightsoftware.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1071957916"],"22":["true"],"4":["01-29"],"6":["true"]},"priority":"500","source_event_id":"11150690293100179649"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 29 Jan 2024 14:48:57 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 29 Jan 2024 14:48:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"989513783828343090","debug_reporting":true,"destination":"https://insightsoftware.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1071957916"],"22":["true"],"4":["01-29"],"6":["true"]},"priority":"500","source_event_id":"11150690293100179649"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js Show response
pagead2.googlesyndication.com/bg/ Frame F28B 51 KB
19 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8bf23b82d939bb7f3d64650989894b9e00534789e8e782a07069005d8bed094c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 11:59:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19704
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 24 Jan 2025 11:59:51 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame AC8D 42 B
63 B 166ms
166ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AWgif1oC4GEhepSJl5E5nwvvpOrYmAf0jGnXrQVOuq9fSCS7yc6nDiAHYJO8AtlD46yIffkzetJRxT0VPUL8QDCN-Cx1UWAUSN8-Z--AmLDRLWKZU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=250&slotname=7720883551&adk=1428232898&adf=2703960325&pi=t.ma~as.7720883551&w=970&lmt=1706520747&format=970x250&url=https%3A%2F%2Fsotaydoanhtri.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539735203&bpp=1&bdt=306&idt=255&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=259

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame AC8D 3 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame AC8D 20 KB
8 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:41:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 23:41:57 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame AC8D 205 KB
65 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 14:48:56 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 708D 624 B
245 B 52ms
52ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnsBxC-xMcCGOjg8a0BMAE&v=APEucNW0G6hq8kmK-SOewLiT9p6XOZt3pR8LfGAGr-EwAgRfdbKN1Pdaj9qXxjoJKvyAMVULNa6oLKbS5wgbgOgbC_Bp6KxvIAzOAJAsOb44UAIwPxQ9k0bK-3DOtcs7ker9YN0EeMq9TRJF4-7yqyW8q77j6oA19cNlBV2wIuE_UVI_RS4QImI

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=250&slotname=7720883551&adk=1428232898&adf=2703960325&pi=t.ma~as.7720883551&w=970&lmt=1706520747&format=970x250&url=https%3A%2F%2Fsotaydoanhtri.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539735203&bpp=1&bdt=306&idt=255&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=259
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 14:48:56 GMT
expires: Mon, 29 Jan 2024 14:48:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame AC8D 23 KB
9 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 10:29:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15544
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 16165788300067284045
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Feb 2024 10:29:52 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/ Frame AC8D 8 KB
3 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/omrhp_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 11:54:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10479
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3206
x-xss-protection: 0
server: cafe
etag: 12640889860211258669
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Feb 2024 11:54:17 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame AC8D 0
0 128ms
61ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssZ9psBuMHveVhFmSCdSFPCxzeJ5c96dUWfTPwIFU-6OrH-0ZLBVJtv1hXuESGLn-IMW907k-28Z_2hobwKoO-Wo6VfbRbOqo0GgiwaD7Nzz8B48J-cjfLbLvcHt-NxDjTxhwKNrzb6XbuOXUkbgP7g9MS_1uLQMhW0UdKhiQeuzghOy3kvA6HUwQOPUchDMLLhxZUyjHGJJr3iOWFD1WKIpRgo0xPWyxRqpOdB0z9OZo577EbkCVNQIAYwmEgVlbDbyU7Sip-l44JzH0ukTSYwgavmPXXiJr4BwFWWLLWbMzY3pKj4AnS3GH2VuQFhJwJjh6TbhefxQcaCE69tWd33tJxyDXR625TFtoy5JLBamTySDWfM3wGIXKWZt9Mk09MEIHFxDcB98OTQJXhfEb1OyqB-qbEeE36SsSP6z102B8Wdmr-oJWQratH68ACuTbkIgocpxu8Ctj3f-f0vZ6H6mVoZ6DW1CDAV1jdt3hwJm5CRVHye_yGwaIGbInfcRrnxeC4JW9srQlbRWHHK3Tt7rGiMjKZkLTaGQ2mRe1iEALWajEvEDBhG52GUZvSJOSBAzUaTQBaCAfQDVapxyCW_bRsXT4MMKL1lAQ6ZMS1Aunyhcjfmq6YgWlslGckMDDlnuSqLPuJKhnfN48jWf0-aDad1uDpRb4lVfkP9TZWP297UAsTHPUXKdPLYU0LVaM02tILFl5nR-tZ09Dh0pIZjwBWbugHmBAgY8JUkPxR2LAII5pHxjimWgKok3CqkrK9qca7QTdElZfizP27791ljZcXsLm9Si9rblXhE19q5uYDsHI4-fW0KxYtRXRBNI-EuQPeAlAXiqBOe4ePCWrjHbhTjFP1u_bYaHbk0lITAdfUNQzUBuNaWa2o2AZ-rlryu6pCz2KCVshkL_R-DoNfLVTr71-b7ycMiDtVCi6wpSTjk6TuiFGrxUmRYVuJIgPiKgcGrOopmY4bOUNeJJVjW0n0FRx6omCVRLrCD2q2plA0KQhuFqoAzL6XDp9XwUABIV5gTAlpKJ4pk3U-gaPhTlWB1oPgapAth1TmTZeeSRG0aHLz152KiCRYZvEjGX-8yewe6vb0SxkcaZhi3SeE_Ei65L63T1bVARRuDh-jKXWSU8i0l1pqsx6vRGVNo-86dsz9EtqkwfExsG691tR2uDnMmwCe2eTkv21ylpoANptU-2PS8HO9eeviFxOZ0eDEpm4ZLBQupYZaWnozrU0EhYGWRP4iN4mdWlPASVCotz9-msUpzgBEcNuo9rWgnihlAy2-OFTviDScqdHeJ1BBvUktWBfi9VHVBXxHVuCDop_Q3_u67EEWECDtblCrtAjYymd3yY01UxA&sai=AMfl-YSnDPSvgTNPXUC7CpCD2xlHawSEoKI9HeE9HaS2Ze2tu47K6T83aC6aN8uv6pRa_TjmcyrTpyqt9gb19dZ7tFdyrz1imjb8YBL2f4J1zuN0MX5WuywVujYOBfWW9BEtEZxCK1M4fgiLsU7R-tdKvCCzNJnv6rY_n5NEPXedQ-W9b2EGS3qKmRlyoPwf0RCjkLp3F8qyL_NK6hmrO4eModPoVO_SWRI5sCm0nr3J0vZUfvKAIN29Da-wTe0oIhQOBUdJ6qtB5Mcp_YRxNFWRsLExH60SK6CkfiSwIwu9x-dbj_EJqugxi1y48X5O8c4oHvCFMkdB-qurJwK_BCS2-qI7sXEsDpbIOZtWl6aB50kx2fh1AOWPviYrvCbKl6oyOLnNiFbrNktjSiApFxCkvXTm5F4VkriBJqFFYCjaEoZnYbZlvCMHff1NGqE3UD4eJeSHGTuky4YJuc59wd-nxIfz-svz-nVd0DXs8WoDgDNRIm3xAxzB9G6Hi60RWutCk4O6H_gAL-1s&sig=Cg0ArKJSzF9NHsL6n6dzEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9yYWphcGFjay5kZQ&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20240122.56831&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 29 Jan 2024 14:48:56 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Mon, 29 Jan 2024 14:48:56 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame AC8D 41 KB
14 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 11:54:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 356079
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jan 2025 11:54:17 GMT

GET
H2 200 14910901644976518867
s0.2mdn.net/simgad/ Frame AC8D 2 MB
2 MB 25ms
24ms Image
image/gif 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14910901644976518867

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90b52ed63bb7f5995b022861cbe89c30ef2f6dbb5d29f1fc80eaea259aafd32e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 28 Jan 2025 05:06:51 GMT
date: Mon, 29 Jan 2024 05:06:51 GMT
x-content-type-options: nosniff
age: 34925
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2433515
x-xss-protection: 0
last-modified: Sat, 30 Dec 2023 11:39:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 78ms
44ms Preflight
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 29 Jan 2024 14:48:56 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 6DEC 3 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=0&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250%2C1200x280%2C1116x280&nras=4&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3690&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 6DEC 20 KB
8 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:41:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 23:41:57 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6DEC 0
0 21ms
21ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTV1tqQ4XhaPoEQdO_F0-6KSQsw3uMQG3X_XRjgZuaYn8u-SHY6QrO2h8DeodVxnSeZb6KsM0CSi6wWIm5FKbJY1FW1UQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=0&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250%2C1200x280%2C1116x280&nras=4&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3690&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=10
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 6DEC 205 KB
62 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=44809772

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6039c0e8da2c0af4d0ddac49d03558864cbc9ba84fc3b20eee6b331eee12a2e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 13:50:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3513
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63000
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 29 Jan 2024 14:50:23 GMT

GET
DATA 200
OK truncated
/ Frame CCFE 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 19286a3caf8a15a8b0e39e33e4e3f0385c427ee6e84dad09011bf435a21f8bb9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 708D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOBANbMdqgHfhZ3NHq4QdWM&google_cver=1

43 B
735 B

34ms
33ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOBANbMdqgHfhZ3NHq4QdWM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnsBxC-xMcCGOjg8a0BMAE&v=APEucNW0G6hq8kmK-SOewLiT9p6XOZt3pR8LfGAGr-EwAgRfdbKN1Pdaj9qXxjoJKvyAMVULNa6oLKbS5wgbgOgbC_Bp6KxvIAzOAJAsOb44UAIwPxQ9k0bK-3DOtcs7ker9YN0EeMq9TRJF4-7yqyW8q77j6oA19cNlBV2wIuE_UVI_RS4QImI
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P5rBvY34IjJEChkusEkZUxzLBKTw9BHV%2Bs6dRQP5%2Bqd7NwIu6ZFLZFVp2tlI2UW32wZH8so3AFBjdi3MFvk9etirfmclBtHcuBBd1ac7vYzbJKR59j6mEU5%2BN7uej%2Fizx29knMwepcgj%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84d2476bcd109290-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOBANbMdqgHfhZ3NHq4QdWM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 708D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zbe62Nctj8vRzZHe4ixY-AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOBANbMdqgHfhZ3NHq4QdWM&google_cver=1

43 B
732 B

37ms
36ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOBANbMdqgHfhZ3NHq4QdWM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnsBxC-xMcCGOjg8a0BMAE&v=APEucNW0G6hq8kmK-SOewLiT9p6XOZt3pR8LfGAGr-EwAgRfdbKN1Pdaj9qXxjoJKvyAMVULNa6oLKbS5wgbgOgbC_Bp6KxvIAzOAJAsOb44UAIwPxQ9k0bK-3DOtcs7ker9YN0EeMq9TRJF4-7yqyW8q77j6oA19cNlBV2wIuE_UVI_RS4QImI
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lRpLsf3lEunwbozHFI6y2eTTFpl%2BeKI1GMcf2oltTH%2BQ7%2FxPng6g4gB1NxClwd8RTHi1rtgQNEfum8%2B1GruoIoyVDBFZdqshYBOcRbppIIh7F2jQUb6uEzuZTkLuO4UETeno7Ia6tUp2kw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84d2476c0d5f9290-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOBANbMdqgHfhZ3NHq4QdWM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 708D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELv6iDhSLyEZuu8yIITEyEY&google_cver=1

43 B
1 KB

22ms
21ms

Image
image/gif

185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELv6iDhSLyEZuu8yIITEyEY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnsBxC-xMcCGOjg8a0BMAE&v=APEucNW0G6hq8kmK-SOewLiT9p6XOZt3pR8LfGAGr-EwAgRfdbKN1Pdaj9qXxjoJKvyAMVULNa6oLKbS5wgbgOgbC_Bp6KxvIAzOAJAsOb44UAIwPxQ9k0bK-3DOtcs7ker9YN0EeMq9TRJF4-7yqyW8q77j6oA19cNlBV2wIuE_UVI_RS4QImI

Protocol

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
an-x-request-uuid: 48124359-b211-44cb-95af-c17e04fc8d64
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.76; 45.141.152.76; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELv6iDhSLyEZuu8yIITEyEY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 708D
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzQxMDMyMjc4MzE5MzQzMTgwNw%3D%3D

170 B
188 B

36ms
36ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzQxMDMyMjc4MzE5MzQzMTgwNw%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
an-x-request-uuid: 6a57c419-7506-451b-b0be-614dba81fade
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzQxMDMyMjc4MzE5MzQzMTgwNw%3D%3D
x-proxy-origin: 45.141.152.76; 45.141.152.76; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 9F34 152 KB
50 KB 172ms
122ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Zbe62AAHsCkD5-KtAAIyuY1_u7txtfE2IpwnQA&u=%7Cn9n5BqZzeWiv1Sv355cYsRXVKucs%2FZauljMKCqLpQjU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANSWY8jeVe2k8jkXO22AzZT_yFwjn8Vb01uoPnKeaplVf1YZ_d32P4Zyae-vr47s4vG36PwEGodbEpqvOprLLlqUpIcVR0qFbsSxmJsCkHXM0Rbj_W20mwGNavvKraiv4Ma7nIwdLObFZqHPf17LlmkIZfPJDry68TLXPxInVU53ZQ0yP2J2sahIDe4dAHZBSCwIoENP3XdFcf3VW8Rpmw6q3a3SUZdsq-ZCzixMm5x2ckfOBJxBfACwsczc9BbFA6LVTe7AnP8jyIejXVZR_D4SSXQQ2_wLR5_mNzy9lde40KLr9yQ-Yc_UK6Rp2bfbznuv1-VJ8kqm_1ekd6FbLczVFD4Xfwx8KfJ-vYrie4X3tne00RrU9z8qxLBfvevGDlGm9xwim9IpMnBWUP8LnTvP88wo305HkajqdIV5PnfosZ6JXFfyoM3gE_X3azDnMZAUhGbr3vLsJ1j-VzAuQME9aO5BxNMWbluI48oUb6KFnFrLOgyDJpUNI41MWxKK8fDScTemEjDDLi5mLoBBMb8pb1g-fdij7lHQ5lcgNDplkJt2ObNW7B25s7R9CFTFisCigZy5jEGNGOcIelbryxXMdj123fDZbH5rFeX_dE3kn&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8Yxe2Lq3ZangHq3Fn88PueWI-AzJntKxXL3plfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTkxOTEyMjUwMzM4Mjk2MjXIAQmpAiyU_HG8KLI-qAMByAMCqgTSAU_QpFal9anB7suGVSNlEvhOGrSmH-Flar2Hm6tdpuidp20sVY5GyBuR15uqTzqU-ChPMzHtGSy-wT8XoRqdOQMMbe1_sfwVfL_CrOLW856W_HP2l13LhcYOZcjlV5IEyBb5fHOky1iA67KpiO20tMonpws75j9jxNqvIAtw4zRL-8_IvjFoyyOTXxFibMRH2Cfyn9oT6psjO-JD0JLj18Lm4fJ9DbNQUgAbf49-aojNJ_hASC1Tf148b7afc_Q-4w1zcenMexifdYeYgHA9n_pnKoAG9aedkJiV_rhwoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIXXo_brgoQD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RRTXLtjvCD3OCtuqf9DnGqJbkoQ%26client%3Dca-pub-9191225033829625%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9be02ea845edbe6539b2c8ff343ce97fc9e3295a1156e0d47810187568aa4113

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 14:48:56 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=BInLfbrJKKs7-1UcudYKceGsErG3wkGZv3J7wH6zwrxXKMCxL_vII7O33Rs5adhUYc9-SiOUOu0q5qOoVDWnnF6iDSAIQrI1rukk5NZGRfWF6Nlc1UaAvWqYJ5r-Yipp9moS82GX5zBO0_GOGtqWW40Ib9Zb38e5FhFvAmQqM1NlK9MnAK7qIeEwDljkPrTsEUYbz_gmM8wSbrLFmXShAy2ZSrqOjVjJfJrhhdJpCimBarzyu7JYgfapnPaNnwEJ99C1TQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 55010621
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6102 1 KB
643 B 14ms
14ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 77892
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 28 Jan 2024 17:10:44 GMT
etag: 48472445140208031
expires: Mon, 29 Jan 2024 17:10:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame CCFE 0
0 66ms
60ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvvH0TZ1TO-3eN_kKp8TB7MKPjTao4c1JrvUaVeXmV071v1m_WDvsnAuaP7UXRt189m6P1EuboLwgLQVQ5gw48hzCzNLbYRJzGV53hqP3DvoIGihhfCFzGlCJ15QN_s-2gb_qJKYhb30H42LzkYSejXJjgrPPm21TW_Q1-zcwaOc7b6QomIR1aIw335XkXhZERq8X-4_hqsm1JxDPWvJo-U-KQ8hlFRKMZjavnUQ3TDsD_rbYLlt6kWgwctjdKwKtJ_jMi_T_YW1cjAQno9SmSTRNYoUKYJLMUPcgnnlAJI1yJ3y9UMHFUkI0RECuz0W6Ft06-0jSQr17IufkhO_kt4XbK4egyOAbMAAxAKsWQKyRE2Ckv_O4hPIx_E8Y3gWYTXxw4pHnjRN7LpzUpcS2bTb4QnJNUlxtdHniILO7Hi1AYI6nnyXgmkvQPHoecAYOFVgtHOAC_y_iPppgsTKRFtMhez7ReUXQYK7LwZTkAwZUROcpjb6g-Y7_rLmV8gz8ejheCqC16Rw-duHNyX9dOZDtHxeQY467NO35xmDFtmUmMFCgctlNAPUMKmHB3rZMchuQHT1Z4vgzFVy5l9AYEnZffM2cHJTvNmusGAjU53uS1vz2j_TY9elyum-whcM5YfDCrToMZEFMRhcVqh_TVZEHiR3HfZtKgswPxlwjMeLNNuRsqf6NArChD-88SsgEOpqHJ-3UE5_66UrCzLI8QaTrEwlgb1o_Wx12DGaBgTta29IIpRxfGioomuS0SUH0ewMje-zvDZ_PdPMc31oDsLt4NJ7Z8Anzjo7XrN8t91nUTUZg85tQwdxCkmmNsm1zC3VMMNRHxxEw0xuvVLt8qupJ10iO9feocK5CUbYHZCZhFmwzYJ-fa-Kgp2p7tlZc7amC4AITZCKeFX_epJnE3DQJ4yRnvZt5-n-IhBvHu-XOLuVWB2jvvqPmczY-OQDRrtw2re9wNQKcEKww4zdab9ZiXbRsOEPEYaL9RmD_gDcZbWreN9lNcaYTcv44lTbW54lEz_zJYKGovKwbQJf70YDGhPOrSW4B5oSzEPdsGZSRM2RbrhStMlyWckA8AbTDOm_nu8xsUySuSLd0FTiMw5AU-WOn9B7DAtev9shdWumQ4OrKddYLo54LHgSDt-_fxU6VC4DWG6JbOMfAs8KG-gZA3h54wtAvYB2syURmYxF3zeh7NCOX0hBil1Jebm1pco0rQLbm5WqzKneW9qqWdsZBcKDO1vJPPzXaU9rnGBciaVcmnLh2kG5TcGOUGKOLPjzodjUI53ugGJAWG-z0fXNytVIlQGpqCTnRgpB2YD0xZv6WyVTyC6r1OoM-k_LIRyCEeNQTbPYTSu&sai=AMfl-YSCy3upnkfg5XtX5HZp5AG4pQrAiLNur1E_y1Xz9bsDeaSZJjZZOauLOxmP50lVmzsPV4PNsj6OfF8Ho2q_BE97PXHw2DilZ4sTDAD6xF04y4WfT_nMOWjmpFoLj8Fm6qZJ9Ea9XzBohDtIxc-LWkQhOaZOOcAINR3Stw1_K2kGj8STPbNB-ohz-d56rGc5sTQZwnyWLlHZ2J09kIVsL15aAl21lyLnkzCkxNpcnKTWnpBIDYEI6r6d08HlTHorP-WI-pS1U9TMq3aR6DX_gg3N-A_aRIWfTU3A6KLTQNaUp7tEUHcEysYtewkx4HCxNM41N48NlH3CHH1ExC82zFogtXT26A6SW1xZ0BZQDrpaXme4W8s433n4EWzr6VDGseZJyF--u0pKtstDbsN5_HF_BKzMCx0hY-TP8E8y41ryUGzD5PG5aQyMHqEAJLR8UL6i3Fqemgz1w9gQ09FmhznnXwAdJ55FxjV9pck-RqKldt8Dfi-3oQCFWqgRYXPg-RQdVA&sig=Cg0ArKJSzOri4AND6AR-EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9yYWphcGFjay5kZQ&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=386&cbvp=2&dett=2&cstd=0&cisv=r20240122.89286&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 29 Jan 2024 14:48:56 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 5762 38 KB
13 KB 18ms
18ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 356079
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 25 Jan 2024 11:54:17 GMT
expires: Fri, 24 Jan 2025 11:54:17 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 0D8A 3 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=326101615&adf=3347376195&pi=t.aa~a.1062062165~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250&nras=2&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2660&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 0D8A 20 KB
8 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:41:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 23:41:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0D8A 0
0 21ms
20ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSuGBfbW_9xjeitq-l6EiDxYB99S7v75UWHZ8zYh5FuBo6vGBSwiV5o5YaV_em_d2pxZohk66qTEbn6g2TZ8nTQxAM-7w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=326101615&adf=3347376195&pi=t.aa~a.1062062165~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250&nras=2&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2660&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0D8A 205 KB
65 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 14:48:56 GMT

GET
DATA 200
OK truncated
/ Frame AC8D 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 787ce212d4cab4235dc255dad09027c928b1c89faa118ba2d3c9ca733d8c42ba

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 2A26 130 KB
46 KB 96ms
77ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Zbe62AAGgusH_YKEAAypbFb-IlG56lzr33bEgw&u=%7Cn9n5BqZzeWjg95vBwGVBWAg3V0khI3vA1dpH3UFg1uE%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANSWY8jeVe2k8EEuC07WHjq5U-cnXCDWR6UGl-kiIe97IUFcKwawroPa17zb9yx3kRLOhwoWKSitPEP5yTUQM2OevjwTY5a0hpCC27AHOQmxWJFcY8bJBqGoENAbOcvcmJYbJGwrGbFWZeXMcbyyctC7bUhZ9qIYr6ZED3jiy_5gBDy0xzya78RxIr_bF15AO_02d6G57ZIp9_PvEw37SRkLx681UrFe5qd_ePF4b_1m5i9AN3Xb9k4IHfLIfvXaJsKDPWU27bc3WtyTOAmAnMhiQkXMMv_0yogIwHUtKp6nbC5OA_f9dIOi1G31P_LZvJeBmNGCJP6P080hSNDtVzkwKEkH4n5RPCNrdHbZX91yGVa6EoAlsr2nGkkdqavsKaLUn8DT0GNgfbM6k9bqVWGZUvjn4PyrS_T0clQR9OxH551r8BlGsW45toN6sn9RlRGsEtZb2F2g05Wz8zh-5rwAIVYhTyOqdA86nIfhgIHMo4yFKbU_Az8PLisyRFQVz4zTZks96vf6td7YY399VbVVnlTbfvx2Xcdu7NSuFUDTtcvCzsH8Uiu1_k9Fgnfx-Aw_EwM7C-7U7oHvxocLF02pdwd5AG85r9Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCraXx2Lq3ZeuFGoSF9u8P7NKyiA7JntKxXMWymPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTkxOTEyMjUwMzM4Mjk2MjXIAQmpAiyU_HG8KLI-qAMByAMCqgTKAU_QFtHKQ-CtFktv0tjxXjNeyi09ZjmMtquAvFsFcitvULNZLm9Vo306gWaX_3oWM8shXLiu_WTRRoHKR3Bd3AhctkOZvpzplvQvghjhAm48L45Yvhgs7nS0FGR6jEdNDjyslF87JmpjHFO70JgJ27pYfSUnHI5zSTZnbOQRhY2UDJhvp0tv2XueDoAhYTW5XKJsj0y3XyVYwLz6IE2fl70-DCWP9BXmCXMS83cs2Lg91Zy-EbD6ECRVuZV9DiVg5iqJzHf0Yosnf72ABtLMod-Djvfv6gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYi7ej9uuChAP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3DzBgqnlfJprr_4d1efoFukSg9PA%26client%3Dca-pub-9191225033829625%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

3bc817f52f6209e0c081df2ee63fad5ebe55a259be99c7ab0dbe13a015562d52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 14:48:56 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=D7YutLrJKKs7-1Uc3DgC0QCPTRz0M7Oggv3OypdX9nNjZCLsGGLwHmr5hn39JlLF1iSZN3tJvybWJLgAGad14Qhy98SGjbtjwH7OIPUlMUl151iXvVIZB5jaa1bimglxcHetCt5uoIF0Xwu_lD1wt5HzZDOjCD8foJ77l5IfX2t545ZkfwjWjm1WccXHA_WaxhY664tsExsBgDnqv--vkd33X_c7UcSWnPnf3ppGS8Oj0eixE2QGX6JNu8WU4YSzkEdiew"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 51011106
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7681 1 KB
643 B 13ms
13ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 77892
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 28 Jan 2024 17:10:44 GMT
etag: 48472445140208031
expires: Mon, 29 Jan 2024 17:10:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 6102
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEH9TOQVTd1gj6UzIiuqS2QQ&google_cver=1&google_push=AXcoOmQn20ebAuHf5TLhWtP6f918brIrNBwH8siU4-KpSAH0TzPvmEK7-nn-qNerscQRX6TZ6XYMN-NZMNRwj1uq-G-HUXy4s0r5ooQ
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzMwNTc2OTE3OTMwNDA0MTcxMg==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOP-0-kjqR6xHEi1YUMiJgo&google_cver=1

43 B
398 B

35ms
34ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOP-0-kjqR6xHEi1YUMiJgo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=0&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250%2C1200x280%2C1116x280&nras=4&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3690&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=10
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOP-0-kjqR6xHEi1YUMiJgo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 6102 0
104 B 213ms
101ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEE2dgNqGA8rAbD5L1xNuaKE&google_cver=1&google_push=AXcoOmS5C4RDdM7VURvCrwH3iM7_FCnPf6UowR9-_9K0rYDC2eOM_1Vh5fAX4n7iXnM-wOKo23ed-Yy1ey6eBTMwY7tbGCy2LItlQPE
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=0&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250%2C1200x280%2C1116x280&nras=4&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3690&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=10
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 6102
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESENB5PGRjE5wgOBzZS0_mzD0&google_cver=1&google_push=AXcoOmR_XHCh4NDRoCkrRJzlNwUrwG5pSSwN0bIue3YIm__IGCBcdKQCg-x6r_H7HaHVP165NR4kkkMGnZQV9SHi0lU3ah_4vAeOn...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENB5PGRjE5wgOBzZS0_mzD0&google_cver=1&google_push=AXcoOmR_XHCh4NDRoCkrRJzlNwUrwG5pSSwN0bIue3YIm__IGCBcdKQCg-x6r_H7HaHVP165NR4kkkMGnZQV9SHi0lU3ah_4vAe...

43 B
430 B

187ms
180ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENB5PGRjE5wgOBzZS0_mzD0&google_cver=1&google_push=AXcoOmR_XHCh4NDRoCkrRJzlNwUrwG5pSSwN0bIue3YIm__IGCBcdKQCg-x6r_H7HaHVP165NR4kkkMGnZQV9SHi0lU3ah_4vAeOnbg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmR_XHCh4NDRoCkrRJzlNwUrwG5pSSwN0bIue3YIm__IGCBcdKQCg-x6r_H7HaHVP165NR4kkkMGnZQV9SHi0lU3ah_4vAeOnbg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=0&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250%2C1200x280%2C1116x280&nras=4&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3690&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=10
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 84d2476d49f04dc7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 139
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENB5PGRjE5wgOBzZS0_mzD0&google_cver=1&google_push=AXcoOmR_XHCh4NDRoCkrRJzlNwUrwG5pSSwN0bIue3YIm__IGCBcdKQCg-x6r_H7HaHVP165NR4kkkMGnZQV9SHi0lU3ah_4vAeOnbg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmR_XHCh4NDRoCkrRJzlNwUrwG5pSSwN0bIue3YIm__IGCBcdKQCg-x6r_H7HaHVP165NR4kkkMGnZQV9SHi0lU3ah_4vAeOnbg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 84d2476c18c94dc7-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6102
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEHJTYLqXr1Yh90pMGHS9NXc&google_push=AXcoOmSJlyVywMbClFEMvHWR25cH_I1pffAlfj38VtZNeZ_l-y4YyRdmeC...

170 B
188 B

36ms
36ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEHJTYLqXr1Yh90pMGHS9NXc&google_push=AXcoOmSJlyVywMbClFEMvHWR25cH_I1pffAlfj38VtZNeZ_l-y4YyRdmeCAmu-xpmfX2VSqYcd82kwew5h_wwAofxeb5WOr9KZVq9Po

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230035-FRA
pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1706539737.966029,VS0,VE95
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEHJTYLqXr1Yh90pMGHS9NXc&google_push=AXcoOmSJlyVywMbClFEMvHWR25cH_I1pffAlfj38VtZNeZ_l-y4YyRdmeCAmu-xpmfX2VSqYcd82kwew5h_wwAofxeb5WOr9KZVq9Po
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 6102 70 B
149 B 141ms
48ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEFiKDRmmzNdznJmoyn6pn2g&google_cver=1&google_push=AXcoOmQX8WyRELgugOEZLwlngxF-zne99Ai1IA3ew1MqqEsoRe3hW1uQGu9eIpfcs_MGq0afRqo6zvJw5NN11P1dKvmPVRfRdT0sL0w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=0&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250%2C1200x280%2C1116x280&nras=4&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3690&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=10
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6102
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESELwc9V420nT3TlcoMboXFqY&google_cver=1&google_push=AXcoOmRncJdDi4hjjzrEu6YxRghJ2XjPwCeR00kDkGd975M4BcHPbj69-PDXIWRb_QnB5ZDsVbxjVRIAdxYwDAXs...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=C-FM7Jp0T_A_0HUO6j-Qpw&google_push=AXcoOmRncJdDi4hjjzrEu6YxRghJ2XjPwCeR00kDkGd975M4BcHPbj69-PDXIWRb_QnB5ZDsVbxjVRIAdxYwDAXsG7wSXA02RW0kBrk

170 B
188 B

29ms
29ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=C-FM7Jp0T_A_0HUO6j-Qpw&google_push=AXcoOmRncJdDi4hjjzrEu6YxRghJ2XjPwCeR00kDkGd975M4BcHPbj69-PDXIWRb_QnB5ZDsVbxjVRIAdxYwDAXsG7wSXA02RW0kBrk

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 29 Jan 2024 14:48:56 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=C-FM7Jp0T_A_0HUO6j-Qpw&google_push=AXcoOmRncJdDi4hjjzrEu6YxRghJ2XjPwCeR00kDkGd975M4BcHPbj69-PDXIWRb_QnB5ZDsVbxjVRIAdxYwDAXsG7wSXA02RW0kBrk
x-host: tde-deliveryengine-production-84477bf6c-7jh9v
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 6102 43 B
235 B 104ms
34ms Image
image/gif 35.214.149.91
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEJQsr2kZdJibjKTK_aDbvJQ&google_cver=1&google_push=AXcoOmTYiz2Dn_7HydcFN_rsFMyHPRGPt2MfXn7cUX9HZw9is5wSOQZDrtPdPEjpAMhJo7XpnOLHIsl31JXO5ec3BLRH63NqhRr3Dic
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=0&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250%2C1200x280%2C1116x280&nras=4&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3690&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=10
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.214.149.91 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS: 91.149.214.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 29 Jan 2024 14:48:57 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6102 0
12 B 25ms
24ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KO2cV92Z2exLWqO9T-w7TzDSDWDVE7InMYrwyl6Si3uRuk5X95wgqDnBOHQqjqrEnuRXj2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 6DEC 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff6a558e8ce95a292cb891b334ebff6fe62d37ead1c640b7e1f82d88f008f891

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6DEC 0
19 B 54ms
54ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C0xP12Lq3ZangHq3Fn88PueWI-AzJntKxXL3plfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTkxOTEyMjUwMzM4Mjk2MjXIAQmpAiyU_HG8KLI-qAMByAMCqgTPAU_QpFal9anB7suGVSNlEvhOGrSmH-Flar2Hm6tdpuidp20sVY5GyBuR15uqTzqU-ChPMzHtGSy-wT8XoRqdOQMMbe1_sfwVfL_CrOLW856W_HP2l13LhcYOZcjlV5IEyBb5fHOky1iA67KpiO20tMonpws75j9jxNqvIAtw4zRL-8_IvjFoyyOTXxFibMRH2Cfyn9oT6psjO-JD0JLj18Lm4fJ9DbNQUgBZfa7s6hsdGl6Qb_ffX7eYYZGVxf4Q-4_HudRqiaeBWZ8ASuQddoAG9aedkJiV_rhwoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIXXo_brgoQDgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTkxOTEyMjUwMzM4Mjk2MjUYAA&sigh=pcOdXGNDbY8&uach_m=%5BUACH%5D&cid=CAQSOwAvHhf_uG40a8wpnQRyysMBuMQKPhgrc3aH0nhQs-xMZauyLsT3BEQzGT8BAgVZGBIHv_3I5lM23upgGAE&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=0&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250%2C1200x280%2C1116x280&nras=4&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3690&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 29 Jan 2024 14:48:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 6DEC 0
126 B 78ms
27ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kI7EGMz6RLAJmAKdg2ICAgAAAK8D2uRlYvmDENe6t2WVW6UENrC8OIPdAAASAAAKCkFRVURBUUVCQVE&wp=Zbe62AAHsCkD5-KtAAIyuY1_u7txtfE2IpwnQA&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 289144
server: Kestrel
content-length: 0

GET
DATA 200
OK truncated
/ Frame 0D8A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 26b9dad16f35429c74f3e568c563e5b3a08eae83da3434ae63db78f6f484372e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 7681
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEOP-0-kjqR6xHEi1YUMiJgo&google_cver=1&google_push=AXcoOmTI6OzBaC7Me2oyXy7s7Ow3S7mzxso1pnJQNaRw_BiqjIX3yIh62MXohs8prVe_Xy4ZvcyXBz2vSug_WtDZ1bsi62N868Spmg
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzIzMzcxMTU4NTI2NjExMzc3Ng==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOP-0-kjqR6xHEi1YUMiJgo&google_cver=1

43 B
398 B

34ms
33ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOP-0-kjqR6xHEi1YUMiJgo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=326101615&adf=3347376195&pi=t.aa~a.1062062165~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250&nras=2&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2660&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=4
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOP-0-kjqR6xHEi1YUMiJgo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 7681 35 B
465 B 53ms
23ms Image
image/gif 2620:116:800d:21:de2e:c7b3:55c0:d5a0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPwW6R_Frm8l13TjoB8gKZ8&google_cver=1&google_push=AXcoOmQI6pZzWQnu5hf5NjUOcyihs775UZ1eC13aMhSp_Zcm3JwU0SzLP73HeQsPE2ErQooCFkzwHhxEiFDe8A8hJwApFQqLimG19fg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7681
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESED5fBo7vX2YdfC-fOFTS7Hk&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESED5fBo7vX2YdfC-fOFTS7Hk&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y3NnSGhPeUoxUnVzV3Q1&google_gid=CAESED5fBo7vX2YdfC-fOFTS7Hk&google_cver=1&google_push=AXcoOmTq4jdEAlILUwA7zz8SnhpTGy--cUbs-W23X6eOwVf...

170 B
188 B

34ms
33ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y3NnSGhPeUoxUnVzV3Q1&google_gid=CAESED5fBo7vX2YdfC-fOFTS7Hk&google_cver=1&google_push=AXcoOmTq4jdEAlILUwA7zz8SnhpTGy--cUbs-W23X6eOwVfbIb0wNr6P3oNf77GyvZfBXH9HXCCwo9Y6zYoYMDGPqsLL8N0vAPrfNVQ

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 29 Jan 2024 14:48:56 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-801-g0076fb7#rel-ec2-master i-01d275e55739701ae@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y3NnSGhPeUoxUnVzV3Q1&google_gid=CAESED5fBo7vX2YdfC-fOFTS7Hk&google_cver=1&google_push=AXcoOmTq4jdEAlILUwA7zz8SnhpTGy--cUbs-W23X6eOwVfbIb0wNr6P3oNf77GyvZfBXH9HXCCwo9Y6zYoYMDGPqsLL8N0vAPrfNVQ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7681
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEN0tpxhH56QWIilIDY8V4pM&google_cver=1&google_push=AXcoOmRmRdCz1f7aDh6_c_izmEApfTWwW79RlpSOMi55UzTNOUB3XPPWamABDbPnZcQ-3r_5Ix_B-YE3xHlhtm...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyOTUzMjM1OTc0MTAxMjExNg%3D%3D&google_push=AXcoOmRmRdCz1f7aDh6_c_izmEApfTWwW79RlpSOMi55UzTNOUB3XPPWamABDbPnZcQ-3r_5Ix_B-YE3xHlhtmhJ1w...

170 B
188 B

33ms
33ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyOTUzMjM1OTc0MTAxMjExNg%3D%3D&google_push=AXcoOmRmRdCz1f7aDh6_c_izmEApfTWwW79RlpSOMi55UzTNOUB3XPPWamABDbPnZcQ-3r_5Ix_B-YE3xHlhtmhJ1w8ld9I8EjyJW6M

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyOTUzMjM1OTc0MTAxMjExNg%3D%3D&google_push=AXcoOmRmRdCz1f7aDh6_c_izmEApfTWwW79RlpSOMi55UzTNOUB3XPPWamABDbPnZcQ-3r_5Ix_B-YE3xHlhtmhJ1w8ld9I8EjyJW6M
Date: Mon, 29 Jan 2024 14:48:57 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7681
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEBNqWKI_FIwujZEYI4H4GDM&google_cver=1&google_push=AXcoOmQ8tH7j3l5Wxk47v8TPGvc9jk_HSQofOB5mcQ1dSHJzSmkqiSWM4yXb9TaHX_90H5NiHhMS2TXrI7p9HJze...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=C-FM7Jp0T_A_0HUO6j-Qpw&google_push=AXcoOmQ8tH7j3l5Wxk47v8TPGvc9jk_HSQofOB5mcQ1dSHJzSmkqiSWM4yXb9TaHX_90H5NiHhMS2TXrI7p9HJzeICOiIX0XXHbi8H0

170 B
188 B

31ms
30ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=C-FM7Jp0T_A_0HUO6j-Qpw&google_push=AXcoOmQ8tH7j3l5Wxk47v8TPGvc9jk_HSQofOB5mcQ1dSHJzSmkqiSWM4yXb9TaHX_90H5NiHhMS2TXrI7p9HJzeICOiIX0XXHbi8H0

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 29 Jan 2024 14:48:57 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=C-FM7Jp0T_A_0HUO6j-Qpw&google_push=AXcoOmQ8tH7j3l5Wxk47v8TPGvc9jk_HSQofOB5mcQ1dSHJzSmkqiSWM4yXb9TaHX_90H5NiHhMS2TXrI7p9HJzeICOiIX0XXHbi8H0
x-host: tde-deliveryengine-production-84477bf6c-fth7t
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 7681 43 B
363 B 105ms
36ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmSZOy77pTnc7l51OeDXmeCLyGG4A4eO9bSe90DfK5hsNn691lZpXQAhfIgaNapnHgb5JkZd9fUXWuByp5NfIN3awB1xgI62ypE&google_gid=CAESEMaXAbGW6oZTgh5db1Rs5lg&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 239218
expires: Mon, 29 Jan 2024 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7681
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHHYf0r3fbFHGFP01pwGUOc&google_cver=1&google_push=AXcoOmR4LuQqocQQ2uE4nC0FPgMR9Fz8bsF6Y0wwDmtMXqFSvQwXSiZH_rATjr23jONZLA0HR03FT4Kn...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEHHYf0r3fbFHGFP01pwGUOc&google_cver=1&google_push=AXcoOmR4LuQqocQQ2uE4nC0FPgMR9Fz8bsF6Y0wwDmtMXqFSvQwXSiZH_rATjr23jONZLA0HR03...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTcyMzk5MjAyOTE4MDQ4OTIzMw&google_push=AXcoOmR4LuQqocQQ2uE4nC0FPgMR9Fz8bsF6Y0wwDmtMXqFSvQwXSiZH_rATjr23jONZLA0HR03FT4...

170 B
188 B

29ms
29ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTcyMzk5MjAyOTE4MDQ4OTIzMw&google_push=AXcoOmR4LuQqocQQ2uE4nC0FPgMR9Fz8bsF6Y0wwDmtMXqFSvQwXSiZH_rATjr23jONZLA0HR03FT4KnmTyC_pOsij4Xaxkcnh3lPg

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTcyMzk5MjAyOTE4MDQ4OTIzMw&google_push=AXcoOmR4LuQqocQQ2uE4nC0FPgMR9Fz8bsF6Y0wwDmtMXqFSvQwXSiZH_rATjr23jONZLA0HR03FT4KnmTyC_pOsij4Xaxkcnh3lPg
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 7681 0
12 B 27ms
27ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LHbuzrU37E9FAB-rxD-qjfbJnZ-IAA7Pg4otXdLfWNcrLSn9GUhZSWemo2c9Er83kLaJfL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 KQGrXb Show response
gate.getmygateway.com/ 41 KB
17 KB 563ms
193ms Script
application/javascript 45.140.146.101
STARK-INDUSTRIES

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.getmygateway.com/KQGrXb?c=sotaydoanhtri.com
Requested by: Host: two.startperfectsolutions.com
URL: https://two.startperfectsolutions.com/stars?se=&wi=sotaydoanhtri.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.140.146.101 Chisinau, Moldova, ASN44477 (STARK-INDUSTRIES, GB),
Reverse DNS: vm2027790.stark-industries.solutions
Software: nginx / PHP/7.4.33
Resource Hash: 85f4fe6b01478702a7c2581b25a81de3dfbfa871ee5ed0298fc44588f270720a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
content-encoding: gzip
server: nginx
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 29 Jan 2024 14:48:57 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 5762 39 KB
15 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 12:30:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8307
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Jan 2025 12:30:30 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame AC8D 0
0 57ms
56ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssZ9psBuMHveVhFmSCdSFPCxzeJ5c96dUWfTPwIFU-6OrH-0ZLBVJtv1hXuESGLn-IMW907k-28Z_2hobwKoO-Wo6VfbRbOqo0GgiwaD7Nzz8B48J-cjfLbLvcHt-NxDjTxhwKNrzb6XbuOXUkbgP7g9MS_1uLQMhW0UdKhiQeuzghOy3kvA6HUwQOPUchDMLLhxZUyjHGJJr3iOWFD1WKIpRgo0xPWyxRqpOdB0z9OZo577EbkCVNQIAYwmEgVlbDbyU7Sip-l44JzH0ukTSYwgavmPXXiJr4BwFWWLLWbMzY3pKj4AnS3GH2VuQFhJwJjh6TbhefxQcaCE69tWd33tJxyDXR625TFtoy5JLBamTySDWfM3wGIXKWZt9Mk09MEIHFxDcB98OTQJXhfEb1OyqB-qbEeE36SsSP6z102B8Wdmr-oJWQratH68ACuTbkIgocpxu8Ctj3f-f0vZ6H6mVoZ6DW1CDAV1jdt3hwJm5CRVHye_yGwaIGbInfcRrnxeC4JW9srQlbRWHHK3Tt7rGiMjKZkLTaGQ2mRe1iEALWajEvEDBhG52GUZvSJOSBAzUaTQBaCAfQDVapxyCW_bRsXT4MMKL1lAQ6ZMS1Aunyhcjfmq6YgWlslGckMDDlnuSqLPuJKhnfN48jWf0-aDad1uDpRb4lVfkP9TZWP297UAsTHPUXKdPLYU0LVaM02tILFl5nR-tZ09Dh0pIZjwBWbugHmBAgY8JUkPxR2LAII5pHxjimWgKok3CqkrK9qca7QTdElZfizP27791ljZcXsLm9Si9rblXhE19q5uYDsHI4-fW0KxYtRXRBNI-EuQPeAlAXiqBOe4ePCWrjHbhTjFP1u_bYaHbk0lITAdfUNQzUBuNaWa2o2AZ-rlryu6pCz2KCVshkL_R-DoNfLVTr71-b7ycMiDtVCi6wpSTjk6TuiFGrxUmRYVuJIgPiKgcGrOopmY4bOUNeJJVjW0n0FRx6omCVRLrCD2q2plA0KQhuFqoAzL6XDp9XwUABIV5gTAlpKJ4pk3U-gaPhTlWB1oPgapAth1TmTZeeSRG0aHLz152KiCRYZvEjGX-8yewe6vb0SxkcaZhi3SeE_Ei65L63T1bVARRuDh-jKXWSU8i0l1pqsx6vRGVNo-86dsz9EtqkwfExsG691tR2uDnMmwCe2eTkv21ylpoANptU-2PS8HO9eeviFxOZ0eDEpm4ZLBQupYZaWnozrU0EhYGWRP4iN4mdWlPASVCotz9-msUpzgBEcNuo9rWgnihlAy2-OFTviDScqdHeJ1BBvUktWBfi9VHVBXxHVuCDop_Q3_u67EEWECDtblCrtAjYymd3yY01UxA&sai=AMfl-YSnDPSvgTNPXUC7CpCD2xlHawSEoKI9HeE9HaS2Ze2tu47K6T83aC6aN8uv6pRa_TjmcyrTpyqt9gb19dZ7tFdyrz1imjb8YBL2f4J1zuN0MX5WuywVujYOBfWW9BEtEZxCK1M4fgiLsU7R-tdKvCCzNJnv6rY_n5NEPXedQ-W9b2EGS3qKmRlyoPwf0RCjkLp3F8qyL_NK6hmrO4eModPoVO_SWRI5sCm0nr3J0vZUfvKAIN29Da-wTe0oIhQOBUdJ6qtB5Mcp_YRxNFWRsLExH60SK6CkfiSwIwu9x-dbj_EJqugxi1y48X5O8c4oHvCFMkdB-qurJwK_BCS2-qI7sXEsDpbIOZtWl6aB50kx2fh1AOWPviYrvCbKl6oyOLnNiFbrNktjSiApFxCkvXTm5F4VkriBJqFFYCjaEoZnYbZlvCMHff1NGqE3UD4eJeSHGTuky4YJuc59wd-nxIfz-svz-nVd0DXs8WoDgDNRIm3xAxzB9G6Hi60RWutCk4O6H_gAL-1s&sig=Cg0ArKJSzF9NHsL6n6dzEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9yYWphcGFjay5kZQ&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=177&vt=11&dtpt=176&dett=2&cstd=0&cisv=r20240122.56831&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0D8A 0
19 B 53ms
52ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C5RqO2Lq3ZeuFGoSF9u8P7NKyiA7JntKxXMWymPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTkxOTEyMjUwMzM4Mjk2MjXIAQmpAiyU_HG8KLI-qAMByAMCqgTHAU_QFtHKQ-CtFktv0tjxXjNeyi09ZjmMtquAvFsFcitvULNZLm9Vo306gWaX_3oWM8shXLiu_WTRRoHKR3Bd3AhctkOZvpzplvQvghjhAm48L45Yvhgs7nS0FGR6jEdNDjyslF87JmpjHFO70JgJ27pYfSUnHI5zSTZnbOQRhY2UDJhvp0tv2XueDoAhYTW5XKJsj0y3XyVYwLz6IE2fl70-TieuZpV12U60I1D2VJjUcZKZGwbwPjzXDV1AqNff-AaRVL1gQmKABtLMod-Djvfv6gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYi7ej9uuChAOACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItOTE5MTIyNTAzMzgyOTYyNRgA&sigh=GVoSqe3qEcs&uach_m=%5BUACH%5D&cid=CAQSOwAvHhf_PJBuGKsdTJlMMY3UmYqh8NXby8q7S_aLYUjd-1qEbpf6kVh4xqaQbDTdtUd8t7YvTjP8Ih8RGAE&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=326101615&adf=3347376195&pi=t.aa~a.1062062165~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=-M&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250&nras=2&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2660&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 29 Jan 2024 14:48:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 0D8A 0
126 B 101ms
36ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kKzOGcz6RLAJmAKdg2ICAgAAAK8D2uRlYvmDENe6t2WBnSZ7S3Q8waktAAASAAAKCkFRVUJEd0VCRHc&wp=Zbe62AAGgusH_YKEAAypbFb-IlG56lzr33bEgw&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 129474
server: Kestrel
content-length: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 2A26 2 KB
1 KB 118ms
57ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Zbe62AAGgusH_YKEAAypbFb-IlG56lzr33bEgw&u=%7Cn9n5BqZzeWjg95vBwGVBWAg3V0khI3vA1dpH3UFg1uE%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANSWY8jeVe2k8EEuC07WHjq5U-cnXCDWR6UGl-kiIe97IUFcKwawroPa17zb9yx3kRLOhwoWKSitPEP5yTUQM2OevjwTY5a0hpCC27AHOQmxWJFcY8bJBqGoENAbOcvcmJYbJGwrGbFWZeXMcbyyctC7bUhZ9qIYr6ZED3jiy_5gBDy0xzya78RxIr_bF15AO_02d6G57ZIp9_PvEw37SRkLx681UrFe5qd_ePF4b_1m5i9AN3Xb9k4IHfLIfvXaJsKDPWU27bc3WtyTOAmAnMhiQkXMMv_0yogIwHUtKp6nbC5OA_f9dIOi1G31P_LZvJeBmNGCJP6P080hSNDtVzkwKEkH4n5RPCNrdHbZX91yGVa6EoAlsr2nGkkdqavsKaLUn8DT0GNgfbM6k9bqVWGZUvjn4PyrS_T0clQR9OxH551r8BlGsW45toN6sn9RlRGsEtZb2F2g05Wz8zh-5rwAIVYhTyOqdA86nIfhgIHMo4yFKbU_Az8PLisyRFQVz4zTZks96vf6td7YY399VbVVnlTbfvx2Xcdu7NSuFUDTtcvCzsH8Uiu1_k9Fgnfx-Aw_EwM7C-7U7oHvxocLF02pdwd5AG85r9Q&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCraXx2Lq3ZeuFGoSF9u8P7NKyiA7JntKxXMWymPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTkxOTEyMjUwMzM4Mjk2MjXIAQmpAiyU_HG8KLI-qAMByAMCqgTKAU_QFtHKQ-CtFktv0tjxXjNeyi09ZjmMtquAvFsFcitvULNZLm9Vo306gWaX_3oWM8shXLiu_WTRRoHKR3Bd3AhctkOZvpzplvQvghjhAm48L45Yvhgs7nS0FGR6jEdNDjyslF87JmpjHFO70JgJ27pYfSUnHI5zSTZnbOQRhY2UDJhvp0tv2XueDoAhYTW5XKJsj0y3XyVYwLz6IE2fl70-DCWP9BXmCXMS83cs2Lg91Zy-EbD6ECRVuZV9DiVg5iqJzHf0Yosnf72ABtLMod-Djvfv6gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYi7ej9uuChAP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3DzBgqnlfJprr_4d1efoFukSg9PA%26client%3Dca-pub-9191225033829625%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 2A26 2 KB
1 KB 90ms
30ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 2A26 308 B
636 B 82ms
36ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 2A26 293 B
621 B 76ms
31ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 2A26 43 B
347 B 98ms
31ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=c0ss5ES6QcixGzHSLci8L7keuypO71FVusz99tj4GGhWegYSUvH77o3KRBe2MuWsqT6y7N2woUMY8H3cwqILhgO-GZm0OcEujm5McZrolkm47myTPf-YcLQCCtr4CXjIf83RtS74R63xP8PcmPmUzWZLuFsvkCukUAtzX2jN9eqx1Jr8flL_GxyEXbcrDX6oSZuvqAlMszRCUQhkNK-lT-DHZs6jmjrmBTtpeK8rm60z9VH_y0huIn_wn0BEXzQbKIr0UuAxV6iZ09NP-DpP0i1GGqZ5qEyAuSG8agtndb1a6L9ZQwg0xt7zdJRwFsFWNhNYozs4Ke3W9aaLhCY4OBWt8LnVru4ytdYLNW8QpErLhmuF2AqVVQVEsQB0B0HNSdnh0ntCcWQlwd_TQ58mFb0dZd5qludwY-uItqvg1ZYgw4DzpuvTeiCU5E_2b0o2QM_3JQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1742016
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 9F34 2 KB
1 KB 85ms
58ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Zbe62AAHsCkD5-KtAAIyuY1_u7txtfE2IpwnQA&u=%7Cn9n5BqZzeWiv1Sv355cYsRXVKucs%2FZauljMKCqLpQjU%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANSWY8jeVe2k8jkXO22AzZT_yFwjn8Vb01uoPnKeaplVf1YZ_d32P4Zyae-vr47s4vG36PwEGodbEpqvOprLLlqUpIcVR0qFbsSxmJsCkHXM0Rbj_W20mwGNavvKraiv4Ma7nIwdLObFZqHPf17LlmkIZfPJDry68TLXPxInVU53ZQ0yP2J2sahIDe4dAHZBSCwIoENP3XdFcf3VW8Rpmw6q3a3SUZdsq-ZCzixMm5x2ckfOBJxBfACwsczc9BbFA6LVTe7AnP8jyIejXVZR_D4SSXQQ2_wLR5_mNzy9lde40KLr9yQ-Yc_UK6Rp2bfbznuv1-VJ8kqm_1ekd6FbLczVFD4Xfwx8KfJ-vYrie4X3tne00RrU9z8qxLBfvevGDlGm9xwim9IpMnBWUP8LnTvP88wo305HkajqdIV5PnfosZ6JXFfyoM3gE_X3azDnMZAUhGbr3vLsJ1j-VzAuQME9aO5BxNMWbluI48oUb6KFnFrLOgyDJpUNI41MWxKK8fDScTemEjDDLi5mLoBBMb8pb1g-fdij7lHQ5lcgNDplkJt2ObNW7B25s7R9CFTFisCigZy5jEGNGOcIelbryxXMdj123fDZbH5rFeX_dE3kn&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8Yxe2Lq3ZangHq3Fn88PueWI-AzJntKxXL3plfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTkxOTEyMjUwMzM4Mjk2MjXIAQmpAiyU_HG8KLI-qAMByAMCqgTSAU_QpFal9anB7suGVSNlEvhOGrSmH-Flar2Hm6tdpuidp20sVY5GyBuR15uqTzqU-ChPMzHtGSy-wT8XoRqdOQMMbe1_sfwVfL_CrOLW856W_HP2l13LhcYOZcjlV5IEyBb5fHOky1iA67KpiO20tMonpws75j9jxNqvIAtw4zRL-8_IvjFoyyOTXxFibMRH2Cfyn9oT6psjO-JD0JLj18Lm4fJ9DbNQUgAbf49-aojNJ_hASC1Tf148b7afc_Q-4w1zcenMexifdYeYgHA9n_pnKoAG9aedkJiV_rhwoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIXXo_brgoQD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RRTXLtjvCD3OCtuqf9DnGqJbkoQ%26client%3Dca-pub-9191225033829625%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 9F34 2 KB
1 KB 83ms
57ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 9F34 308 B
636 B 61ms
58ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 9F34 293 B
621 B 60ms
58ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 9F34 43 B
348 B 49ms
31ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=RBF3nd6CE6D-1zVCyUDLT1rTLHTw50-cTBkI93W11Byao__qB-9QrmxpZXQRKugj32JHRuDgbpt65th3pZMRWzM-0P48TBnnPqmTxOImMEKhll69-j_Fcj7iyJdYqY7BpJbhyvuiC_M1-Pg0twaQoJGrVcBZ4dG0CTz62PqeuY1qZsEX7g1t8SSzKQmJDv5mxwkU0QNuSBtSfbHCKAB4TD5OnIdsOThKcIXUpnD1kgfpTUjpxSqxRDDllPmu3EFn6uO8myr8bTCnlqLzL6X3ZP2Sbxgu8CHDdKlkRf01aDiGYwQ3xmZ7MNjPYGOf2n55mVw1bglXnlefTtY7i42LIg1cFJSgjD7Rl7dC6Mrz60x31S3nZt3SksfLSZTtcrvEW8HMZ1yigKS3t14fybIvYKrvkmuL-G1sumq4z7rsPRE6DqoKOZnlqmsUjhxVf_FIIcztTA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1765025
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 2A26 12 KB
6 KB 58ms
34ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 2A26 7 KB
8 KB 137ms
63ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=556&m=0&partner=100829&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F100829%2F5246204%2Fd41b321e3c2248279187df4498c87552_1985ec09-77ec-4f9a-bfa1-9b5ed79d696f.png&v=3&w=196&rid=4&s=ocuTBspmBEndzC1HMEUWlYSE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

99313aa44054ac4338812d8221ca851fe204c8663379f3a158671b623f820af3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 7563
expires: Thu, 16 Jan 2025 09:07:07 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 2A26 16 KB
16 KB 125ms
51ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=100829&q=80&r=0&u=https%3A%2F%2Fwww.geekom.de%2Fwp-content%2Fuploads%2F2023%2F09%2F1.webp&v=3&w=800&rid=4&s=gi-il0i-p0lJKwXMbhwwcNAj&b=1200

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

74fae1773a33f3ea2b13e63bf0aad08dfb1b503f27b2cc5244df9832af7f7fd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=3600
timing-allow-origin: *
content-length: 16242
expires: Mon, 29 Jan 2024 15:44:54 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 2A26 0
128 B 101ms
27ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=D7YutLrJKKs7-1Uc3DgC0QCPTRz0M7Oggv3OypdX9nNjZCLsGGLwHmr5hn39JlLF1iSZN3tJvybWJLgAGad14Qhy98SGjbtjwH7OIPUlMUl151iXvVIZB5jaa1bimglxcHetCt5uoIF0Xwu_lD1wt5HzZDOjCD8foJ77l5IfX2t545ZkfwjWjm1WccXHA_WaxhY664tsExsBgDnqv--vkd33X_c7UcSWnPnf3ppGS8Oj0eixE2QGX6JNu8WU4YSzkEdiew&sds=2&rev=90371&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 2A26 2 KB
1 KB 52ms
35ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 2A26 2 KB
1 KB 33ms
32ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 9F34 12 KB
6 KB 56ms
55ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 9F34 54 KB
54 KB 87ms
64ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=556&m=0&partner=105623&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F105623%2F5022139%2F2ad0250af6b64105b12172cc0682064c_eu_oveckarna_vertikalni_hneda.png&v=3&w=528&rid=4&s=ivw_bvHA_3V0TvjH4yeRBukD

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

32bb6bb95ee0cfe00efcc89ac8aec81afa338173a5f8323653fab2ddc97e1849

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 55005
expires: Mon, 06 Jan 2025 04:52:51 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 9F34 15 KB
15 KB 114ms
92ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=105623&q=80&r=0&u=https%3A%2F%2Fstatic.oveckarna.cz%2Fdata%2Ftmp%2F102%2F1%2F11461_102.jpg%3F1637921114_2&v=3&w=400&rid=4&s=Mk6aCbOMrkhsLsruILQ6XPcB&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ee87e6547702fb6ef8a6f9d5ef54c46594c7481654f383a9ba9c17867932172c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 15494
expires: Sat, 03 Feb 2024 04:35:54 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 9F34 14 KB
14 KB 108ms
86ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=105623&q=80&r=0&u=https%3A%2F%2Fstatic.oveckarna.cz%2Fdata%2Ftmp%2F102%2F3%2F18413_102.jpg%3F1680159946_2&v=3&w=400&rid=4&s=y6WD4NEI1u8djBjaHxlKjpLy&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ef1fa25b906c506f3be14737271fb409da90ad30bf0b1c0ff6961f45f21a02dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 14338
expires: Sat, 03 Feb 2024 04:47:19 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 9F34 4 KB
4 KB 125ms
103ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=105623&q=80&r=0&u=https%3A%2F%2Fstatic.oveckarna.cz%2Fdata%2Ftmp%2F102%2F9%2F11129_102.jpg%3F1636111187_2&v=3&w=400&rid=4&s=OwJrqLXLfgkHQjehgtmTQxXg&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

98a2fbbfdf666c4b875ed5d04436b77dc3890b85788f085967b51bb0305bbee8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 3748
expires: Fri, 02 Feb 2024 22:15:30 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 9F34 16 KB
16 KB 120ms
98ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=105623&q=80&r=0&u=https%3A%2F%2Fstatic.oveckarna.cz%2Fdata%2Ftmp%2F102%2F4%2F2204_102.jpg%3F1635951174_2&v=3&w=400&rid=4&s=RzvWYVAWiQBN3-EATcf8H9O6&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

bc531edb737131beee262d805228188423b842a23009de519fb84005ef60fcd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 16076
expires: Fri, 02 Feb 2024 21:55:52 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 9F34 24 KB
24 KB 108ms
86ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=105623&q=80&r=0&u=https%3A%2F%2Fstatic.oveckarna.cz%2Fdata%2Ftmp%2F102%2F9%2F9759_102.jpg%3F1635951174_2&v=3&w=400&rid=4&s=3_rRX1cv2EqG181tzIIwEs36&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

abc3e5b7c4f477ff2289ebccbba4d30443495451f9a51c7cb7bd5fca87fbfc4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 24196
expires: Fri, 02 Feb 2024 12:06:46 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 9F34 0
127 B 49ms
28ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=BInLfbrJKKs7-1UcudYKceGsErG3wkGZv3J7wH6zwrxXKMCxL_vII7O33Rs5adhUYc9-SiOUOu0q5qOoVDWnnF6iDSAIQrI1rukk5NZGRfWF6Nlc1UaAvWqYJ5r-Yipp9moS82GX5zBO0_GOGtqWW40Ib9Zb38e5FhFvAmQqM1NlK9MnAK7qIeEwDljkPrTsEUYbz_gmM8wSbrLFmXShAy2ZSrqOjVjJfJrhhdJpCimBarzyu7JYgfapnPaNnwEJ99C1TQ&sds=2&rev=90371&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 29 Jan 2024 14:48:56 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 9F34 2 KB
1 KB 30ms
29ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 9F34 2 KB
1 KB 28ms
28ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 23 Jan 2025 14:48:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5762 0
20 B 167ms
166ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BwD-j17q3ZYWLJ-OGid4Pvti0sAoAAAAAOAHgBAI&bg=!x8SlxIvNAAa8BdJLnAU7ADQBe5WfOOJ8k6auG2axvLpJw2-2P3gXAMShW9rCvge4hxlHFZOYntIudNUchJPcB19Zu7AkAgAAAMJSAAAAAmgBB5kC4JJLo91w60e0ECRnBrespVGX867tIx3ztWjztgg4PikTBZnQOVPswxPBTaUvQ-dXSDfPb0qSCUCGzPT464C5wh2hIeNLaArIrc4xgu9yaeyTiHGSpyvJtfBicmhvyQ835SRbkfTXIYFts9Ap6fnN9sy6SFBvFV4nvOcgLZ0d1g416k0-R-mlJrB0tsS7HO0tWt9I5HFL8NKK8iem9jSBRUqlf3dS1XROIpl7itqjKhBSbWsJUatu5n9tq1pDXJpEcNgtZcFynmVBX7SEn5dk4fpG38QHdgypFeIiQvVpTjGQ_iIsYvNlocE8TNAmdfbpboawt8b2hP4UyloHukpUgoVe3PPoiElPLxHm55KUde0I0ENS162WFoXpex3d8F_tcMwq99wGhH6ig5VOr6fAB89A42wYj-F8z4W9NDOZ5JV-oQO2uhKVOu5CuEoudYfLZ4hEMgBMKXClqIi5vvFxybY4VTb-0YbZJewoR-T9fsL36bvyI2D_eXEbHn7ou6ffGgmJKsTNeVVyxrTQeRS1anF1vtTLZtyB6ZS4p1ytSGkNUdukfJCH_D7Xuoa1rBOtuWG7SYypcnDPXKuM_eQtoFwxV4Cv30dszHC3gAtOsKFqpXpOMBszZRKWGK1j8v2NV9a3PmnC9-N_g3LbXjnY75kxA5REadfJrw7f3Ijodnw9knnxjsA7PLgnZ2uWv8lBL_-LMaC0YwTGP7x_L8eRep9Ht9YxP2-DPEsZ42mLyeBwTxnodtx1nkNRYN4DLGtrqIrVXRidodEQHdPBrWT_I2YjNQ0jTWfdc8VgJnU8wdNW_nN7GPw5cqaccYwhX9Ski5x1BOOpS58fh2bo3U8Z47XZEAUkV2Pbc5a8GlySqbPqpWBhoJ028cObpm0i5dzlPkwvpexj3jzU3K_wGzJwAx6AUV86wpg3VMVwwobGrrk6ygymRb57JuptItC9T-NGmjZZO7KVYXxeFZCYGG_wKOk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 yrhYEesrE Show response
post.plastformspecial.com/ 0
524 B 234ms
191ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://post.plastformspecial.com/yrhYEesrE
Requested by: Host: sotaydoanhtri.com
URL: https://sotaydoanhtri.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sotaydoanhtri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 14:48:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EK1%2BOjoabzaWvipW704b6YtHHWU1R11rEGUvE7vE2Ja3RMMfvFcd%2FDudXcNcWXXwTQIC9pWSBiyGw0xYegkufavXKNChcnWx0UcCyAUVcJr8jgjxUo9tSaPuVuYBJHS0KjhgVgIa9dnv%2BL3Byfs0HDuVYlF1lNmv"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cf-ray: 84d24770ccb865d9-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: Mon, 29 Jan 2024 14:48:57 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BE65 42 B
64 B 168ms
168ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstE_GVSmFrTOMSuN6Dz_fSB79h8abMjjXRkEqGIyWvfIW6F4xgaQ3fUxCHFhbbbCqq7EbaiHzIst32V1q96Or8hdugACXpWBjC1-I-QZW1gEaQRvTngp0Ig-D--gWzRwzemTTSR73etKc-2fvDpVb4gg6HN&sai=AMfl-YTGJHEmWVTxYT24hS6XZowphMqN9Ece01ybbi2rHHxGgNQgJX-At2r2BkuTDGzJZdMJzR7USZXdS4Pyt7_s5JUUObA-Vl5Qua64cewpFsMcuLwye2dcqgVJbxihgk7Z8Fb2jCm2tFU8yZCwweHv&sig=Cg0ArKJSzNNY0nrFIidBEAE&cid=CAQSTgAvHhf_VjIVNI_RVzs7EX3FNYkUPJN-h-mBr1aJfQ_7HAVumcd-bRfzYuDIr3E4Lc6YDwaxWWkaA4Ox5fL8xmsO0mDbyehmwOuJ2DHNqhgB&id=lidar2&mcvt=1034&p=0,0,124,1005&mtos=134,800,1034,1095,1095&tos=134,666,234,61,0&v=20240124&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=170653973600&rst=1706539736463&rpt=334&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CCFE 42 B
64 B 168ms
168ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss0h96QHXddb1G5I42Up3D9p_W7sMr_iHhR6UdaxcZhXL-XnqzHPpAl-vCHRihAOIXmrhcNyKgfh5FHReDRsycT3FvLx-8jgBXrRK_e5RG5HlHawBuQjr_LRAvp11AemzZkiae60D8NKMPG8YMwl_xUcJnO&sai=AMfl-YS2wECuj7GwBlcW8VuAQF-vh06r7Z3WlLNGXa15G1sNmGpyFnaKlTjx7QOfxquWCrpkXOm_vCgN6ciEflm7XSdJ7k4FXtF0T2c2yjT6dwl0Qb9gpTbT7Glh-FaQFlG6ZWby-Yp5pxJ5M3Uqm76k&sig=Cg0ArKJSzCZYd3S33RGbEAE&cid=CAQSTgAvHhf_VjIVNI_RVzs7EX3FNYkUPJN-h-mBr1aJfQ_7HAVumcd-bRfzYuDIr3E4Lc6YDwaxWWkaA4Ox5fL8xmsO0mDbyehmwOuJ2DHNqhgB&id=lidar2&mcvt=1014&p=0,0,600,160&mtos=1014,1014,1014,1014,1014&tos=1014,0,0,0,0&v=20240124&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=170653973600&rst=1706539736494&rpt=339&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AC8D 42 B
64 B 167ms
167ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuueGXJ54feI_wKZgUgDl2kmQiIbirpMMLoMkYPpEzZmiJw0reKNuh8SLrAjVtVraDRVH0e1zi9oKTB679aqtf2xRxjWAhBPjAe3WhJZk0mca-j4gBh0NYwSc5Dt8IgIyed4x3W_KwT1AkPWyNQSonbgnx-znCEo6ew&sai=AMfl-YTcwerqZKaXLkMdY7viF8uw7QcqiwVmM43i9SiU3q62JFNhcugqU5MhHaPhcL6Nif3Vda79ilXTNnGhKfQzqd8EstfNq3cwrNjtpxXeVrqZBexDHUbTrM4Mp1rOEFffcLHYsF5nfCngaHVt3GfI_g&sig=Cg0ArKJSzOKP1N3XE-n1EAE&cid=CAQSTwAvHhf_Dni71YkailBqcdVykmpkBBWIF_p4-iOUrMUqxs0LzQ0IcCqxmntC6zAHd2rISeqAM3oGFmimMnwUy0pYx9eeAhk0tS8XdjkDE7EYAQ&id=lidar2&mcvt=1000&p=0,0,250,970&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240124&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1428232898&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=170653973600&rst=1706539735462&rpt=1564&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 55962472
mc.yandex.com/webvisor/ 43 B
0 665ms
365ms Fetch
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/55962472?wv-part=1&wv-type=7&wmode=0&wv-hit=910118676&page-url=https%3A%2F%2Fsotaydoanhtri.com%2F&rn=197955536&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1706539739%3Aw%3A1600x1200%3Av%3A1220%3Az%3A60%3Ai%3A20240129154858%3Au%3A1706539736176624470%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Ast%3A1706539739&t=gdpr(14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sotaydoanhtri.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:59 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 29-Jan-2024 14:48:59 GMT
content-type: image/gif
access-control-allow-origin: https://sotaydoanhtri.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 29-Jan-2024 14:48:59 GMT

POST
H2 200 55962472
mc.yandex.com/webvisor/ 43 B
0 257ms
257ms Fetch
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/55962472?wv-part=1&wv-type=7&wmode=0&wv-hit=910118676&page-url=https%3A%2F%2Fsotaydoanhtri.com%2F&rn=356915145&browser-info=we%3A1%3Aet%3A1706539739%3Aw%3A1600x1200%3Av%3A1220%3Az%3A60%3Ai%3A20240129154858%3Au%3A1706539736176624470%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Ast%3A1706539739&t=gdpr(14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sotaydoanhtri.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:48:59 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 29-Jan-2024 14:48:59 GMT
content-type: image/gif
access-control-allow-origin: https://sotaydoanhtri.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 29-Jan-2024 14:48:59 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 2A26 0
127 B 91ms
91ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 29 Jan 2024 14:48:58 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

POST
H2 200 55962472
mc.yandex.com/webvisor/ 43 B
0 63ms
63ms Fetch
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/55962472?wv-part=2&wv-type=7&wmode=0&wv-hit=910118676&page-url=https%3A%2F%2Fsotaydoanhtri.com%2F&rn=347150604&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1706539740%3Aw%3A1600x1200%3Av%3A1220%3Az%3A60%3Ai%3A20240129154900%3Au%3A1706539736176624470%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Ast%3A1706539740&t=gdpr(14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sotaydoanhtri.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:49:00 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 29-Jan-2024 14:49:00 GMT
content-type: image/gif
access-control-allow-origin: https://sotaydoanhtri.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 29-Jan-2024 14:49:00 GMT

POST
H2 200 55962472
mc.yandex.com/webvisor/ 43 B
0 67ms
66ms Fetch
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/55962472?wv-part=3&wv-type=7&wmode=0&wv-hit=910118676&page-url=https%3A%2F%2Fsotaydoanhtri.com%2F&rn=1000663981&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1706539742%3Aw%3A1600x1200%3Av%3A1220%3Az%3A60%3Ai%3A20240129154902%3Au%3A1706539736176624470%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Ast%3A1706539742&t=gdpr(14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sotaydoanhtri.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:49:02 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 29-Jan-2024 14:49:02 GMT
content-type: image/gif
access-control-allow-origin: https://sotaydoanhtri.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 29-Jan-2024 14:49:02 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 2A26 0
127 B 30ms
30ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 29 Jan 2024 14:49:03 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

POST
H2 200 55962472
mc.yandex.com/webvisor/ 43 B
0 64ms
64ms Fetch
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/55962472?wv-part=4&wv-type=7&wmode=0&wv-hit=910118676&page-url=https%3A%2F%2Fsotaydoanhtri.com%2F&rn=1033679306&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1706539746%3Aw%3A1600x1200%3Av%3A1220%3Az%3A60%3Ai%3A20240129154906%3Au%3A1706539736176624470%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Ast%3A1706539746&t=gdpr(14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sotaydoanhtri.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 14:49:06 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 29-Jan-2024 14:49:06 GMT
content-type: image/gif
access-control-allow-origin: https://sotaydoanhtri.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 29-Jan-2024 14:49:06 GMT

Verdicts & Comments Add Verdict or Comment

197 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

48 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.onesignal.com/	1970-01-20 18:02:21	Name: __cf_bm Value: Rl9kEKucp08cUq1tJGEAeA0gj_ucOfxFWrJZDQs2Qaw-1706539735-1-AXptA/wl14+VYjOkVFkU3OK0th8JIJhDnokBNCouT6bUKGjET8pDrtOLkjOLG8f/N5ZnloL5oElUDkje34qP+Xw=
.sotaydoanhtri.com/	1970-01-21 03:38:19	Name: _ga_8GL1QMLJR3 Value: GS1.1.1706539735.1.0.1706539735.0.0.0
.sotaydoanhtri.com/	1970-01-21 03:38:19	Name: _ga Value: GA1.2.1776847252.1706539735
.sotaydoanhtri.com/	1970-01-20 18:03:46	Name: _gid Value: GA1.2.1396045187.1706539735
.sotaydoanhtri.com/	1970-01-20 18:02:19	Name: _gat_gtag_UA_150915968_1 Value: 1
.sotaydoanhtri.com/	1970-01-20 20:11:55	Name: _fbp Value: fb.1.1706539735480.1378852446
.sotaydoanhtri.com/	1970-01-21 02:47:55	Name: _ym_uid Value: 1706539736176624470
.sotaydoanhtri.com/	1970-01-21 02:47:55	Name: _ym_d Value: 1706539736
.yandex.com/	1970-01-21 03:38:19	Name: i Value: Pxs00Ic8fM7sgqyUb+OEZqPm1t/upaF0MAVrkLkOLItLt4PODX85KypuTMi2B2mokBnsm8orzIJ2ehViA2SpZrVrdJQ=
.yandex.com/	1970-01-21 02:47:55	Name: yandexuid Value: 436744551706539735
.mc.yandex.com/	1970-01-20 18:02:20	Name: sync_cookie_csrf Value: 2248121870fake
.sotaydoanhtri.com/	1970-01-20 18:03:31	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-20 18:02:20	Name: sync_cookie_csrf Value: 1936881995fake
.mc.yandex.com/	1970-01-20 18:03:46	Name: sync_cookie_ok Value: synced
.yandex.ru/	1970-01-21 03:38:19	Name: yandexuid Value: 436744551706539735
.yandex.ru/	1970-01-21 03:38:19	Name: yuidss Value: 436744551706539735
.yandex.ru/	1970-01-21 03:38:19	Name: i Value: Pxs00Ic8fM7sgqyUb+OEZqPm1t/upaF0MAVrkLkOLItLt4PODX85KypuTMi2B2mokBnsm8orzIJ2ehViA2SpZrVrdJQ=
.yandex.ru/	1970-01-21 03:38:19	Name: yp Value: 1706626135.yu.8896247401706539735
.yandex.ru/	1970-01-21 02:47:55	Name: ymex Value: 1709131735.oyu.8896247401706539735
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 772185711706539735
.yandex.com/	1970-01-21 02:47:55	Name: yuidss Value: 436744551706539735
.yandex.com/	1970-01-21 02:47:55	Name: ymex Value: 1738075735.yrts.1706539735
.yandex.com/	1970-01-21 02:47:55	Name: bh Value: KgI/MA==
.sotaydoanhtri.com/	1970-01-20 18:02:21	Name: _ym_visorc Value: w
.sotaydoanhtri.com/	1970-01-21 03:23:55	Name: __gads Value: ID=22afc26ed07e9b14:T=1706539735:RT=1706539735:S=ALNI_MbCivN3VUu-6LQ4IStDLfK_OffTcg
.sotaydoanhtri.com/	1970-01-21 03:23:55	Name: __gpi Value: UID=00000d4b57eaad72:T=1706539735:RT=1706539735:S=ALNI_MYZZ_QYKnHdSm-xs8BB6RxS5jEIrw
.adnxs.com/	1970-01-20 20:11:55	Name: XANDR_PANID Value: l_1xPPExk6vY_ma_bSJqGrsJH_Gi1PxbXyqEd5ps-B8luDp0j4EPHAb7jM0ocrKeaktFPURDesjcL8nHLsWSPoofuC3zuxHxWN04Dds7C_g.
.adnxs.com/	1970-01-21 03:38:19	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:11:55	Name: uuid2 Value: 7410322783193431807
.casalemedia.com/	1970-01-21 02:47:55	Name: CMID Value: Zbe62Nctj8vRzZHe4ixY-AAA
.casalemedia.com/	1970-01-20 20:11:55	Name: CMPS Value: 5273
.casalemedia.com/	1970-01-20 20:11:55	Name: CMPRO Value: 5273
.doubleclick.net/	1970-01-20 22:21:31	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:11:55	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVHu#sJh!]tbPl1M>e)ZlrFUfJ+tGXxo<V=CG`:c/`gGO/$M:E_suPmnn(Yvmysu]_[E3If)y3KL9D3I?+lda`d%
.travelaudience.com/	1970-01-21 03:34:00	Name: _tracker Value: %7B%22UUID%22%3A%220BE14CEC-9A74-4FF0-3FD0-750EEA3F90A7%22%7D
ads.travelaudience.com/	1970-01-21 03:34:00	Name: _tracker Value: %7B%22UUID%22%3A%220BE14CEC-9A74-4FF0-3FD0-750EEA3F90A7%22%7D
.turn.com/	1970-01-20 22:21:31	Name: uid Value: 3233711585266113776
.quantserve.com/	1970-01-20 20:11:55	Name: d Value: EDEBCQGCK4EA
.quantserve.com/	1970-01-21 03:32:34	Name: mc Value: 65b7bad9-093db-c22bd-930f7
.googleadservices.com/	1970-01-20 20:11:55	Name: ar_debug Value: 1
.adfarm1.adition.com/	1970-01-20 20:11:55	Name: UserID1 Value: 7329532359741012116
.w55c.net/	1970-01-21 03:32:34	Name: wfivefivec Value: csgHhOyJ1RusWt5
.everesttech.net/	1970-01-21 02:47:55	Name: everest_g_v2 Value: g_surferid~Zbe62QAAAau47AA9
.w55c.net/	1970-01-20 18:45:31	Name: matchgoogle Value: 5
.doubleclick.net/	1970-01-21 03:23:55	Name: IDE Value: AHWqTUlmpS-2XwZAWitYgyWkkaEi3p3guhqGZHUJSi4pI9nDtdaVLeaRqZXhvn8jhKY
.adform.net/	1970-01-20 18:46:58	Name: C Value: 1
.adform.net/	1970-01-20 19:28:43	Name: uid Value: 1723992029180489233
.tribalfusion.com/	1970-01-20 20:11:55	Name: ANON_ID Value: aEntuJRZdySbAIUMnXUx7LdZan6RstjQZdZboB9YL8tprOkrZbZbMpKGWVmKwFiZaL80b0Ml3K7O7XrE6VFbVytNbEdmbWp

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://connect.facebook.net/signals/config/2590722831007978?v=2.9.143&r=stable&domain=sotaydoanhtri.com&hme=1e96626f56fb37feabdb16bd09d3dbece570479b2ec677eec7364c762eaf296e&ex_m=62%2C104%2C92%2C96%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C146%2C149%2C160%2C156%2C157%2C159%2C25%2C89%2C45%2C68%2C158%2C141%2C144%2C153%2C154%2C161%2C113%2C13%2C43%2C165%2C164%2C115%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C93%2C95%2C31%2C94%2C26%2C22%2C142%2C145%2C122%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C91%2C38%2C70%2C60%2C97%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C98(Line 95) Message: Unrecognized feature: 'attribution-reporting'.
deprecation	warning	URL: https://sotaydoanhtri.com/ Message: The keyword 'push-button' specified to an 'appearance' property is not standardized. It will be removed in the future.
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9191225033829625&output=html&h=280&adk=3809598800&adf=1604629528&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706520747&rafmt=1&to=qs&pwprc=1331719138&format=1200x280&url=https%3A%2F%2Fsotaydoanhtri.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706539736396&bpp=1&bdt=1499&idt=0&shv=r20240122&mjsv=m202401250101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x250%2C1200x280%2C1116x280&nras=4&correlator=4735770572856&frm=20&pv=1&ga_vid=1776847252.1706539735&ga_sid=1706539735&ga_hid=1329212662&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3690&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080534%2C31080620%2C31080697%2C95322180%2C95321626%2C95322164%2C95323004&oid=2&pvsid=2011981395262102&tmod=918587416&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=10 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
ad.doubleclick.net
ad.turn.com
ads.eu.criteo.com
ads.travelaudience.com
c1.adform.net
cat.nl3.eu.criteo.com
cdn.onesignal.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
csm.eu.criteo.net
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gate.getmygateway.com
googleads.g.doubleclick.net
ib.adnxs.com
imageproxy.eu.criteo.net
match.adsrvr.org
mc.yandex.com
mc.yandex.ru
onesignal.com
pagead2.googlesyndication.com
pm.w55c.net
post.plastformspecial.com
r.turn.com
region1.google-analytics.com
rtb.fr3.eu.criteo.com
rtb.nl3.eu.criteo.com
s.tribalfusion.com
s0.2mdn.net
sotaydoanhtri.com
static.cloudflareinsights.com
static.criteo.net
sync-tm.everesttech.net
tpc.googlesyndication.com
two.startperfectsolutions.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
104.18.36.155
142.250.184.194
142.250.184.198
142.250.185.194
151.101.66.49
178.250.1.6
178.250.1.9
185.89.210.180
2001:4860:4802:32::36
2001:4860:4802:34::178
2001:678:cb4:bbbb::11
2606:4700:3035::6815:105e
2606:4700::6810:3865
2606:4700::6812:19ad
2606:4700::6812:d73b
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:802::2001
2a00:1450:4001:806::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2008
2a00:1450:4001:811::2002
2a00:1450:4001:813::2003
2a00:1450:4001:828::2004
2a00:1450:4001:82a::200a
2a00:1450:4001:830::2006
2a00:1450:4001:831::2003
2a02:2638:3::10
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:3::9
2a02:2638:d::c
2a02:6b8::1:119
2a02:fa8:8806:16::1400
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a06:98c1:3121::3
3.33.220.150
3.64.234.178
35.190.0.66
35.214.149.91
37.157.3.20
45.140.146.101
45.142.212.163
85.114.159.118
040909fa61daff2c0b3373909136b3bfdfd7ef335ed88b5a77652a35768ddc79
081e05f68c4d2d900384f19a5d503c9bad0ff00b1f44a8e4e64afd63917e08c9
085431fe060a4226ca15188a99e7ea382947b5420345d72086cdfbb861b4c725
0948409a22b5979aa7e1ec20da9e61f12e7d403800b541ece053881bd2542b70
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
099bd0471fb58a4a0cbc78a18bfed8e7bab548ae8d0c5bd99979ca21686445d7
0a5443f81f44bcb998d873dbadb1b68ce642f469fe91c5b161964e7e8e40a395
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d332580c543c1026ff26c7a3155a32f02b6bb62b09fcfa920fbcbf7419b18c3
0d8601a776b7dc777cd23bc42392d05a43df0d6402328e8913b58811083b513d
0f74eda5ca917f0146ec28a71e0602f7a3b9dae063acfeecfe6549bdb165d47a
11937fa5ca9840559aa83bbccde8e63b88c3e3ce486ef8d47a0abcd5d79b78b1
19286a3caf8a15a8b0e39e33e4e3f0385c427ee6e84dad09011bf435a21f8bb9
1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
22e2bc9dcf5d047977267ed09d28d9e09b67f8b634a88ba001d9e551028dd138
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26b9dad16f35429c74f3e568c563e5b3a08eae83da3434ae63db78f6f484372e
272f86fef742939035a910f5a68ceef80061caaa360b744a139d50b5ef74d25a
296e3410271b4b395fd650f2da000e0ebd6241db28dfcf750d200902e4ddbd83
29b96ed7148160167722b465376a36f4a772cb095ebee64cb6fc9fcfdc71419d
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32bb6bb95ee0cfe00efcc89ac8aec81afa338173a5f8323653fab2ddc97e1849
337d15e8840b832ea50d1b12850f71fdea79296deb50f5e5498549c99dfc5f23
3384e396c88e07cd7d0e46d5361eff9ab20ff9f65dfb94436030ccd116943bc6
35e5eea83f2e5f2bad1213aa4b4aef30a380720e35c1821f19bc894f8e61e406
37cb1de791edc59cd8d6aaacff513c02fffb59dccf7499e255a6c1e32e9e33b9
38407e9cd3322103dfb941c7d8e32f4fd1da45c28aa43389b537b4a9658ff572
3bc817f52f6209e0c081df2ee63fad5ebe55a259be99c7ab0dbe13a015562d52
3bcb6ab2e2a54167cd69ad25f78b804012f5cc5785d8b9e292f29b7f60f9f5f7
3c23eb02de6b34e30f18cfb7167abd81a2cedfd1da60dfcb71989517ab3fb431
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
424e69515e9bf55087274704d19093781ee10d7b6dd075bcc4d9b25701ccc5f3
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
438099da1cf057f5b48133f7a74b2d506751fb1b2e888d22ca397fa1983a8f9a
468607182c6b0c79323266092526bf3c7e97df9d729dfdca76091865562bbc1f
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
4a17ee63744e6ac921153b2af8c461b5948dbca82c968f593411ed6aab72a81e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bd63652fcf6def45665c5c83222992aca2f1ed3a8b69dacb6470ea51b767d49
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ec57f2a80b91090971b83970230ca09ab3568c5f5b224896ca9aa6180a76aa9
54753bd05c9a14e23b2ecd6fb242faf57272cc3e1c12688fe1fb117b9f4d4f36
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54db8dca7039b548a0aa4e5e22fcea2a4e536b8aaec0b13a750dbc61ca3f3538
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
6039c0e8da2c0af4d0ddac49d03558864cbc9ba84fc3b20eee6b331eee12a2e0
60675e3c4dc2cad3a9bb668113c31f842e1c3b746ef1a0c4a935099c419c7215
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
661d4b208656c006e7aab58acf7784857963123675de2302279fbe6c05313547
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7063335af5b092c450e712519cfff0f6904a08e3ee6687cead439d1e5d8b0034
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
7284f5ca048d0e9e8c235ccff23defe9707ff0af66da214c304e3f31660418cc
740a88d0172009ea787e87750901157cdfedbce814b6cf4c2912cb56e47b4b2f
74fae1773a33f3ea2b13e63bf0aad08dfb1b503f27b2cc5244df9832af7f7fd2
76740b2a7b0a35eed6ceb509cefd8ddd6955bd5c656b0581f2dcdb48040ced8f
77b24796a3d4ab521f66765651875338ed50cb9306cfe4603a3e79618e429cec
787ce212d4cab4235dc255dad09027c928b1c89faa118ba2d3c9ca733d8c42ba
7a36d4b1d771c9049cb777c11edfdd0f424cdce9a2def0a1a2485b187fb62592
7d37483473b7bfa427eb6909c9326aaa9ef1b5c4ea5e5df3fe904b47521a74d2
857389921159836682fb791faa16d00e1f37ffda7609a4117f4727344352800c
85f4fe6b01478702a7c2581b25a81de3dfbfa871ee5ed0298fc44588f270720a
8bf23b82d939bb7f3d64650989894b9e00534789e8e782a07069005d8bed094c
8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
90b52ed63bb7f5995b022861cbe89c30ef2f6dbb5d29f1fc80eaea259aafd32e
9657b75886d8424a9440ab898778c1033e8d2bafac34a14cb25a58d0863fe6f9
97c530c44249746307c2b01b37eed0f53757d139bc4243798f468c71da9844da
985625c2fcf1acd7d17faaa780bb1df0985117d7f96427db3607f3c87dc85262
98a2fbbfdf666c4b875ed5d04436b77dc3890b85788f085967b51bb0305bbee8
99313aa44054ac4338812d8221ca851fe204c8663379f3a158671b623f820af3
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
9ba3126278b694116e1b6f41f05bcd369c9adb33eae71ce23d4c813ac0ee73b1
9be02ea845edbe6539b2c8ff343ce97fc9e3295a1156e0d47810187568aa4113
9c641fd8ad8fc0517d4ee8d937866e2542fe7e0b07761c710a5c9a423b269dd9
9d79df0df26c761dbe2189c93357d3ac1d8ed5d625d77701e33032713139be07
9df4ea0c8c25b6c96ccb4ef96780a7b074ee266972670f2572d38a961f1b481f
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a9f48948c2924525ac9827d996f98c169fe375351bc07ac295dd68679874038e
abc3e5b7c4f477ff2289ebccbba4d30443495451f9a51c7cb7bd5fca87fbfc4f
abd60d8a615f0e179ae52ccf5df084cc184c61d1da8887260287242b64ae94b9
acb73466e72ac22ee1885b8fbe0a12d575fd20fbe0ccc1ec92c9b68a484b6671
adfa45260a1306cb5fefc1f17c1b5e7b61135534a82bf1b8e3d0540af7e07e3b
aeac6316353c65986e52aae63bbef4be62a9e7abfbb39910d52e8a64e78dfd2a
aee4051a20e975b9bb6fdc20984a091eb1f55c35ea87abe441db4cdbe8c116d0
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b463fe24ae47b4ae238f48c140f17df1caf8b5ed0e957b82f9e608a6d6a4d862
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
bc531edb737131beee262d805228188423b842a23009de519fb84005ef60fcd4
c2a69649d15f908464902e679f465757cff39c3f59f8d92f4117987152c50303
c7136685cd925ac53f86d8ea27987776e4d4a845b38b8b3e364e990ce76d68d2
cba242d5fa4a5366b924a5006ccea9a61e4eb4bfa80276ab3d80f7cea4690ec2
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d218022944e3af5fae0616b4556bd8f5bbe6cba0e664e9282363a1bc0e54c04a
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
d8980d8816ac9e1fbf4a741de11319b07af004b8247580eb23aa2dea0b29092a
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cdaa7134faacf7bf9ee381e7711b534d8ecffed86a110685dc94a1f7202997
e55195f91032793c319cd9601747242ab3affeebf3b0194c73e8062bf1c218df
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ebe0f94ca53bc5f7d865f89aec5b0315bca03ace6942d6c1c76d94d5b59d419a
ee87e6547702fb6ef8a6f9d5ef54c46594c7481654f383a9ba9c17867932172c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef1fa25b906c506f3be14737271fb409da90ad30bf0b1c0ff6961f45f21a02dd
ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2
f49b613c9f97c7a5ff665d78ed984e8352e9d0acbb5879b5b17a02478b8b1104
f54d3a9011dd18c3a6b2c5ca5c5bf3d490d5428046d806c4aa9ecec5f82139ca
f550e9d8226bcdd512b74a8de30c6c7798e262784b092e08d447e68ccbb25985
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6a91d9568a8a1b802a2312777b1a5d5dcbdad808c476097fc75081e340d3c69
f923adf1b132c50ea79e9e1d9550c655d432df5214582937d4051e37a0367df0
fc66f942651a9fe1a598770d3d896529dcd7a03d02f40655451513093103e61b
ff6a558e8ce95a292cb891b334ebff6fe62d37ead1c640b7e1f82d88f008f891
ffbfcd78b15d92e860631c9b22915d95eb7b5548464198274397c2c3e151ef45

sotaydoanhtri.com Open in urlscan Pro 2606:4700:3035::6815:105e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

214 Requests

91 %HTTPS

64 %IPv6

35 Domains

49 Subdomains

41 IPs

10 Countries

6456 kBTransfer

11410 kBSize

48 Cookies

6 Outgoing links

Page URL History

Redirected requests

214 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

sotaydoanhtri.com Open in urlscan Pro
2606:4700:3035::6815:105e Public Scan

Screenshot
Live screenshot

Full Image

214
Requests

91 %
HTTPS

64 %
IPv6

35
Domains

49
Subdomains

41
IPs

10
Countries

6456 kB
Transfer

11410 kB
Size

48
Cookies

214 HTTP transactions
13 data transactions