urlscan.io logo urlscan.io
SecurityTrails logo

xsmb99.me Open in urlscan Pro
103.9.77.158  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cutt.ly/REiqw6Y
Effective URL: https://xsmb99.me/xsmb-thu-2.html
Submission: On September 18 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 22 IPs in 7 countries across 23 domains to perform 115 HTTP transactions. The main IP is 103.9.77.158, located in Viet Nam and belongs to VNPT-AS-VN VNPT Corp, VN. The main domain is xsmb99.me.
TLS certificate: Issued by R3 on August 29th 2021. Valid for: 3 months.
This is the only time xsmb99.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 104.22.0.232 13335 (CLOUDFLAR...)
12 103.9.77.158 45899 (VNPT-AS-V...)
1 104.18.10.207 13335 (CLOUDFLAR...)
4 104.16.19.94 13335 (CLOUDFLAR...)
1 142.250.185.200 15169 (GOOGLE)
19 142.250.185.194 15169 (GOOGLE)
4 142.250.184.202 15169 (GOOGLE)
9 142.250.184.227 15169 (GOOGLE)
12 142.250.185.66 15169 (GOOGLE)
2 142.250.185.110 15169 (GOOGLE)
3 142.250.184.194 15169 (GOOGLE)
5 142.250.186.98 15169 (GOOGLE)
25 142.250.185.225 15169 (GOOGLE)
2 142.250.185.134 15169 (GOOGLE)
3 10 142.250.180.194 15169 (GOOGLE)
2 4 2.18.234.21 16625 (AKAMAI-AS)
2 3 37.252.172.250 29990 (ASN-APPNEX)
1 213.202.235.8 24961 (MYLOC-AS ...)
1 2 142.250.186.68 15169 (GOOGLE)
1 91.228.74.198 16509 (AMAZON-02)
1 1 63.32.201.39 16509 (AMAZON-02)
1 34.98.67.61 15169 (GOOGLE)
2 2 35.227.252.103 15169 (GOOGLE)
1 1 69.173.144.139 26667 (RUBICONPR...)
1 52.199.44.14 16509 (AMAZON-02)
115 22
1    104.22.0.232 (None, )

ASN13335 (CLOUDFLARENET, US)
cutt.ly
12    103.9.77.158 (Viet Nam)

ASN45899 (VNPT-AS-VN VNPT Corp, VN)
xsmb99.me
1    104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
4    104.16.19.94 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    142.250.185.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f8.1e100.net
www.googletagmanager.com
19    142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
pagead2.googlesyndication.com
partner.googleadservices.com
4    142.250.184.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f10.1e100.net
fonts.googleapis.com
9    142.250.184.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f3.1e100.net
fonts.gstatic.com
www.gstatic.com
12    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
googleads.g.doubleclick.net
2    142.250.185.110 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f14.1e100.net
www.google-analytics.com
3    142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net
adservice.google.com
5    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
www.googletagservices.com
25    142.250.185.225 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f1.1e100.net
tpc.googlesyndication.com
2    142.250.185.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f6.1e100.net
s0.2mdn.net
10    142.250.180.194 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s33-in-f2.1e100.net
googleads4.g.doubleclick.net
cm.g.doubleclick.net
4    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
dsum-sec.casalemedia.com
3    37.252.172.250 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
1    213.202.235.8 (Düsseldorf, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
m.exactag.com
2    142.250.186.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f4.1e100.net
www.google.com
1    91.228.74.198 (United Kingdom)

ASN16509 (AMAZON-02, US)
cms.quantserve.com
1    63.32.201.39 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-201-39.eu-west-1.compute.amazonaws.com
pixel.everesttech.net
1    34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com
odr.mookie1.com
2    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
1    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
1    52.199.44.14 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-199-44-14.ap-northeast-1.compute.amazonaws.com
cc.adingo.jp
Domain Requested by
25 tpc.googlesyndication.com googleads.g.doubleclick.net
xsmb99.me
tpc.googlesyndication.com
pagead2.googlesyndication.com
18 pagead2.googlesyndication.com xsmb99.me
pagead2.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
12 googleads.g.doubleclick.net pagead2.googlesyndication.com
xsmb99.me
googleads.g.doubleclick.net
12 xsmb99.me xsmb99.me
8 cm.g.doubleclick.net 3 redirects googleads.g.doubleclick.net
xsmb99.me
5 www.googletagservices.com pagead2.googlesyndication.com
xsmb99.me
googleads.g.doubleclick.net
5 fonts.gstatic.com fonts.googleapis.com
4 dsum-sec.casalemedia.com 2 redirects googleads.g.doubleclick.net
4 www.gstatic.com googleads.g.doubleclick.net
4 fonts.googleapis.com xsmb99.me
googleads.g.doubleclick.net
4 cdnjs.cloudflare.com xsmb99.me
cdnjs.cloudflare.com
3 ib.adnxs.com 2 redirects googleads.g.doubleclick.net
3 adservice.google.com pagead2.googlesyndication.com
2 rtb.openx.net 2 redirects
2 www.google.com 1 redirects tpc.googlesyndication.com
2 googleads4.g.doubleclick.net xsmb99.me
2 s0.2mdn.net xsmb99.me
tpc.googlesyndication.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 cc.adingo.jp googleads.g.doubleclick.net
1 pixel.rubiconproject.com 1 redirects
1 odr.mookie1.com googleads.g.doubleclick.net
1 pixel.everesttech.net 1 redirects
1 cms.quantserve.com googleads.g.doubleclick.net
1 m.exactag.com xsmb99.me
1 partner.googleadservices.com pagead2.googlesyndication.com
1 www.googletagmanager.com xsmb99.me
1 stackpath.bootstrapcdn.com xsmb99.me
1 cutt.ly 1 redirects
115 28

This site contains no links.

Subject Issuer Validity Valid
xsmb99.me
R3		 2021-08-29 -
2021-11-27		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
*.exactag.com
Sectigo ECC Domain Validation Secure Server CA		 2021-08-16 -
2022-09-14		 a year crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA		 2020-10-02 -
2021-10-07		 a year crt.sh
*.mookie1.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-22 -
2022-03-25		 a year crt.sh
*.adingo.jp
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-26 -
2022-04-14		 a year crt.sh

This page contains 20 frames:

Primary Page: https://xsmb99.me/xsmb-thu-2.html
Frame ID: C53547756F3F41D25912995F46047F09
Requests: 36 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20190131/zrt_lookup.html
Frame ID: 9DCADD29DF14403E2159A229A4221040
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&adk=1812271804&adf=3025194257&lmt=1631940600&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940600804&bpp=3&bdt=543&idt=88&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2930251097080&frm=20&pv=2&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=105
Frame ID: DBAE805945FA91F0A3F4CBF245D534D8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
Frame ID: A70458F4FB9661F7074BE7FE70D52C0C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Frame ID: 013650092F296D970EE8E3CC8A2BD478
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631940601&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1429&idt=2&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280%2C730x280&nras=4&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=clFxt6WWUW&p=https%3A//xsmb99.me&dtd=38
Frame ID: 200FB4FDFF640E474E9D1F336FEB4C90
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Frame ID: ECF224D61C20FC0291251CFAFA257D70
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Frame ID: 8BD008548DD77443F6676DFA0B2B4BF2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMnRvNQCEJP9zuICGL2BgbIBMAE&v=APEucNWfjihzFJpRr1U1MaBA_eGJobyvJLxMxoMTPPK5Vlrft61gGD6W_vOhG3uN1mJCN2ys00y_Z2py1dQNLgAMMpOb25eyLw
Frame ID: FADB4668A06B58BD9DC7D0691E7BFD4D
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/abg_lite_fy2019.js
Frame ID: D6265851DCFC96103D8DE1B4E44C919F
Requests: 12 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 783BE01CE4385C0D7FCCD8D7C3CFCB38
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 73781CB19AD07E976A3EC768FC90CF82
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Frame ID: 496D8732575EE0C606E2135EDC7803B1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html
Frame ID: 01D011B93F81EF36386E9F21A85B5700
Requests: 8 HTTP requests in this frame

Frame: https://m.exactag.com/ai.aspx?extProvId=5&extPu=sixt-gaw&extLi=11488657578&rnd=209822247
Frame ID: 95A7D950ED31BDA19B910D8B497BF467
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: DF566AE3F65B15164DF554F8B103A2D5
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 54D66E7BA795A6A41D2CE1782E474118
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Frame ID: 67BA0D698DAEF4A1692115EF398B0092
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 359303E4D85E83EE1A4EC3600CD824B7
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8E1CF216D667E10FA3348260FFED6B31
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

XSMB Thu 2 – Kết quả xổ số miền Bắc Thứ 2 hàng tuần

Page URL History Show full URLs

  1. https://cutt.ly/REiqw6Y HTTP 301
    https://xsmb99.me/xsmb-thu-2.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

115
Requests

99 %
HTTPS

0 %
IPv6

23
Domains

28
Subdomains

22
IPs

7
Countries

1489 kB
Transfer

3678 kB
Size

26
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cutt.ly/REiqw6Y HTTP 301
    https://xsmb99.me/xsmb-thu-2.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENutnzBdJADDNiuRX5luARg&google_cver=1
Request Chain 63
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUVv.lZFtOCzAIzQNTDvKAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENutnzBdJADDNiuRX5luARg&google_cver=1&google_hm=2
Request Chain 64
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHlj9pZ2AYLSjJ2rG_nkLCM&google_cver=1
Request Chain 65
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgxNTk5NDcwODk0Mjc0ODc0NQ%3D%3D
Request Chain 98
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 100
  • https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPL2E81NjKj0f_yyO_2wvMHpIZcspgmAVrhrOoGJPbIUi4KrvSuk03tPUcOUF47fxPCA_umnK9jcpQNYpF9rNVkv3j80xQ&google_gid=CAESEAHZJkoajY15OCErDZz-6SM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVVWdkBnQUFBT29mdDJvbg&google_push=AYg5qPL2E81NjKj0f_yyO_2wvMHpIZcspgmAVrhrOoGJPbIUi4KrvSuk03tPUcOUF47fxPCA_umnK9jcpQNYpF9rNVkv3j80xQ
Request Chain 102
  • https://rtb.openx.net/sync/dds?google_gid=CAESELMJi-zUlMSVyRFHLSClnok&google_cver=1&google_push=AYg5qPLFvEtkjxNpfT-u8jzcG1yA8DQ9c5AiWebwiw7ki0k-JhfdGz35srJUrbJXtMH0-jdRNhUifxsV8VK61vnfQPug3axBzg HTTP 302
  • https://rtb.openx.net/sync/dds?google_gid=CAESELMJi-zUlMSVyRFHLSClnok&google_cver=1&google_push=AYg5qPLFvEtkjxNpfT-u8jzcG1yA8DQ9c5AiWebwiw7ki0k-JhfdGz35srJUrbJXtMH0-jdRNhUifxsV8VK61vnfQPug3axBzg&ox_sc=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLFvEtkjxNpfT-u8jzcG1yA8DQ9c5AiWebwiw7ki0k-JhfdGz35srJUrbJXtMH0-jdRNhUifxsV8VK61vnfQPug3axBzg&google_hm=mQZtID9rwRQmKUUoD-vg3A==
Request Chain 103
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJE-3G4lndmnDwZQgqDZFUo&google_cver=1&google_push=AYg5qPL8ocuh3D5bL-3f9fsaZT5OZRqWt-6kSMVRcRatwD2Ugr7f0erqyBzbmEGiVFdSUz_28yJxezlNg9qKSXelDjWY5Df8yA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RQQkFSWVItMjItRVBWSw==&google_push=AYg5qPL8ocuh3D5bL-3f9fsaZT5OZRqWt-6kSMVRcRatwD2Ugr7f0erqyBzbmEGiVFdSUz_28yJxezlNg9qKSXelDjWY5Df8yA
Request Chain 104
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1

115 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request xsmb-thu-2.html
xsmb99.me/
Redirect Chain
  • https://cutt.ly/REiqw6Y
  • https://xsmb99.me/xsmb-thu-2.html
89 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PHP/7.3.27 PleskLin
Resource Hash
8e62733b1b3855209abb304a0cf8415bef734546ddaa25523c24c7109ca83085

Request headers

:method
GET
:authority
xsmb99.me
:scheme
https
:path
/xsmb-thu-2.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx
date
Sat, 18 Sep 2021 04:49:59 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.3.27 PleskLin
cache-control
private, must-revalidate
pragma
no-cache
expires
-1
set-cookie
XSRF-TOKEN=eyJpdiI6ImNZMHVKU1grRUFEeEcwZTBvSTVmT1E9PSIsInZhbHVlIjoibUltb1NMUTQ2SllIZnJJTE1aN3ZNbGE5VHRjRE0xWWNsYW54M3VSZkZhUmJMQ3NXd2RLTUhiYXJZNENIanBsVyIsIm1hYyI6IjNkMGE5YTRkYmFlZmY2OWIxOWM5ODM4ODhjODYyZTk1NWExYmRiOWY2YTFiZjI3OWNjMzdmN2FlNGJkNmE4OGUifQ%3D%3D; expires=Sat, 18-Sep-2021 06:49:59 GMT; Max-Age=7200; path=/ xsmb99me_session=eyJpdiI6IjQ5emNJaE8xbk1Vb2VIYUNLNWNYRHc9PSIsInZhbHVlIjoiNGZ0a2ZBNnRhUTJybXdXKzhicVBlNGxNNEZQb2V4QnhiVnVNSGxoM1A0eksvcEdYT0FEeDVJS3NPOWhPSTRtcSIsIm1hYyI6IjY4ZDZlYzQyN2M3ZGVhYmIzMzdhZWI3YjYyZWU1ZGYyYmQyMGZiZmUxNTc2MmY4MmE3NGZiZGFjMmJjMGNiMGYifQ%3D%3D; expires=Sat, 18-Sep-2021 06:49:59 GMT; Max-Age=7200; path=/; httponly
ms-author-via
DAV
content-encoding
gzip

Redirect headers

date
Sat, 18 Sep 2021 04:49:58 GMT
content-type
text/html; charset=UTF-8
set-cookie
PHPSESSID=2f15nd1k7h2k535vi4jguu51f9; path=/; secure
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
location
https://xsmb99.me/xsmb-thu-2.html
vary
Accept-Encoding
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6907f3647f072778-PRG
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/ 		138 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://xsmb99.me/
Origin
https://xsmb99.me
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
752, 617, 617
age
66608
cdn-cachedat
2021-07-24 16:36:30
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
eb25025d53f0359ef81ee21e335f3db5
cf-ray
6907f3717807f9e6-PRG
cdn-requestcountrycode
CZ
cdn-status
200
cdn-requestpullsuccess
True
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 		37 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
644709
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
5884
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-9226"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FI6XF8vtLyWTT85YL5GR9te%2BSeobpLjsxw2v6nCTGTDnypZn4En%2B6slkUyWFPyFPMEVsGyj0364MK6c89Nhzv7%2B2T%2BIIJEnuG5sQqcvjsgqVH8aA9%2BeDm%2FEdi7oJWEnos5nyHz1Q"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6907f3717e402794-PRG
expires
Thu, 08 Sep 2022 04:50:00 GMT
animate.compat.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.0/ 		69 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.0/animate.compat.min.css
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
423fb3104bee6c447894ee65db4d1cdd47ee7c13ac293829b20254d3fb770a85
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
530957
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4248
timing-allow-origin
*
last-modified
Mon, 11 May 2020 12:18:44 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb942a4-113d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8lg9i6qxjeE%2BjS61BY9vFjRJWrXwPgE6prZieiPvJ%2BFa0W77KxUjLPev1XwfPINaPtaG1OamVFzaFu%2BpOjfMNU7BGMaEx2tYrzqjyTAAaYcBehdagqRzj2bSJ6IoqqjxkYZbr%2FBN"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6907f3717e422794-PRG
expires
Thu, 08 Sep 2022 04:50:00 GMT
animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.2/ 		57 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.2/animate.min.css
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
899857
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
3511
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:58 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d2a-e311"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rv0ly%2FIZiKJw1H%2FlHuAx14Tdca5fgndGax4jVSY%2F23LbN2LXtTRSy1iU8WqmZxX8b%2FMgAkcrYoc8TvXIBLbFYgOvaZy%2F%2BGLJQlNhos8MbBw1FtXcBitDCSUj68TlUkXwUq9Yroxd"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6907f3717e432794-PRG
expires
Thu, 08 Sep 2022 04:50:00 GMT
main.css
xsmb99.me/user/css/ 		52 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/user/css/main.css?v=36
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
67aa0ea54160c6fe82fff6a797329287b02d9cc876bb8430dd321c1e3ab03572

Request headers

:path
/user/css/main.css?v=36
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6ImNZMHVKU1grRUFEeEcwZTBvSTVmT1E9PSIsInZhbHVlIjoibUltb1NMUTQ2SllIZnJJTE1aN3ZNbGE5VHRjRE0xWWNsYW54M3VSZkZhUmJMQ3NXd2RLTUhiYXJZNENIanBsVyIsIm1hYyI6IjNkMGE5YTRkYmFlZmY2OWIxOWM5ODM4ODhjODYyZTk1NWExYmRiOWY2YTFiZjI3OWNjMzdmN2FlNGJkNmE4OGUifQ%3D%3D; xsmb99me_session=eyJpdiI6IjQ5emNJaE8xbk1Vb2VIYUNLNWNYRHc9PSIsInZhbHVlIjoiNGZ0a2ZBNnRhUTJybXdXKzhicVBlNGxNNEZQb2V4QnhiVnVNSGxoM1A0eksvcEdYT0FEeDVJS3NPOWhPSTRtcSIsIm1hYyI6IjY4ZDZlYzQyN2M3ZGVhYmIzMzdhZWI3YjYyZWU1ZGYyYmQyMGZiZmUxNTc2MmY4MmE3NGZiZGFjMmJjMGNiMGYifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-thu-2.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-thu-2.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
gzip
last-modified
Sat, 07 Nov 2020 14:09:44 GMT
server
nginx
x-powered-by
PleskLin
etag
W/"5fa6aaa8-ce6e"
vary
Accept-Encoding
content-type
text/css
js
www.googletagmanager.com/gtag/ 		99 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-150732184-1
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
e875d4d6c3c7d55d600010273ca65cc1af9278146668d76a80159819fa24b3e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40356
x-xss-protection
0
last-modified
Sat, 18 Sep 2021 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 18 Sep 2021 04:50:00 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		138 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
94dcbfd217ebcabb12fcd3012f9e2f098bd9f2a2bbd89fb6a1c3596258372f26
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
48994
x-xss-protection
0
server
cafe
etag
12729595234619869058
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 18 Sep 2021 04:50:00 GMT
du-doan-mien-bac.jpg
xsmb99.me/user/images/ 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xsmb99.me/user/images/du-doan-mien-bac.jpg
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
057d84a94b4b110faddc611c95a8bd44af3b3f4ce131250a1634c20cb3fca53d

Request headers

:path
/user/images/du-doan-mien-bac.jpg
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6ImNZMHVKU1grRUFEeEcwZTBvSTVmT1E9PSIsInZhbHVlIjoibUltb1NMUTQ2SllIZnJJTE1aN3ZNbGE5VHRjRE0xWWNsYW54M3VSZkZhUmJMQ3NXd2RLTUhiYXJZNENIanBsVyIsIm1hYyI6IjNkMGE5YTRkYmFlZmY2OWIxOWM5ODM4ODhjODYyZTk1NWExYmRiOWY2YTFiZjI3OWNjMzdmN2FlNGJkNmE4OGUifQ%3D%3D; xsmb99me_session=eyJpdiI6IjQ5emNJaE8xbk1Vb2VIYUNLNWNYRHc9PSIsInZhbHVlIjoiNGZ0a2ZBNnRhUTJybXdXKzhicVBlNGxNNEZQb2V4QnhiVnVNSGxoM1A0eksvcEdYT0FEeDVJS3NPOWhPSTRtcSIsIm1hYyI6IjY4ZDZlYzQyN2M3ZGVhYmIzMzdhZWI3YjYyZWU1ZGYyYmQyMGZiZmUxNTc2MmY4MmE3NGZiZGFjMmJjMGNiMGYifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-thu-2.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-thu-2.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
last-modified
Thu, 25 Jun 2020 01:59:11 GMT
server
nginx
x-powered-by
PleskLin
etag
"5ef404ef-5d6c"
content-type
image/jpeg
accept-ranges
bytes
content-length
23916
du-doan-mien-trung.jpg
xsmb99.me/user/images/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xsmb99.me/user/images/du-doan-mien-trung.jpg
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
2360f1c5ffe67a2c07953ca34424848978014440f2f41157dca411f96865bdf9

Request headers

:path
/user/images/du-doan-mien-trung.jpg
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6ImNZMHVKU1grRUFEeEcwZTBvSTVmT1E9PSIsInZhbHVlIjoibUltb1NMUTQ2SllIZnJJTE1aN3ZNbGE5VHRjRE0xWWNsYW54M3VSZkZhUmJMQ3NXd2RLTUhiYXJZNENIanBsVyIsIm1hYyI6IjNkMGE5YTRkYmFlZmY2OWIxOWM5ODM4ODhjODYyZTk1NWExYmRiOWY2YTFiZjI3OWNjMzdmN2FlNGJkNmE4OGUifQ%3D%3D; xsmb99me_session=eyJpdiI6IjQ5emNJaE8xbk1Vb2VIYUNLNWNYRHc9PSIsInZhbHVlIjoiNGZ0a2ZBNnRhUTJybXdXKzhicVBlNGxNNEZQb2V4QnhiVnVNSGxoM1A0eksvcEdYT0FEeDVJS3NPOWhPSTRtcSIsIm1hYyI6IjY4ZDZlYzQyN2M3ZGVhYmIzMzdhZWI3YjYyZWU1ZGYyYmQyMGZiZmUxNTc2MmY4MmE3NGZiZGFjMmJjMGNiMGYifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-thu-2.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-thu-2.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
last-modified
Thu, 25 Jun 2020 01:59:11 GMT
server
nginx
x-powered-by
PleskLin
etag
"5ef404ef-40a6"
content-type
image/jpeg
accept-ranges
bytes
content-length
16550
du-doan-mien-nam.jpg
xsmb99.me/user/images/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xsmb99.me/user/images/du-doan-mien-nam.jpg
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
49880c9128857dd1dfb0408125209d076b22591095f1ab98e6caa341df5690c5

Request headers

:path
/user/images/du-doan-mien-nam.jpg
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6ImNZMHVKU1grRUFEeEcwZTBvSTVmT1E9PSIsInZhbHVlIjoibUltb1NMUTQ2SllIZnJJTE1aN3ZNbGE5VHRjRE0xWWNsYW54M3VSZkZhUmJMQ3NXd2RLTUhiYXJZNENIanBsVyIsIm1hYyI6IjNkMGE5YTRkYmFlZmY2OWIxOWM5ODM4ODhjODYyZTk1NWExYmRiOWY2YTFiZjI3OWNjMzdmN2FlNGJkNmE4OGUifQ%3D%3D; xsmb99me_session=eyJpdiI6IjQ5emNJaE8xbk1Vb2VIYUNLNWNYRHc9PSIsInZhbHVlIjoiNGZ0a2ZBNnRhUTJybXdXKzhicVBlNGxNNEZQb2V4QnhiVnVNSGxoM1A0eksvcEdYT0FEeDVJS3NPOWhPSTRtcSIsIm1hYyI6IjY4ZDZlYzQyN2M3ZGVhYmIzMzdhZWI3YjYyZWU1ZGYyYmQyMGZiZmUxNTc2MmY4MmE3NGZiZGFjMmJjMGNiMGYifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-thu-2.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-thu-2.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
last-modified
Thu, 25 Jun 2020 01:59:11 GMT
server
nginx
x-powered-by
PleskLin
etag
"5ef404ef-4a44"
content-type
image/jpeg
accept-ranges
bytes
content-length
19012
jquery-3.5.1.min.js
xsmb99.me/components/ 		87 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/components/jquery-3.5.1.min.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

Request headers

:path
/components/jquery-3.5.1.min.js
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6ImNZMHVKU1grRUFEeEcwZTBvSTVmT1E9PSIsInZhbHVlIjoibUltb1NMUTQ2SllIZnJJTE1aN3ZNbGE5VHRjRE0xWWNsYW54M3VSZkZhUmJMQ3NXd2RLTUhiYXJZNENIanBsVyIsIm1hYyI6IjNkMGE5YTRkYmFlZmY2OWIxOWM5ODM4ODhjODYyZTk1NWExYmRiOWY2YTFiZjI3OWNjMzdmN2FlNGJkNmE4OGUifQ%3D%3D; xsmb99me_session=eyJpdiI6IjQ5emNJaE8xbk1Vb2VIYUNLNWNYRHc9PSIsInZhbHVlIjoiNGZ0a2ZBNnRhUTJybXdXKzhicVBlNGxNNEZQb2V4QnhiVnVNSGxoM1A0eksvcEdYT0FEeDVJS3NPOWhPSTRtcSIsIm1hYyI6IjY4ZDZlYzQyN2M3ZGVhYmIzMzdhZWI3YjYyZWU1ZGYyYmQyMGZiZmUxNTc2MmY4MmE3NGZiZGFjMmJjMGNiMGYifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-thu-2.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-thu-2.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
gzip
last-modified
Sat, 11 Jul 2020 15:08:51 GMT
server
nginx
x-powered-by
PleskLin
etag
W/"5f09d603-15d83"
vary
Accept-Encoding
content-type
application/javascript
popper-1.16.min.js
xsmb99.me/components/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/components/popper-1.16.min.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
d9fca4eb7997f7c7bd329252b09ba2a45e97dea35730d5ec7215cbb7d62ac3ab

Request headers

:path
/components/popper-1.16.min.js
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6ImNZMHVKU1grRUFEeEcwZTBvSTVmT1E9PSIsInZhbHVlIjoibUltb1NMUTQ2SllIZnJJTE1aN3ZNbGE5VHRjRE0xWWNsYW54M3VSZkZhUmJMQ3NXd2RLTUhiYXJZNENIanBsVyIsIm1hYyI6IjNkMGE5YTRkYmFlZmY2OWIxOWM5ODM4ODhjODYyZTk1NWExYmRiOWY2YTFiZjI3OWNjMzdmN2FlNGJkNmE4OGUifQ%3D%3D; xsmb99me_session=eyJpdiI6IjQ5emNJaE8xbk1Vb2VIYUNLNWNYRHc9PSIsInZhbHVlIjoiNGZ0a2ZBNnRhUTJybXdXKzhicVBlNGxNNEZQb2V4QnhiVnVNSGxoM1A0eksvcEdYT0FEeDVJS3NPOWhPSTRtcSIsIm1hYyI6IjY4ZDZlYzQyN2M3ZGVhYmIzMzdhZWI3YjYyZWU1ZGYyYmQyMGZiZmUxNTc2MmY4MmE3NGZiZGFjMmJjMGNiMGYifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-thu-2.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-thu-2.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
gzip
last-modified
Sat, 11 Jul 2020 15:08:51 GMT
server
nginx
x-powered-by
PleskLin
etag
W/"5f09d603-52f0"
vary
Accept-Encoding
content-type
application/javascript
bootstrap.min.js
xsmb99.me/components/bootstrap-4.1.3/js/ 		50 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/components/bootstrap-4.1.3/js/bootstrap.min.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Request headers

:path
/components/bootstrap-4.1.3/js/bootstrap.min.js
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6ImNZMHVKU1grRUFEeEcwZTBvSTVmT1E9PSIsInZhbHVlIjoibUltb1NMUTQ2SllIZnJJTE1aN3ZNbGE5VHRjRE0xWWNsYW54M3VSZkZhUmJMQ3NXd2RLTUhiYXJZNENIanBsVyIsIm1hYyI6IjNkMGE5YTRkYmFlZmY2OWIxOWM5ODM4ODhjODYyZTk1NWExYmRiOWY2YTFiZjI3OWNjMzdmN2FlNGJkNmE4OGUifQ%3D%3D; xsmb99me_session=eyJpdiI6IjQ5emNJaE8xbk1Vb2VIYUNLNWNYRHc9PSIsInZhbHVlIjoiNGZ0a2ZBNnRhUTJybXdXKzhicVBlNGxNNEZQb2V4QnhiVnVNSGxoM1A0eksvcEdYT0FEeDVJS3NPOWhPSTRtcSIsIm1hYyI6IjY4ZDZlYzQyN2M3ZGVhYmIzMzdhZWI3YjYyZWU1ZGYyYmQyMGZiZmUxNTc2MmY4MmE3NGZiZGFjMmJjMGNiMGYifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-thu-2.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-thu-2.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
gzip
last-modified
Sat, 11 Jul 2020 15:08:51 GMT
server
nginx
x-powered-by
PleskLin
etag
W/"5f09d603-c75f"
vary
Accept-Encoding
content-type
application/javascript
bootstrap-notify.min.js
xsmb99.me/components/bootstrap-notify/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/components/bootstrap-notify/bootstrap-notify.min.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
2e53746b427784c9032ced6685c330cbe18831b21157b92f287c78a02c4da312

Request headers

:path
/components/bootstrap-notify/bootstrap-notify.min.js
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6ImNZMHVKU1grRUFEeEcwZTBvSTVmT1E9PSIsInZhbHVlIjoibUltb1NMUTQ2SllIZnJJTE1aN3ZNbGE5VHRjRE0xWWNsYW54M3VSZkZhUmJMQ3NXd2RLTUhiYXJZNENIanBsVyIsIm1hYyI6IjNkMGE5YTRkYmFlZmY2OWIxOWM5ODM4ODhjODYyZTk1NWExYmRiOWY2YTFiZjI3OWNjMzdmN2FlNGJkNmE4OGUifQ%3D%3D; xsmb99me_session=eyJpdiI6IjQ5emNJaE8xbk1Vb2VIYUNLNWNYRHc9PSIsInZhbHVlIjoiNGZ0a2ZBNnRhUTJybXdXKzhicVBlNGxNNEZQb2V4QnhiVnVNSGxoM1A0eksvcEdYT0FEeDVJS3NPOWhPSTRtcSIsIm1hYyI6IjY4ZDZlYzQyN2M3ZGVhYmIzMzdhZWI3YjYyZWU1ZGYyYmQyMGZiZmUxNTc2MmY4MmE3NGZiZGFjMmJjMGNiMGYifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-thu-2.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-thu-2.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
gzip
last-modified
Sun, 22 Mar 2020 13:05:12 GMT
server
nginx
x-powered-by
PleskLin
etag
W/"5e776288-2310"
vary
Accept-Encoding
content-type
application/javascript
main.js
xsmb99.me/user/js/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/user/js/main.js?v=36
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
dbd934625879ee54a986a2a0d98816c0d8cb4c9f1b87c444489ef3f6d61af985

Request headers

:path
/user/js/main.js?v=36
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6ImNZMHVKU1grRUFEeEcwZTBvSTVmT1E9PSIsInZhbHVlIjoibUltb1NMUTQ2SllIZnJJTE1aN3ZNbGE5VHRjRE0xWWNsYW54M3VSZkZhUmJMQ3NXd2RLTUhiYXJZNENIanBsVyIsIm1hYyI6IjNkMGE5YTRkYmFlZmY2OWIxOWM5ODM4ODhjODYyZTk1NWExYmRiOWY2YTFiZjI3OWNjMzdmN2FlNGJkNmE4OGUifQ%3D%3D; xsmb99me_session=eyJpdiI6IjQ5emNJaE8xbk1Vb2VIYUNLNWNYRHc9PSIsInZhbHVlIjoiNGZ0a2ZBNnRhUTJybXdXKzhicVBlNGxNNEZQb2V4QnhiVnVNSGxoM1A0eksvcEdYT0FEeDVJS3NPOWhPSTRtcSIsIm1hYyI6IjY4ZDZlYzQyN2M3ZGVhYmIzMzdhZWI3YjYyZWU1ZGYyYmQyMGZiZmUxNTc2MmY4MmE3NGZiZGFjMmJjMGNiMGYifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
xsmb99.me
referer
https://xsmb99.me/xsmb-thu-2.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/xsmb-thu-2.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
gzip
last-modified
Mon, 07 Sep 2020 08:46:29 GMT
server
nginx
x-powered-by
PleskLin
etag
W/"5f55f365-25a1"
vary
Accept-Encoding
content-type
application/javascript
css
fonts.googleapis.com/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/user/css/main.css?v=36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f10.1e100.net
Software
ESF /
Resource Hash
0136a3f123a1e9b3abff969b246786854e58bd66c321dadec9ee9539ed4ede31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 18 Sep 2021 02:55:08 GMT
server
ESF
date
Sat, 18 Sep 2021 04:50:00 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 18 Sep 2021 04:50:00 GMT
100conso.png
xsmb99.me/user/images/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xsmb99.me/user/images/100conso.png
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/user/css/main.css?v=36
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
3f3cc6491387e3c1eb7ada793afddcd8483c4955b7c24a83449259bd757b22cc

Request headers

:path
/user/images/100conso.png
pragma
no-cache
cookie
XSRF-TOKEN=eyJpdiI6ImNZMHVKU1grRUFEeEcwZTBvSTVmT1E9PSIsInZhbHVlIjoibUltb1NMUTQ2SllIZnJJTE1aN3ZNbGE5VHRjRE0xWWNsYW54M3VSZkZhUmJMQ3NXd2RLTUhiYXJZNENIanBsVyIsIm1hYyI6IjNkMGE5YTRkYmFlZmY2OWIxOWM5ODM4ODhjODYyZTk1NWExYmRiOWY2YTFiZjI3OWNjMzdmN2FlNGJkNmE4OGUifQ%3D%3D; xsmb99me_session=eyJpdiI6IjQ5emNJaE8xbk1Vb2VIYUNLNWNYRHc9PSIsInZhbHVlIjoiNGZ0a2ZBNnRhUTJybXdXKzhicVBlNGxNNEZQb2V4QnhiVnVNSGxoM1A0eksvcEdYT0FEeDVJS3NPOWhPSTRtcSIsIm1hYyI6IjY4ZDZlYzQyN2M3ZGVhYmIzMzdhZWI3YjYyZWU1ZGYyYmQyMGZiZmUxNTc2MmY4MmE3NGZiZGFjMmJjMGNiMGYifQ%3D%3D
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
xsmb99.me
referer
https://xsmb99.me/user/css/main.css?v=36
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/user/css/main.css?v=36
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
last-modified
Thu, 25 Jun 2020 01:59:11 GMT
server
nginx
x-powered-by
PleskLin
etag
"5ef404ef-58cc"
content-type
image/png
accept-ranges
bytes
content-length
22732
marker_felt_thin.ttf
xsmb99.me/user/fonts/ 		114 KB
114 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://xsmb99.me/user/fonts/marker_felt_thin.ttf
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/user/css/main.css?v=36
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.9.77.158 , Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
52c5b8c888454bcb11c4df022b15988bce5eb9b7bef1090774c315f9bdf940de

Request headers

sec-fetch-mode
cors
origin
https://xsmb99.me
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
font
cookie
XSRF-TOKEN=eyJpdiI6ImNZMHVKU1grRUFEeEcwZTBvSTVmT1E9PSIsInZhbHVlIjoibUltb1NMUTQ2SllIZnJJTE1aN3ZNbGE5VHRjRE0xWWNsYW54M3VSZkZhUmJMQ3NXd2RLTUhiYXJZNENIanBsVyIsIm1hYyI6IjNkMGE5YTRkYmFlZmY2OWIxOWM5ODM4ODhjODYyZTk1NWExYmRiOWY2YTFiZjI3OWNjMzdmN2FlNGJkNmE4OGUifQ%3D%3D; xsmb99me_session=eyJpdiI6IjQ5emNJaE8xbk1Vb2VIYUNLNWNYRHc9PSIsInZhbHVlIjoiNGZ0a2ZBNnRhUTJybXdXKzhicVBlNGxNNEZQb2V4QnhiVnVNSGxoM1A0eksvcEdYT0FEeDVJS3NPOWhPSTRtcSIsIm1hYyI6IjY4ZDZlYzQyN2M3ZGVhYmIzMzdhZWI3YjYyZWU1ZGYyYmQyMGZiZmUxNTc2MmY4MmE3NGZiZGFjMmJjMGNiMGYifQ%3D%3D
:path
/user/fonts/marker_felt_thin.ttf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
xsmb99.me
referer
https://xsmb99.me/user/css/main.css?v=36
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://xsmb99.me/user/css/main.css?v=36
Origin
https://xsmb99.me
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
last-modified
Wed, 17 Jun 2020 02:29:44 GMT
server
nginx
x-powered-by
PleskLin
etag
"5ee98018-1c75c"
content-type
application/font-sfnt
accept-ranges
bytes
content-length
116572
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.19.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Origin
https://xsmb99.me
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
553345
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
77160
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-12d68"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NZrtm%2FMzBUqpPpd%2F7ZzYlX7w0rkzZwJxbO39x66D7kHDcwKiv2PEGIm1WDdU6MInyEl8kA3mBH5LbYKnzTMldAY9EGJwm9RHpF3ZGGhd2gG92%2FRbyRPKqFfmXbW%2BraUk5c3yC6vd"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6907f3721d7a412b-PRG
expires
Thu, 08 Sep 2022 04:50:00 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f3.1e100.net
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://xsmb99.me
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 15 Sep 2021 08:46:15 GMT
x-content-type-options
nosniff
age
245025
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Sep 2022 08:46:15 GMT
KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v27/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f3.1e100.net
Software
sffe /
Resource Hash
4e959d9106d846030c0a62de668ec7c5810a3a1282c4f4ca98e1ea0756c75b8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://xsmb99.me
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 13 Sep 2021 11:10:52 GMT
x-content-type-options
nosniff
age
409148
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11860
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:33 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 13 Sep 2022 11:10:52 GMT
KFOmCnqEu92Fr1Mu7WxKOzY.woff2
fonts.gstatic.com/s/roboto/v27/ 		5 KB
5 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu7WxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f3.1e100.net
Software
sffe /
Resource Hash
fb56f0e08adb026eb4e4b28c2fc33b35ce3ddf30a075f9906ec14caff095fa3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://xsmb99.me
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 13 Sep 2021 15:16:46 GMT
x-content-type-options
nosniff
age
394394
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5540
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 13 Sep 2022 15:16:46 GMT
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/ 		253 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
fece609132179152484c9592c0cad0b32ea746fd41546306a38b8556b82d2fb5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
95702
x-xss-protection
0
server
cafe
etag
17553272322223311488
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sat, 18 Sep 2021 04:50:00 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210915/r20190131/ Frame 9DCA 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210915/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210915/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Fri, 17 Sep 2021 12:36:30 GMT
expires
Fri, 01 Oct 2021 12:36:30 GMT
content-type
text/html; charset=UTF-8
etag
13836150016441684253
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4591
x-xss-protection
0
age
58410
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150732184-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
183
date
Sat, 18 Sep 2021 04:46:57 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Sat, 18 Sep 2021 06:46:57 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1593527403&t=pageview&_s=1&dl=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&ul=en-us&de=UTF-8&dt=XSMB%20Thu%202%20%E2%80%93%20K%E1%BA%BFt%20qu%E1%BA%A3%20x%E1%BB%95%20s%E1%BB%91%20mi%E1%BB%81n%20B%E1%BA%AFc%20Th%E1%BB%A9%202%20h%C3%A0ng%20tu%E1%BA%A7n&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1460022501&gjid=471230508&cid=348447157.1631940601&tid=UA-150732184-1&_gid=2141177026.1631940601&_r=1&gtm=2ou9f0&z=1633588460
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://xsmb99.me/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:00 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://xsmb99.me
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie.js
partner.googleadservices.com/gampad/ 		247 B
281 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=xsmb99.me&callback=_gfp_s_&client=ca-pub-9108464640724915&gpid_exp=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
649c308fc3cbf7aff83476736669b0b1eefc8323af8904b65b827ccf91e711eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
207
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
570 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=xsmb99.me
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame DBAE 		240 KB
64 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&adk=1812271804&adf=3025194257&lmt=1631940600&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940600804&bpp=3&bdt=543&idt=88&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2930251097080&frm=20&pv=2&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=105
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
de7fc0eb00b3c2dbca891ace9694b662022da2152777f3efe36ed8cc53f4c80c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9108464640724915&output=html&adk=1812271804&adf=3025194257&lmt=1631940600&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940600804&bpp=3&bdt=543&idt=88&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2930251097080&frm=20&pv=2&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=105
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sat, 18 Sep 2021 04:50:01 GMT
server
cafe
content-length
65048
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Sat, 18-Sep-2021 05:05:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Sat, 18 Sep 2021 04:50:01 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/ 		72 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
24d026371427b41d6d168c5d4c18de465b026afc3907c86c8f3b3bc31bd87467
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27652
x-xss-protection
0
server
sffe
etag
"1631879122047051"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="active-view-scs-read-write-acl"
expires
Sat, 18 Sep 2021 04:50:00 GMT
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/ 		145 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/reactive_library_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
3827f61fb79cfe72886e152f47e32cc6b9e112c40fffbfd254a9828f94ebf65e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53040
x-xss-protection
0
server
cafe
etag
10624087348813358335
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sat, 18 Sep 2021 04:50:01 GMT
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=xsmb99.me
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 18 Sep 2021 04:50:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame A704 		137 KB
41 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
9ea11eb7d07d780d6f99b00a51cb96ad81eb94a432b5124ec10b14ae38d123dd
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMGW8r7ch_MCFbXYuwgdpkgFZw&gqi=-W9FYdPnLJSN7_UP976OqA0&layout=/sadbundle/%24csp%253Der3%24/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMGW8r7ch_MCFbXYuwgdpkgFZw&gqi=-W9FYdPnLJSN7_UP976OqA0&layout=/sadbundle/%24csp%253Der3%24/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sat, 18 Sep 2021 04:50:02 GMT
server
cafe
content-length
42410
x-xss-protection
0
set-cookie
IDE=AHWqTUmi2VtXV2wzjYuYRBeZD5CM2n9GJ53OmNJRP_49XWldsHFRDwwXsgpF1bjSjrE; expires=Mon, 18-Sep-2023 04:50:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Sat, 18 Sep 2021 04:50:02 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 0136 		90 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
2c1537a8ca7eddbd6c7e4ba8303178c302905773173b488477bb2c8303808466
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sat, 18 Sep 2021 04:50:02 GMT
server
cafe
content-length
30804
x-xss-protection
0
set-cookie
IDE=AHWqTUkIql1vUR_zPU22PWoDV0_hz3mVjmskMmsHqMJo0tr3S9cnYFnzNKFVkzoiE6o; expires=Mon, 18-Sep-2023 04:50:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Sat, 18 Sep 2021 04:50:02 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 200F 		430 B
231 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631940601&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1429&idt=2&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280%2C730x280&nras=4&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=clFxt6WWUW&p=https%3A//xsmb99.me&dtd=38
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
5b0719833c75eba5c67572cf69881f3066da63e303d491e8e50c05999b25a0c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=2793536430&adf=662524697&pi=t.aa~a.461124662~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1631940601&rafmt=1&to=qs&pwprc=4678874584&psa=0&format=350x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1429&idt=2&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280%2C730x280&nras=4&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1005&ady=2572&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=clFxt6WWUW&p=https%3A//xsmb99.me&dtd=38
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sat, 18 Sep 2021 04:50:02 GMT
server
cafe
content-length
207
x-xss-protection
0
set-cookie
IDE=AHWqTUkd53FJuqpzychXBLeLVjLgORKxFWzrmRJxmo1SiZl4ra-p5GuaXSSTYk-gvK4; expires=Mon, 18-Sep-2023 04:50:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Sat, 18 Sep 2021 04:50:02 GMT
cache-control
private
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=xsmb99.me
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 18 Sep 2021 04:50:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/ Frame ECF2 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Fri, 17 Sep 2021 12:54:32 GMT
expires
Fri, 01 Oct 2021 12:54:32 GMT
content-type
text/html; charset=UTF-8
etag
13836150016441684253
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4591
x-xss-protection
0
age
57329
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/ Frame 8BD0 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Fri, 17 Sep 2021 12:54:32 GMT
expires
Fri, 01 Oct 2021 12:54:32 GMT
content-type
text/html; charset=UTF-8
etag
13836150016441684253
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4591
x-xss-protection
0
age
57329
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
css2
fonts.googleapis.com/ Frame ECF2 		4 KB
633 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f10.1e100.net
Software
ESF /
Resource Hash
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 18 Sep 2021 02:51:27 GMT
server
ESF
date
Sat, 18 Sep 2021 04:50:01 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 18 Sep 2021 04:50:01 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame ECF2 		205 B
764 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f3.1e100.net
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 02:50:38 GMT
x-content-type-options
nosniff
age
93563
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sat, 17 Sep 2022 02:50:38 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame ECF2 		604 B
695 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f3.1e100.net
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 22:23:58 GMT
x-content-type-options
nosniff
age
23163
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sat, 17 Sep 2022 22:23:58 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/elements/html/ Frame ECF2 		17 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
89e590d44510a10b9602ebffa228e2d8a2f2aeb1acc462b51cd19df5f5434308
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 01:36:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
11597
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7656
x-xss-protection
0
server
cafe
etag
8352096984186353373
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 02 Oct 2021 01:36:44 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame FADB 		624 B
300 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CMnRvNQCEJP9zuICGL2BgbIBMAE&v=APEucNWfjihzFJpRr1U1MaBA_eGJobyvJLxMxoMTPPK5Vlrft61gGD6W_vOhG3uN1mJCN2ys00y_Z2py1dQNLgAMMpOb25eyLw
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/xbbe/pixel?d=CMnRvNQCEJP9zuICGL2BgbIBMAE&v=APEucNWfjihzFJpRr1U1MaBA_eGJobyvJLxMxoMTPPK5Vlrft61gGD6W_vOhG3uN1mJCN2ys00y_Z2py1dQNLgAMMpOb25eyLw
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Sat, 18 Sep 2021 04:50:01 GMT
server
cafe
cache-control
private
content-length
276
x-xss-protection
0
set-cookie
test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUlEVh1OQhkK4-rcrIoXkcMGHghewQ-pDAnxI7daH59UhNNgvZqyCxj9Li3C; expires=Mon, 18-Sep-2023 04:50:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Sat, 18 Sep 2021 04:50:01 GMT
abg_lite_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/ Frame D626 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/abg_lite_fy2019.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 13:48:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
54086
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7612
x-xss-protection
0
server
cafe
etag
7316329070599479730
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 13:48:35 GMT
17101037815218815141
s0.2mdn.net/simgad/ Frame D626 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/17101037815218815141
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
sffe /
Resource Hash
f5bd6118b11ecf1ac6ca42c1617864e58b8bbee26815203f8ac1c6bc4371d867
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 15 Sep 2021 14:02:12 GMT
x-content-type-options
nosniff
age
226069
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21082
x-xss-protection
0
last-modified
Wed, 11 Aug 2021 16:02:56 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 15 Sep 2022 14:02:12 GMT
omrhp_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/elements/html/ Frame D626 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/elements/html/omrhp_fy2019.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
9dff9c5d8bb8ff3117fe17757c275af96ca695dc60d7fb811331cb38815a91a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 13:46:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
54192
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2627
x-xss-protection
0
server
cafe
etag
17449454297928180344
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 13:46:49 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame D626 		0
592 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv8TOznRx-rs-piS5OTIeSVNXUjrRXZ246wKuMNv2JsP6zUsqMxft-qlW1StsI800wJAv_-aUfcW9XmB2X8Cwi0rScL-qCQxIV8Ay0LokFq9KUQE91QVCdqjMVzSOwalmainsIDupLeSh0qssNAEDUXKJG_JKO2Nq7bNV8-X_qUsmG-Q4AlEt_jPRsoDeznycMjD2dKZ7dQ296V40bBhnDN-md3YUG6X7A23xjkIB63RBPYfrvAfpf4yi7cwty_JkFSs1TlCnmo4uP8xtIT0SnpDB6gcMUc-UUP8rtJEfWsFG1k-Bd1oDx_PJBqjShvwMwdOSHcYrVhNN-geOSBf3YCnjmTk1ytp0ZFi5CUQAOJ387XuEttodamBUZkeDHnRYeW_hosmlYoaB7eki_5wX9n7EBP4QLzfO7vOY8qVM60zoBVvMvNv5HjGf2akGGhVAWB4cGyokMBQvqGf-q2OHojuU0FAhr_fz8hGNI9WXsQcDvyDJtP2vTAI9PP0Mamj_4N8J7CdrO0Up6xGyOUqqJZJwq1-BHVGB2WVg8raltT_jIRWKR9jWGht_q5yTCEv9k3tHPSPQj9-RCLeAblgxwsRZkXoIEFyq8ADasGLE9fidymwF5IKyKJN7Alwfpd1kfIfjEKWq22RLsz2bweDZShLujO5bZox_Xa8Q15UFP-QSf_vXrUaQlUGnzt18NccT9HjzTJxCvrcGNcW9OfKCS_7D-fB2ZKS-N7Afy4Smaifd1W0KLRrOutg78MsMTiW3tvzeK6FXE4-9R_NkYQ9zdRaJmpzLiDQ88ysWik1q_kKGQ2oyItarDURlMQJmGqjdA2eB-P6A1WgoA6PVi2qxY_vuUEEeB1SB5KaFwX3sZEAtVCytZgY3MG96S7QVVZ1xfEnhYZNpD2CnvkOxn2wcWZY1VOegXdMh_XQv1wgGD1kw2mdmMUILCm7iw84zXA2pGvo945TY0BmkxFzn9oVqLCOSBEhCbg2rMN_5aL&sai=AMfl-YSfvYhsQXXaxKqV3wNNJsKtMtIoL25YEWUIfuoaObL6wMiLwPyk9-VjFDkQBocGEKGI7ieayR0Q4H7Yhb9RcnbjxJzEIIsSrYawYZYKJUwgK2vKbxwCclPHVtHdjY_wlFGZtPDwuoDp_oTmwMf27UbgtQ58ZJ95heBY-eGS2Q&sig=Cg0ArKJSzJBMe_4iBvbUEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20210913.52113&adurl=
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.180.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s33-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Sat, 18 Sep 2021 04:50:01 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame D626 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 08:58:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
71515
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 17 Sep 2022 08:58:06 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame D626 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/window_focus_fy2019.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 01:15:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12852
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
server
cafe
etag
2275704724217174249
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 02 Oct 2021 01:15:49 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame D626 		128 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
daaaa4101e8414d3c9c0baab3c015599b7e1fa70035268b8ba23ea6790f00bf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39526
x-xss-protection
0
server
sffe
etag
"1631879102694099"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="active-view-scs-read-write-acl"
expires
Sat, 18 Sep 2021 04:50:01 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame D626 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 00:36:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15189
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6211
x-xss-protection
0
server
cafe
etag
18326705275735229343
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 02 Oct 2021 00:36:52 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D626 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AK-QAByUIyHihm4On8ANO9IRB-Jin6VwKNCYBBeQOVhlhI6FMn0PyussWx87ZXSLNRMmFhkfStiO0is412B33yJH9viAoOjjeG868ItMHZMU7V2ug
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/ Frame 783B 		3 KB
578 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f10.1e100.net
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 18 Sep 2021 02:50:57 GMT
server
ESF
date
Sat, 18 Sep 2021 04:50:01 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 18 Sep 2021 04:50:01 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame 783B 		1 KB
857 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 19:53:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
32180
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
830
x-xss-protection
0
server
cafe
etag
3558876194914413708
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 19:53:41 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/ Frame 783B 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 22:44:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21933
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7612
x-xss-protection
0
server
cafe
etag
7316329070599479730
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 22:44:28 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame 783B 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 01:15:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12852
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
server
cafe
etag
2275704724217174249
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 02 Oct 2021 01:15:49 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 783B 		128 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
daaaa4101e8414d3c9c0baab3c015599b7e1fa70035268b8ba23ea6790f00bf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39526
x-xss-protection
0
server
sffe
etag
"1631879102694099"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="active-view-scs-read-write-acl"
expires
Sat, 18 Sep 2021 04:50:01 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame 783B 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 00:36:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15189
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6211
x-xss-protection
0
server
cafe
etag
18326705275735229343
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 02 Oct 2021 00:36:52 GMT
730400e8020df307e81d4efe9cf79fce.js
www.gstatic.com/mysidia/ Frame 783B 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/730400e8020df307e81d4efe9cf79fce.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f3.1e100.net
Software
sffe /
Resource Hash
e359ae3a06ae02c38ba2d09707dee364ab18c64164e7a739eae142294d8dd499
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 09:21:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
156493
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11108
x-xss-protection
0
last-modified
Thu, 16 Sep 2021 09:11:48 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="mysidia"
expires
Wed, 15 Dec 2021 09:21:48 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 7378 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
date
Fri, 17 Sep 2021 08:58:07 GMT
expires
Sat, 17 Sep 2022 08:58:07 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
71514
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame D626 		0
60 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv8TOznRx-rs-piS5OTIeSVNXUjrRXZ246wKuMNv2JsP6zUsqMxft-qlW1StsI800wJAv_-aUfcW9XmB2X8Cwi0rScL-qCQxIV8Ay0LokFq9KUQE91QVCdqjMVzSOwalmainsIDupLeSh0qssNAEDUXKJG_JKO2Nq7bNV8-X_qUsmG-Q4AlEt_jPRsoDeznycMjD2dKZ7dQ296V40bBhnDN-md3YUG6X7A23xjkIB63RBPYfrvAfpf4yi7cwty_JkFSs1TlCnmo4uP8xtIT0SnpDB6gcMUc-UUP8rtJEfWsFG1k-Bd1oDx_PJBqjShvwMwdOSHcYrVhNN-geOSBf3YCnjmTk1ytp0ZFi5CUQAOJ387XuEttodamBUZkeDHnRYeW_hosmlYoaB7eki_5wX9n7EBP4QLzfO7vOY8qVM60zoBVvMvNv5HjGf2akGGhVAWB4cGyokMBQvqGf-q2OHojuU0FAhr_fz8hGNI9WXsQcDvyDJtP2vTAI9PP0Mamj_4N8J7CdrO0Up6xGyOUqqJZJwq1-BHVGB2WVg8raltT_jIRWKR9jWGht_q5yTCEv9k3tHPSPQj9-RCLeAblgxwsRZkXoIEFyq8ADasGLE9fidymwF5IKyKJN7Alwfpd1kfIfjEKWq22RLsz2bweDZShLujO5bZox_Xa8Q15UFP-QSf_vXrUaQlUGnzt18NccT9HjzTJxCvrcGNcW9OfKCS_7D-fB2ZKS-N7Afy4Smaifd1W0KLRrOutg78MsMTiW3tvzeK6FXE4-9R_NkYQ9zdRaJmpzLiDQ88ysWik1q_kKGQ2oyItarDURlMQJmGqjdA2eB-P6A1WgoA6PVi2qxY_vuUEEeB1SB5KaFwX3sZEAtVCytZgY3MG96S7QVVZ1xfEnhYZNpD2CnvkOxn2wcWZY1VOegXdMh_XQv1wgGD1kw2mdmMUILCm7iw84zXA2pGvo945TY0BmkxFzn9oVqLCOSBEhCbg2rMN_5aL&sai=AMfl-YSfvYhsQXXaxKqV3wNNJsKtMtIoL25YEWUIfuoaObL6wMiLwPyk9-VjFDkQBocGEKGI7ieayR0Q4H7Yhb9RcnbjxJzEIIsSrYawYZYKJUwgK2vKbxwCclPHVtHdjY_wlFGZtPDwuoDp_oTmwMf27UbgtQ58ZJ95heBY-eGS2Q&sig=Cg0ArKJSzJBMe_4iBvbUEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=84&vt=11&dtpt=84&dett=2&cstd=0&cisv=r20210913.52113&adurl=
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.180.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s33-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Sat, 18 Sep 2021 04:50:01 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
truncated
/ Frame D626 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
86566804d7a00624257f543834a7ecdebc0573114550241a7506cd462d9905ee

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
rum
dsum-sec.casalemedia.com/ Frame FADB
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENutnzBdJADDNiuRX5luARg&google_cver=1
43 B
1014 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENutnzBdJADDNiuRX5luARg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMnRvNQCEJP9zuICGL2BgbIBMAE&v=APEucNWfjihzFJpRr1U1MaBA_eGJobyvJLxMxoMTPPK5Vlrft61gGD6W_vOhG3uN1mJCN2ys00y_Z2py1dQNLgAMMpOb25eyLw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 18 Sep 2021 04:50:02 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 18 Sep 2021 04:50:02 GMT

Redirect headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:02 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENutnzBdJADDNiuRX5luARg&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame FADB
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUVv.lZFtOCzAIzQNTDvKAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENutnzBdJADDNiuRX5luARg&google_cver=1&google_hm=2
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENutnzBdJADDNiuRX5luARg&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMnRvNQCEJP9zuICGL2BgbIBMAE&v=APEucNWfjihzFJpRr1U1MaBA_eGJobyvJLxMxoMTPPK5Vlrft61gGD6W_vOhG3uN1mJCN2ys00y_Z2py1dQNLgAMMpOb25eyLw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 18 Sep 2021 04:50:02 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 18 Sep 2021 04:50:02 GMT

Redirect headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:02 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENutnzBdJADDNiuRX5luARg&google_cver=1&google_hm=2
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame FADB
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHlj9pZ2AYLSjJ2rG_nkLCM&google_cver=1
43 B
1008 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEHlj9pZ2AYLSjJ2rG_nkLCM&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMnRvNQCEJP9zuICGL2BgbIBMAE&v=APEucNWfjihzFJpRr1U1MaBA_eGJobyvJLxMxoMTPPK5Vlrft61gGD6W_vOhG3uN1mJCN2ys00y_Z2py1dQNLgAMMpOb25eyLw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 18 Sep 2021 04:50:02 GMT
X-Proxy-Origin
216.131.114.114; 216.131.114.114; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
74e50870-c3df-4aa1-98ef-8f215f2de090
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:02 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEHlj9pZ2AYLSjJ2rG_nkLCM&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame FADB
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgxNTk5NDcwODk0Mjc0ODc0NQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgxNTk5NDcwODk0Mjc0ODc0NQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMnRvNQCEJP9zuICGL2BgbIBMAE&v=APEucNWfjihzFJpRr1U1MaBA_eGJobyvJLxMxoMTPPK5Vlrft61gGD6W_vOhG3uN1mJCN2ys00y_Z2py1dQNLgAMMpOb25eyLw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.180.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s33-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:02 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 18 Sep 2021 04:50:02 GMT
X-Proxy-Origin
216.131.114.114; 216.131.114.114; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
04d2fc39-c906-4f06-a288-3e9acbfa811b
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgxNTk5NDcwODk0Mjc0ODc0NQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
pagead2.googlesyndication.com/bg/ Frame 496D 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
sffe /
Resource Hash
62a494a9923421175b500cb5eb72092a71b0fa110c494d4ca6c23c89a9036ce7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 15:42:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
47268
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13243
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 14:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Sat, 17 Sep 2022 15:42:14 GMT
YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
pagead2.googlesyndication.com/bg/ Frame 7378 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
sffe /
Resource Hash
62a494a9923421175b500cb5eb72092a71b0fa110c494d4ca6c23c89a9036ce7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 15:42:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
47268
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13243
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 14:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Sat, 17 Sep 2022 15:42:14 GMT
Sixt_Rent_US_970x250_15p_V3.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/ Frame 01D0 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
07d4d70a13813fdf351402bea20854c1031bf6f3d3e46bc342a1283c6627957e
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sadbundle/$csp%3Der3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
1806
date
Tue, 14 Sep 2021 10:34:32 GMT
expires
Wed, 14 Sep 2022 10:34:32 GMT
last-modified
Wed, 09 Jun 2021 09:53:47 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
age
324930
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ai.aspx
m.exactag.com/ Frame 95A7 		43 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://m.exactag.com/ai.aspx?extProvId=5&extPu=sixt-gaw&extLi=11488657578&rnd=209822247
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
213.202.235.8 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
P3P
policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection
close
X-ET-Monitoring
1
Content-Length
43
Pragma
no-cache
X-ET-Code
0
Last-Modified
Sa, 18 Sep 2021 04:50:02 GMT
Server
Microsoft-IIS/8.5
Date
Sat, 18 Sep 2021 04:50:02 GMT
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Cache-Control
private
Access-Control-Allow-Credentials
true
X-ET-Camp
1751
Access-Control-Allow-Headers
*
Expires
Mon, 26 Jul 1997 05:00:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 95A7 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CNaQz-W9FYYG2LbWx7_UPppGVuAbwoOOeZdDU3enZDZaCzYWIFhABIOOxm31gyQagAYX58fsDyAEJqQIYQynVuKuzPqgDAcgDSKoEtQFP0KCCBgPpawFkpym6QJ6F3KrlwEzhPMUoL580kESbo3OHCF4illvK9SubghALRqwWGpQoiWGeQbly_ePHTEJ2VhYVSKzLvyZbd0hFC2TSkFf82VsBRWOZ8RGlqIT9Xuoi-34BThJwRENTD0Kv8g2gNgXA1vDeFPM38jcjMEfCL5Kl42swlH_xkh6EI0vOqxJZgLMAMvzia_ZP3DubuSFQFJXlD_pseADHC7S2LZa3zKWEdE1IwATYq_yvowOSBQQIBBgBkgUECAUYBKAGLoAHreWhMqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwDyBwMQk0LSCAcIgGEQARgfgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTkxMDg0NjQ2NDA3MjQ5MTUYAA&sigh=nVid2hErAls&template_id=419
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Sat, 18 Sep 2021 04:50:02 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/ Frame 95A7 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 22:44:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21934
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7612
x-xss-protection
0
server
cafe
etag
7316329070599479730
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 22:44:28 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame 95A7 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 01:15:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12853
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
server
cafe
etag
2275704724217174249
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 02 Oct 2021 01:15:49 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 95A7 		128 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
daaaa4101e8414d3c9c0baab3c015599b7e1fa70035268b8ba23ea6790f00bf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39526
x-xss-protection
0
server
sffe
etag
"1631879102694099"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="active-view-scs-read-write-acl"
expires
Sat, 18 Sep 2021 04:50:02 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame 95A7 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 00:36:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15190
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6211
x-xss-protection
0
server
cafe
etag
18326705275735229343
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 02 Oct 2021 00:36:52 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame DF56 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
safe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/s?v=r20120211
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
accept-encoding
gzip, deflate, br
cookie
IDE=AHWqTUkIql1vUR_zPU22PWoDV0_hz3mVjmskMmsHqMJo0tr3S9cnYFnzNKFVkzoiE6o
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Sat, 18 Sep 2021 04:02:16 GMT
server
safe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2866
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
css
fonts.googleapis.com/ Frame 0136 		3 KB
578 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f10.1e100.net
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 18 Sep 2021 02:53:40 GMT
server
ESF
date
Sat, 18 Sep 2021 04:50:02 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 18 Sep 2021 04:50:02 GMT
gen_csp
pagead2.googlesyndication.com/pagead/ Frame 95A7 		0
20 B 		Other
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMGW8r7ch_MCFbXYuwgdpkgFZw&gqi=-W9FYdPnLJSN7_UP976OqA0&layout=/sadbundle/%24csp%253Der3%24/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame 0136 		1 KB
857 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 19:53:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
32181
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
830
x-xss-protection
0
server
cafe
etag
3558876194914413708
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 19:53:41 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/ Frame 0136 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 22:44:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21934
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7612
x-xss-protection
0
server
cafe
etag
7316329070599479730
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 01 Oct 2021 22:44:28 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame 0136 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 01:15:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12853
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
server
cafe
etag
2275704724217174249
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 02 Oct 2021 01:15:49 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 0136 		128 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
daaaa4101e8414d3c9c0baab3c015599b7e1fa70035268b8ba23ea6790f00bf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39526
x-xss-protection
0
server
sffe
etag
"1631879102694099"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="active-view-scs-read-write-acl"
expires
Sat, 18 Sep 2021 04:50:02 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/ Frame 0136 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210913/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 00:36:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15190
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6211
x-xss-protection
0
server
cafe
etag
18326705275735229343
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 02 Oct 2021 00:36:52 GMT
8b8c639f95e935c054a6465040a495ee.js
www.gstatic.com/mysidia/ Frame 0136 		26 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/8b8c639f95e935c054a6465040a495ee.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f3.1e100.net
Software
sffe /
Resource Hash
42dc9aece188c290c3303813e9f91c1d596f1267899f3b3357280be43c16ab53
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 10:45:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
324260
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10883
x-xss-protection
0
last-modified
Wed, 08 Sep 2021 20:25:28 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="mysidia"
expires
Mon, 13 Dec 2021 10:45:42 GMT
exitapi-impl.js
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 01D0 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 13:46:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
54199
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3271
x-xss-protection
0
server
cafe
etag
7483759447172721109
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sat, 18 Sep 2021 13:46:43 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 01D0 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 13:46:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
54193
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sat, 18 Sep 2021 13:46:49 GMT
createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 01D0 		186 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
sffe /
Resource Hash
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49100
x-xss-protection
0
last-modified
Wed, 16 Mar 2016 13:51:35 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 18 Sep 2021 04:50:02 GMT
Sixt_Rent_US_970x250_15p_V3.js
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/ Frame 01D0 		78 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
90feac61b189ebbd6d663e4b721145e029f56e9661effc8f823b3d9b393dc278
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
450483
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13091
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 09:53:47 GMT
server
sffe
date
Sun, 12 Sep 2021 23:41:59 GMT
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 12 Sep 2022 23:41:59 GMT
truncated
/ Frame 95A7 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eb7f7b6200429409ecd9969e7174c6f34f298abe58eb36ffb541b61a38793b5a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
downsize_200k_v1
tpc.googlesyndication.com/simgad/5408436835128649178/ Frame 0136 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/5408436835128649178/downsize_200k_v1?w=400&h=209
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
342be33f71b729d5a22a5179cb7ad1226d766e46c619a226f3c19bf31281bae6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 12 Sep 2021 12:20:54 GMT
x-content-type-options
nosniff
age
491348
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19131
x-xss-protection
0
last-modified
Wed, 17 Apr 2019 09:42:13 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 12 Sep 2022 12:20:54 GMT
truncated
/ Frame 0136 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
adview
googleads.g.doubleclick.net/pagead/ Frame 0136 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CwRMA-W9FYYr1LbCI7_UP3ci9uA7k0qz5YuSK8fPFC7_hHhABIOOxm31gyQagAd7T3_0DyAEJqAMByAPLBKoEsgFP0HFne6tTZzMZ6geZ-IRwTlXA3jWFQhKkpI1xCreXe5rKnFb6cHkupzrzVhqxxpeAsrZBQo-Tu-UpOU5wPR3q9AfjPCAMk3-DOvd0aGFB3SrRPN0j_QIIu_ezuOlMyjxGlt5grwMmUBPKisXof2SocCCn3kl7xoqqu1pT9IYUnYi92WYDnr_h0LQxkKdaBeN3wq2y9d5LRz8dmcVReKp1Ru4XsMtQlTkeBdaoIWZMwBIrwATO4oeu8gGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHiqygAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwDyBwQQxZoB0ggHCIBhEAEYH4AKAcgLAbgTiCfYEwyIFALQFQGYFgGAFwGyFxwKGggAEhRwdWItOTEwODQ2NDY0MDcyNDkxNRgA&sigh=YHVkx_-7Om8&template_id=5000
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Sat, 18 Sep 2021 04:50:02 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 7378 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1-PR-G9FYaq1OvmI7_UPqv238A8AAAAAOAHgBAI&bg=!w8ClwITNAAaUnz4elJ87ACkAdvg8WiLdvTA9t71C_uI_amNqYCw6-9xEeTNlrfB50ExCqeV15LWozwIAAADcUgAAAEFoAQeZAsMe3rMpbdidHOef6BqJscFNx7bOXjhV2sZYZIggWZsUMsT4jwqb3OkEFkcz3BUbA0qVqLJiZVil1m_PWJZF5kUnSmzJdUqdkxV8PlgLvfYv6XzZqGkWotlSYR9zX9XCuiBnvtJzgLEOJ_yt8hQlvP25Fj3z4wPZRnRjQ67OSqgalNBL8xUd8XM9VIt9eWOOpJ51aefOIm_ky9sU7LB9m94r4rTIgtOOjAVH1ek4GfaWNR4yILOs-_9BeaUbWL8Rq73UJfAZ-OESfIlWmhZok2vsLGJM0_tYSVyJQqBiN87Zdr2G6wVVCxwLOU8cyBWRjL01ZvA-BnH3NPSK61W_koNluk4KQ6XESVi8QenGzuZUlGGFP1bSu-HimNr2ejJriuxXDGwLNCd0DSJPKWtbTujBPmmrRdxHbhcU45QFN_OfWiLPvHoABsn6IEe7lVKAKFJNcfLIdbXydDZC3MhZyBYL_jqxBruElkXBCUPenzi2T7QiDPE-sBFuAnoNwEZKxuu3nPsFOlRYzTDozGZJV52mZh5r69zYZpzk5lzUeUPeBwKBL4c5awMQo89qlT22YGxMeuf-WqUzmqLuhsVgcESv560LRc3VLofBenzTTgScmpZ6_9E98eyuudliEYhK63Q_MoLsUxNkdjI6oAOnhTEg-tqG7sWu0AXSCmblz0QQszFZuOvjM84lbi1h2BCJfr8EDAFGVtih4nkRODl0uizV0zzL69cv3eTMcTrIpJsnUkFjfeErCpg4aMR5lLDOF9JfT_5sWcZb9brRwTRPnhqmgrs1fHvH6U9fZZ2GDM6MuiS1BvGgdQG-fkHIw0aDC9iP-cd2X4zcvjf7mprqXNifRLa-bzxIxFZJLJGLdUJY5YLknAo8Rfg_uf7ub01UerRq_OLbZoWUoT9atyeny-138BMIwmIvhJDL2YGvHGpLcdpbiQ
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 54D6 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
pagead2.googlesyndication.com
:scheme
https
:path
/pagead/s/cookie_push_onload.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Fri, 17 Sep 2021 21:06:15 GMT
expires
Sat, 18 Sep 2021 21:06:15 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
age
27827
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 0136 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0868f5c92aed87160f04c7a3f78b8a398dc4ed1539d6fdc8c26b957c5694bee0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 0136 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f3.1e100.net
Software
sffe /
Resource Hash
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 13 Sep 2021 19:46:29 GMT
x-content-type-options
nosniff
age
378213
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21660
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:07:18 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 13 Sep 2022 19:46:29 GMT
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 0136 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f3.1e100.net
Software
sffe /
Resource Hash
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 09:22:53 GMT
x-content-type-options
nosniff
age
70029
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21424
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:08:24 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 17 Sep 2022 09:22:53 GMT
Sixt_Rent_US_970x250_15p_V3_atlas_P_.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/images/ Frame 01D0 		83 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/images/Sixt_Rent_US_970x250_15p_V3_atlas_P_.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
ec63aeb681d50e9ade80c6da85b30883f9436be957972b1141bdd69023fb6257
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
210281
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
85023
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 09:53:47 GMT
server
sffe
date
Wed, 15 Sep 2021 18:25:21 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 15 Sep 2022 18:25:21 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame DF56
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
safe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/si?st=NO_DATA
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
cookie
IDE=AHWqTUkIql1vUR_zPU22PWoDV0_hz3mVjmskMmsHqMJo0tr3S9cnYFnzNKFVkzoiE6o
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Sat, 18 Sep 2021 04:50:02 GMT
server
safe
content-length
0
x-xss-protection
0
set-cookie
DSID=NO_DATA; expires=Sat, 18-Sep-2021 05:50:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Sat, 18 Sep 2021 04:50:02 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Sat, 18 Sep 2021 04:50:02 GMT
server
safe
content-length
257
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
dpixel
cms.quantserve.com/ Frame 54D6 		35 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKNUwi9jio0dpcc-zJD_LuE&google_cver=1&google_push=AYg5qPJgh5f2Pfj6aJ_IH3xfOb8qYLezWs5YXagHmUtem-8JjnwacJ9qRme0MnCFi8Nc-JfV-Y7OKMz0js9YOu3ase7l33zBow
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.198 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:02 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 54D6
Redirect Chain
  • https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPL2E81NjKj0f_yyO_2wvMHpIZcspgmAVrhrOoG...
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVVWdkBnQUFBT29mdDJvbg&google_push=AYg5qPL2E81NjKj0f_yyO_2wvMHpIZcspgmAVrhrOoGJPbIUi4KrvSuk03tPUcOUF47fxPCA_umnK9jcpQNYpF9rNVkv3j80xQ
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVVWdkBnQUFBT29mdDJvbg&google_push=AYg5qPL2E81NjKj0f_yyO_2wvMHpIZcspgmAVrhrOoGJPbIUi4KrvSuk03tPUcOUF47fxPCA_umnK9jcpQNYpF9rNVkv3j80xQ
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.180.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s33-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:02 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVVWdkBnQUFBT29mdDJvbg&google_push=AYg5qPL2E81NjKj0f_yyO_2wvMHpIZcspgmAVrhrOoGJPbIUi4KrvSuk03tPUcOUF47fxPCA_umnK9jcpQNYpF9rNVkv3j80xQ
Date
Sat, 18 Sep 2021 04:50:02 GMT
Server
Apache
Connection
keep-alive
Content-Length
389
Content-Type
text/html; charset=iso-8859-1
sync
odr.mookie1.com/t/v2/ Frame 54D6 		43 B
608 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://odr.mookie1.com/t/v2/sync?tagid=V2_4530&src.visitorid=CAESEEFhTkQE_no_0iEo5jNAFBU&google_cver=1&google_push=AYg5qPI3Wxk7SkzQN2vS_JBK_k_feaD-CDWYW4B2iqhaF9X7R7Xge15KwLq345UatiiSqE9uHh4m2A0J16of52oCLG4ab-IHsg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
61.67.98.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:02 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
clear
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 54D6
Redirect Chain
  • https://rtb.openx.net/sync/dds?google_gid=CAESELMJi-zUlMSVyRFHLSClnok&google_cver=1&google_push=AYg5qPLFvEtkjxNpfT-u8jzcG1yA8DQ9c5AiWebwiw7ki0k-JhfdGz35srJUrbJXtMH0-jdRNhUifxsV8VK61vnfQPug3axBzg
  • https://rtb.openx.net/sync/dds?google_gid=CAESELMJi-zUlMSVyRFHLSClnok&google_cver=1&google_push=AYg5qPLFvEtkjxNpfT-u8jzcG1yA8DQ9c5AiWebwiw7ki0k-JhfdGz35srJUrbJXtMH0-jdRNhUifxsV8VK61vnfQPug3axBzg&ox...
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLFvEtkjxNpfT-u8jzcG1yA8DQ9c5AiWebwiw7ki0k-JhfdGz35srJUrbJXtMH0-jdRNhUifxsV8VK61vnfQPug3axBzg&google_hm=mQZtID9rwRQmKUUoD-vg3A==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLFvEtkjxNpfT-u8jzcG1yA8DQ9c5AiWebwiw7ki0k-JhfdGz35srJUrbJXtMH0-jdRNhUifxsV8VK61vnfQPug3axBzg&google_hm=mQZtID9rwRQmKUUoD-vg3A==
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.180.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s33-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:02 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:02 GMT
via
1.1 google
server
Cowboy
access-control-allow-origin
null
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLFvEtkjxNpfT-u8jzcG1yA8DQ9c5AiWebwiw7ki0k-JhfdGz35srJUrbJXtMH0-jdRNhUifxsV8VK61vnfQPug3axBzg&google_hm=mQZtID9rwRQmKUUoD-vg3A==
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
0
x-request-id
ka6pkfmcicvsqdcgenjmp9l393htpj3k
pixel
cm.g.doubleclick.net/ Frame 54D6
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJE-3G4lndmnDwZQgqDZFUo&google_cver=1&google_push=AYg5qPL8ocuh3D5bL-3f9fsaZT5OZRqWt-6kSMVRcRatwD2Ugr7f0erqyBzbmEGiVFdSUz_28yJ...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RQQkFSWVItMjItRVBWSw==&google_push=AYg5qPL8ocuh3D5bL-3f9fsaZT5OZRqWt-6kSMVRcRatwD2Ugr7f0erqyBzbmEGiVFdSUz_28yJxezlNg9qKSXelDjWY5Df8yA
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RQQkFSWVItMjItRVBWSw==&google_push=AYg5qPL8ocuh3D5bL-3f9fsaZT5OZRqWt-6kSMVRcRatwD2Ugr7f0erqyBzbmEGiVFdSUz_28yJxezlNg9qKSXelDjWY5Df8yA
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.180.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s33-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:02 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RQQkFSWVItMjItRVBWSw==&google_push=AYg5qPL8ocuh3D5bL-3f9fsaZT5OZRqWt-6kSMVRcRatwD2Ugr7f0erqyBzbmEGiVFdSUz_28yJxezlNg9qKSXelDjWY5Df8yA
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Expires
0
pixel
cm.g.doubleclick.net/ Frame 54D6
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nK...
0
0
/
cc.adingo.jp/adx/push/ Frame 54D6 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cc.adingo.jp/adx/push/?google_gid=CAESEB8tCf5uBzsY0KOTYEGAgtk&google_cver=1&google_push=AYg5qPLHrpneG3Np3uFFGjO7cFjSA9qxV2d7XAYhBFW1lESZreP5Xf0eS4xnsB6Y6i75nIYg6H0VimoqOs5wGsyn66Z3VC0hSQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.199.44.14 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-199-44-14.ap-northeast-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:03 GMT
server
awselb/2.0
attr
cm.g.doubleclick.net/pixel/ Frame 54D6 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I5-7F38TbZKUPXTQXtOb8H5giZ0ApzWFfIxAvAeJQMGgbdCRffKwFhkt5AVXHsdn-ZLlNB
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.180.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s33-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:02 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
pagead2.googlesyndication.com/bg/ Frame 01D0 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
sffe /
Resource Hash
62a494a9923421175b500cb5eb72092a71b0fa110c494d4ca6c23c89a9036ce7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 15:42:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
47268
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13243
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 14:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Sat, 17 Sep 2022 15:42:14 GMT
YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
pagead2.googlesyndication.com/bg/ Frame 67BA 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=3065233903&pi=t.aa~a.585548709~i.57~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0%2C730x280&nras=3&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=4300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=6Uut3eFOMV&p=https%3A//xsmb99.me&dtd=34
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
sffe /
Resource Hash
62a494a9923421175b500cb5eb72092a71b0fa110c494d4ca6c23c89a9036ce7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 15:42:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
47268
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13243
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 14:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Sat, 17 Sep 2022 15:42:14 GMT
Sixt_Rent_US_970x250_15p_V3_atlas_NP_.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/images/ Frame 01D0 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18290586838335474551/images/Sixt_Rent_US_970x250_15p_V3_atlas_NP_.jpg
Requested by
Host: xsmb99.me
URL: https://xsmb99.me/xsmb-thu-2.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
a6384f8cbae65e3e666eb13d356368e30532c0acfa19f4462e06e09a7c30aa5c
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
424926
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16340
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 09:53:47 GMT
server
sffe
date
Mon, 13 Sep 2021 06:47:56 GMT
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 13 Sep 2022 06:47:56 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210915&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
7ba1b34795d87351ed9a31fec7bf21402b58c66c8dfaa25d3d23c9fc47206350
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 18 Sep 2021 04:50:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8567
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 18 Sep 2021 04:50:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 18 Sep 2021 04:50:02 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 3593 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Fri, 17 Sep 2021 16:46:43 GMT
expires
Sat, 17 Sep 2022 16:46:43 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
43399
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 8E1C 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f4.1e100.net
Software
GSE /
Resource Hash
79525113115b88dcc24631c850ac89bfdcd990f49965f470e04b249d52909da7
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-1O5S1INzqMcec7vzz8vPVA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://xsmb99.me/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy-report-only
require-corp; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Sat, 18 Sep 2021 04:50:02 GMT
date
Sat, 18 Sep 2021 04:50:02 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-1O5S1INzqMcec7vzz8vPVA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
pagead2.googlesyndication.com/bg/ Frame 3593 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/YqSUqZI0IRdbUAy163IJKnGw-hEMSU1MpsI8iakDbOc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
sffe /
Resource Hash
62a494a9923421175b500cb5eb72092a71b0fa110c494d4ca6c23c89a9036ce7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 15:42:14 GMT
content-encoding
br
x-content-type-options
nosniff
age
47268
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13243
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 14:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Sat, 17 Sep 2022 15:42:14 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 8E1C 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210915&jk=1371442369481918&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210915&jk=1371442369481918&bg=!ExClEFTNAAaUnz4elJ87ACkAdvg8WrzRSpcYCWPRdDMQ0PS23DaR6kewuNGxU7PovOmvakZYWgrEhgIAAAB4UgAAAAxoAQcKAGiQ93ThY6y0LDZNjw_4UMRKaAO1FsN72bqpG2IBZV45F60qR-AtnxPz6Dda3bc5ey84dJYekBt7o3G-KUj3a4vcKmLMtt8sYk3hbmb6hiBblLwoWkwpP7vc2F5QIn6vnwH9UGkB6jTojJkCc0pdgvJOaOb4Xh1TFh96EOjlEtGSjhmgmra1oAPcY6SnGId6UsMOZrEJrxlABfHqZc0CuKlVCgnwzt0TTwiTjs9s9NonhF38BWWsTr6wwnnNbJGOjp7W60ETuE4xorn2GSDy_leMiN9oLTlB9if9SHk6zoFoM3JywiVDaz90Ki2tqSQ2wqcwHg_bS-XqhzgUYeoVVU6J8DKgbWNwJDht62-vJXdxW5A7kK8fMKDbVe5lIzcdImKOSjgQCFys9maEBkOuxl1QW1a-Lh4Guj8YWtjd1jbZhAKoSUjwZbTGglUKpJgklJBXtwDu8fuKLzExgY3E77UKu6iX5rkQARMWW__JFjx6Lt3HsFtG1Oaf_rgnPQjD_oAoVOJUWY7MxtmG9TBB0sAlsisUTIy18PxwQKULvCr1RgDwFJ1raLNeOQxIzQNzu67o0L7USIfz32R5O-dPz806Pjo876tLQjwLcw14-GNR5aYonG0iZUsUUTN3Gdj75kUrMN7wXyzRAUh2LW6w6vHWU8Yw4A13iBS3VSoGlEbXIeYjzSMBg1F5C9CWOaZo0iejYE8VcsdndxzEpzl2KC7nc13qcXZL7o7qdiZPL7LuW3ssNIlQzpYTyicXXo4Wl9_jJkR_QXst8OG9yEFn9UKBE3X2qTt8qV2qGLc95NQIXOTkDK5gwv3HWxUbAsvS3IXPUhn6UayevD54DtGsEONQNSzMFWD4T4ItEIMX6fI4Duq9kb6fqCfWA2sW-0sPj7M8HHkKdWYrMBQ5saUq1OduaVyWKB3DW0Vq0l71x0zZpYqsYKK-RFrXpLWRORmYYxD66rWNTKmLD5ak0VWhJg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xsmb99.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
activeview
pagead2.googlesyndication.com/pcs/ Frame D626 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsthw4bfWaoeaY3Wl0UMcTmNRfNMlzhSEBkP9AjcSlqLpQ4Cu7QmZCKnkQbkZ6NSbd0T1yUpaLweywAdY7Et28GtaVjXlQrUpxAihbCUojq0L_X4T8c&sai=AMfl-YQAHfcO5LbsPdJ7VCmf1EFF8ENkybmA8tKPaRsNfMLbbLsqWQEddg8q3u2z_ahpr2AT6WEkvsdRQv-u&sig=Cg0ArKJSzIbziFh96HfqEAE&cid=CAASBORoYx8&id=lidar2&mcvt=1001&p=1110,298,1204,1026&mtos=0,917,1001,1001,1001&tos=0,917,84,0,0&v=20210917&bin=7&avms=nio&bs=0,0&mc=0.76&if=1&app=0&itpl=20&adk=1812271801&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&eosm=0&rst=1631940601811&rpt=423&r=v
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 18 Sep 2021 04:50:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| onbeforexrselect boolean| originAgentCluster function| gtag object| dataLayer object| google_tag_manager object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map string| google_user_agent_client_hint object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_persistent_state_async object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken object| google_prev_clients object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| google_llp number| google_lpabyc object| googletag function| $ function| jQuery function| Popper object| bootstrap function| notify object| GoogleGcLKhOms object| google_image_requests

26 Cookies

Domain/Path Name / Value
cutt.ly/ Name: PHPSESSID
Value: 2f15nd1k7h2k535vi4jguu51f9
xsmb99.me/ Name: XSRF-TOKEN
Value: eyJpdiI6ImNZMHVKU1grRUFEeEcwZTBvSTVmT1E9PSIsInZhbHVlIjoibUltb1NMUTQ2SllIZnJJTE1aN3ZNbGE5VHRjRE0xWWNsYW54M3VSZkZhUmJMQ3NXd2RLTUhiYXJZNENIanBsVyIsIm1hYyI6IjNkMGE5YTRkYmFlZmY2OWIxOWM5ODM4ODhjODYyZTk1NWExYmRiOWY2YTFiZjI3OWNjMzdmN2FlNGJkNmE4OGUifQ%3D%3D
xsmb99.me/ Name: xsmb99me_session
Value: eyJpdiI6IjQ5emNJaE8xbk1Vb2VIYUNLNWNYRHc9PSIsInZhbHVlIjoiNGZ0a2ZBNnRhUTJybXdXKzhicVBlNGxNNEZQb2V4QnhiVnVNSGxoM1A0eksvcEdYT0FEeDVJS3NPOWhPSTRtcSIsIm1hYyI6IjY4ZDZlYzQyN2M3ZGVhYmIzMzdhZWI3YjYyZWU1ZGYyYmQyMGZiZmUxNTc2MmY4MmE3NGZiZGFjMmJjMGNiMGYifQ%3D%3D
.xsmb99.me/ Name: _ga
Value: GA1.2.348447157.1631940601
.xsmb99.me/ Name: _gid
Value: GA1.2.2141177026.1631940601
.xsmb99.me/ Name: _gat_gtag_UA_150732184_1
Value: 1
.xsmb99.me/ Name: __gads
Value: ID=e68127347c1bc599-223d774a38c90053:T=1631940600:RT=1631940600:S=ALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w
.xsmb99.me/ Name: __gpi
Value: 00000000-0000-0000-0000-000000000000&eHNtYjk5Lm1l&Lw==
.adnxs.com/ Name: uuid2
Value: 6815994708942748745
.casalemedia.com/ Name: CMID
Value: YUVv.lZFtOCzAIzQNTDvKAAA
.casalemedia.com/ Name: CMPS
Value: 3165
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2Ilbx9?%v!]tbPl1M>e)ZlrFUfJ+tGXxo3>9tL[TebMS>R5Zi?6C6UCJKu%^NDDA?sP`0*bpRz*qF1`*b_jW*0+Cu
.casalemedia.com/ Name: CMPRO
Value: 1145
.casalemedia.com/ Name: CMST
Value: YUVv+mFFb-oA
.casalemedia.com/ Name: CMRUM3
Value: 2d61456ffa2760CAESENutnzBdJADDNiuRX5luARg
.doubleclick.net/ Name: IDE
Value: AHWqTUkIql1vUR_zPU22PWoDV0_hz3mVjmskMmsHqMJo0tr3S9cnYFnzNKFVkzoiE6o
m.exactag.com/ Name: exactag_new_gk
Value: 722cad8332b246c9b1fc5d193e34e072%7c17.11.2021+04%3a50%3a02
m.exactag.com/ Name: exactag_new_uk
Value: c8eda1167c4d4505a1be57bc430967b6%7c
m.exactag.com/ Name: session_session
Value: f78ad12ba87748efb97a9084
.mookie1.com/ Name: id
Value: 10809905744370018541
.mookie1.com/ Name: mdata
Value: 1|10809905744370018541|1631940602630
.mookie1.com/ Name: ov
Value: f835a8f8bd8cde97ef57560ac433be43
.quantserve.com/ Name: d
Value: EB8BCQGjJIEA
.quantserve.com/ Name: mc
Value: 61456ffa-9adc3-3a774-83f6c
.openx.net/ Name: i
Value: 95fcd845-3f6a-47cd-9a8b-c177b8d5e99b|1631940602
.doubleclick.net/ Name: DSID
Value: NO_DATA

3 Console Messages

Source Level URL
Text
security error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
Message:
Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html".
security error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9108464640724915&output=html&h=280&adk=3879918379&adf=1425483003&pi=t.aa~a.585548709~i.31~rp.4&w=730&fwrn=4&fwrnh=100&lmt=1631940601&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4678874584&psa=0&ad_type=text_image&format=730x280&url=https%3A%2F%2Fxsmb99.me%2Fxsmb-thu-2.html&flash=0&fwr=0&pra=3&rh=183&rw=730&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631940601691&bpp=2&bdt=1430&idt=-M&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De68127347c1bc599-223d774a38c90053%3AT%3D1631940600%3ART%3D1631940600%3AS%3DALNI_MaOu5tC8JnvQ_tVo-OLJcE5Xeq76w&gpic=00000000-0000-0000-0000-000000000000&prev_fmts=0x0&nras=2&correlator=2930251097080&frm=20&pv=1&ga_vid=348447157.1631940601&ga_sid=1631940601&ga_hid=1593527403&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=245&ady=2965&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C31062370&oid=3&pvsid=1371442369481918&pem=675&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CSqlEgo4HW&p=https%3A//xsmb99.me&dtd=27
Message:
Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/18290586838335474551/Sixt_Rent_US_970x250_15p_V3.html".
network error URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUVv-lZFtOCzAIzQNTDvKAAABHkAAAIB&google_push=AYg5qPIqhel9_vJMIegqrWHPnLmXwXEm_LIQkofT_nCiytYgVHCqdWO17xdPZf2nfMWYAL9JHtTziHjI0LW4Ojq0nKBFdjaxBQ&google_gid=CAESEGolRokLo7D-LdbX1LGKvlQ&google_cver=1
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
cc.adingo.jp
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
cutt.ly
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
m.exactag.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.rubiconproject.com
rtb.openx.net
s0.2mdn.net
stackpath.bootstrapcdn.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
xsmb99.me
cm.g.doubleclick.net
103.9.77.158
104.16.19.94
104.18.10.207
104.22.0.232
142.250.180.194
142.250.184.194
142.250.184.202
142.250.184.227
142.250.185.110
142.250.185.134
142.250.185.194
142.250.185.200
142.250.185.225
142.250.185.66
142.250.186.68
142.250.186.98
2.18.234.21
213.202.235.8
34.98.67.61
35.227.252.103
37.252.172.250
52.199.44.14
63.32.201.39
69.173.144.139
91.228.74.198
0136a3f123a1e9b3abff969b246786854e58bd66c321dadec9ee9539ed4ede31
057d84a94b4b110faddc611c95a8bd44af3b3f4ce131250a1634c20cb3fca53d
07d4d70a13813fdf351402bea20854c1031bf6f3d3e46bc342a1283c6627957e
0868f5c92aed87160f04c7a3f78b8a398dc4ed1539d6fdc8c26b957c5694bee0
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
2360f1c5ffe67a2c07953ca34424848978014440f2f41157dca411f96865bdf9
24d026371427b41d6d168c5d4c18de465b026afc3907c86c8f3b3bc31bd87467
2c1537a8ca7eddbd6c7e4ba8303178c302905773173b488477bb2c8303808466
2e53746b427784c9032ced6685c330cbe18831b21157b92f287c78a02c4da312
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
342be33f71b729d5a22a5179cb7ad1226d766e46c619a226f3c19bf31281bae6
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
3827f61fb79cfe72886e152f47e32cc6b9e112c40fffbfd254a9828f94ebf65e
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295
3f3cc6491387e3c1eb7ada793afddcd8483c4955b7c24a83449259bd757b22cc
423fb3104bee6c447894ee65db4d1cdd47ee7c13ac293829b20254d3fb770a85
42dc9aece188c290c3303813e9f91c1d596f1267899f3b3357280be43c16ab53
49880c9128857dd1dfb0408125209d076b22591095f1ab98e6caa341df5690c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e959d9106d846030c0a62de668ec7c5810a3a1282c4f4ca98e1ea0756c75b8e
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
52c5b8c888454bcb11c4df022b15988bce5eb9b7bef1090774c315f9bdf940de
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
5b0719833c75eba5c67572cf69881f3066da63e303d491e8e50c05999b25a0c0
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
62a494a9923421175b500cb5eb72092a71b0fa110c494d4ca6c23c89a9036ce7
649c308fc3cbf7aff83476736669b0b1eefc8323af8904b65b827ccf91e711eb
67aa0ea54160c6fe82fff6a797329287b02d9cc876bb8430dd321c1e3ab03572
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
79525113115b88dcc24631c850ac89bfdcd990f49965f470e04b249d52909da7
7ba1b34795d87351ed9a31fec7bf21402b58c66c8dfaa25d3d23c9fc47206350
86566804d7a00624257f543834a7ecdebc0573114550241a7506cd462d9905ee
89e590d44510a10b9602ebffa228e2d8a2f2aeb1acc462b51cd19df5f5434308
8e62733b1b3855209abb304a0cf8415bef734546ddaa25523c24c7109ca83085
90feac61b189ebbd6d663e4b721145e029f56e9661effc8f823b3d9b393dc278
94dcbfd217ebcabb12fcd3012f9e2f098bd9f2a2bbd89fb6a1c3596258372f26
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9dff9c5d8bb8ff3117fe17757c275af96ca695dc60d7fb811331cb38815a91a6
9ea11eb7d07d780d6f99b00a51cb96ad81eb94a432b5124ec10b14ae38d123dd
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a6384f8cbae65e3e666eb13d356368e30532c0acfa19f4462e06e09a7c30aa5c
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
d9fca4eb7997f7c7bd329252b09ba2a45e97dea35730d5ec7215cbb7d62ac3ab
daaaa4101e8414d3c9c0baab3c015599b7e1fa70035268b8ba23ea6790f00bf3
dbd934625879ee54a986a2a0d98816c0d8cb4c9f1b87c444489ef3f6d61af985
de7fc0eb00b3c2dbca891ace9694b662022da2152777f3efe36ed8cc53f4c80c
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
e359ae3a06ae02c38ba2d09707dee364ab18c64164e7a739eae142294d8dd499
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e875d4d6c3c7d55d600010273ca65cc1af9278146668d76a80159819fa24b3e2
eb7f7b6200429409ecd9969e7174c6f34f298abe58eb36ffb541b61a38793b5a
ec63aeb681d50e9ade80c6da85b30883f9436be957972b1141bdd69023fb6257
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5bd6118b11ecf1ac6ca42c1617864e58b8bbee26815203f8ac1c6bc4371d867
fb56f0e08adb026eb4e4b28c2fc33b35ce3ddf30a075f9906ec14caff095fa3c
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fece609132179152484c9592c0cad0b32ea746fd41546306a38b8556b82d2fb5