www.buhoblik.org.ua Open in urlscan Pro
2a06:6440:0:2d02::1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://buhoblik.org.ua/
Effective URL:
https://www.buhoblik.org.ua/
Submission: On August 24 via api (August 24th 2022, 3:57:22 am UTC) from GB — Scanned from GB

Summary HTTP 148 Redirects Behaviour Indicators

Summary

This website contacted 29 IPs in 10 countries across 25 domains to perform 148 HTTP transactions. The main IP is 2a06:6440:0:2d02::1, located in Ukraine and belongs to UKRAINE-AS, UA. The main domain is www.buhoblik.org.ua.
TLS certificate: Issued by R3 on August 4th 2022. Valid for: 3 months.

This is the only time www.buhoblik.org.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 11	2a06:6440:0:2... 2a06:6440:0:2d02::1	200000 (UKRAINE-AS) (UKRAINE-AS)
1 1	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
10	2a03:90c0:41:... 2a03:90c0:41:2801::254	199524 (GCORE) (GCORE)
2	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	95.216.186.40 95.216.186.40	24940 (HETZNER-AS) (HETZNER-AS)
1	2001:41d0:602... 2001:41d0:602:8bf::	16276 (OVH) (OVH)
12	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
5	146.0.227.109 146.0.227.109	29066 (VELIANET-...) (VELIANET-AS velia.net Internetdienste GmbH)
1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	3.125.77.13 3.125.77.13	16509 (AMAZON-02) (AMAZON-02)
2 2	188.42.196.115 188.42.196.115	7979 (SERVERS-COM) (SERVERS-COM)
1 2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	193.200.65.6 193.200.65.6	6681 (GIVEME-CLOUD) (GIVEME-CLOUD)
1	185.64.190.79 185.64.190.79	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
23	2001:67c:4e8:... 2001:67c:4e8:f004::9	62041 (TELEGRAM) (TELEGRAM)
9	34.111.35.152 34.111.35.152	15169 (GOOGLE) (GOOGLE)
29	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
2 3	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
148	29

11 2a06:6440:0:2d02::1 (Ukraine) 2 redirects

ASN200000 (UKRAINE-AS, UA)

buhoblik.org.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.buhoblik.org.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a03:90c0:41:2801::254 (Frankfurt am Main, Germany)

ASN199524 (GCORE, LU)

cdn.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.216.186.40 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.40.186.216.95.clients.your-server.de

xn--r1a.website	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:41d0:602:8bf:: (France)

ASN16276 (OVH, FR)

avto-oblik.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 146.0.227.109 (Ascension Island)

ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.180 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.125.77.13 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-77-13.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.42.196.115 (Luxembourg) 2 redirects

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands) 1 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.200.65.6 (Amsterdam, Netherlands)

ASN6681 (GIVEME-CLOUD, PL)
PTR: adforce.team

m.trafmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.79 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2001:67c:4e8:f004::9 (Virgin Islands (British))

ASN62041 (TELEGRAM, VG)

telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.111.35.152 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 152.35.111.34.bc.googleusercontent.com

cdn4.telegram-cdn.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 123 tpc.googlesyndication.com — Cisco Umbrella Rank: 159	803 KB
23	telegram.org telegram.org — Cisco Umbrella Rank: 10677	252 KB
15	admixer.net cdn.admixer.net — Cisco Umbrella Rank: 51836 inv-nets.admixer.net — Cisco Umbrella Rank: 2604	200 KB
12	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 52	185 KB
11	buhoblik.org.ua 2 redirects buhoblik.org.ua www.buhoblik.org.ua	230 KB
9	telegram-cdn.org cdn4.telegram-cdn.org — Cisco Umbrella Rank: 36154	773 KB
8	gstatic.com www.gstatic.com fonts.gstatic.com	106 KB
7	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 361	133 KB
7	criteo.com 1 redirects bidder.criteo.com — Cisco Umbrella Rank: 759 gum.criteo.com — Cisco Umbrella Rank: 407 mug.criteo.com — Cisco Umbrella Rank: 2790	9 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 54	32 KB
4	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 88 www.google.com — Cisco Umbrella Rank: 9	1 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 292	2 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 194	87 KB
2	creativecdn.com 1 redirects creativecdn.com — Cisco Umbrella Rank: 668	678 B
2	betweendigital.com 2 redirects ads.betweendigital.com — Cisco Umbrella Rank: 2016	1 KB
2	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 230	2 KB
2	xn--r1a.website xn--r1a.website — Cisco Umbrella Rank: 765619	14 KB
2	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 334	17 KB
1	pubmatic.com image8.pubmatic.com — Cisco Umbrella Rank: 603	42 B
1	trafmag.com m.trafmag.com — Cisco Umbrella Rank: 87371	351 B
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 655	39 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 8811	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 882	648 B
1	avto-oblik.com.ua avto-oblik.com.ua	72 KB
1	google.com.ua 1 redirects www.google.com.ua — Cisco Umbrella Rank: 17954	325 B
148	25

	Domain	Requested by
29	tpc.googlesyndication.com	www.buhoblik.org.ua googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
23	telegram.org	xn--r1a.website telegram.org
12	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.buhoblik.org.ua googleads.g.doubleclick.net
10	cdn.admixer.net	www.buhoblik.org.ua cdn.admixer.net
10	pagead2.googlesyndication.com	www.buhoblik.org.ua pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
9	cdn4.telegram-cdn.org	xn--r1a.website
9	www.buhoblik.org.ua	www.buhoblik.org.ua
7	fonts.gstatic.com	fonts.googleapis.com
7	cdn.ampproject.org	googleads.g.doubleclick.net pagead2.googlesyndication.com
5	inv-nets.admixer.net	cdn.admixer.net www.buhoblik.org.ua
4	fonts.googleapis.com	xn--r1a.website telegram.org tpc.googlesyndication.com
4	bidder.criteo.com	static.criteo.net
3	www.google.com	2 redirects tpc.googlesyndication.com
3	x.bidswitch.net	3 redirects
2	gum.criteo.com	1 redirects static.criteo.net
2	www.googletagservices.com	googleads.g.doubleclick.net
2	creativecdn.com	1 redirects www.buhoblik.org.ua
2	ads.betweendigital.com	2 redirects
2	ib.adnxs.com	1 redirects www.buhoblik.org.ua
2	xn--r1a.website	www.buhoblik.org.ua telegram.org
2	ssl.google-analytics.com	www.buhoblik.org.ua
2	buhoblik.org.ua	2 redirects
1	mug.criteo.com
1	image8.pubmatic.com	www.buhoblik.org.ua
1	m.trafmag.com	www.buhoblik.org.ua
1	static.criteo.net	cdn.admixer.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	avto-oblik.com.ua	www.buhoblik.org.ua
1	www.gstatic.com	www.buhoblik.org.ua
1	www.google.com.ua	1 redirects
148	32

This site contains no links.

Subject Issuer	Validity	Valid
www.buhoblik.org.ua R3	`2022-08-04` - `2022-11-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.admixer.net Sectigo RSA Domain Validation Secure Server CA	`2022-06-08` - `2023-06-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
xn--r1a.website R3	`2022-06-25` - `2022-09-23`	3 months	crt.sh
www.avto-oblik.com.ua R3	`2022-08-08` - `2022-11-06`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-21` - `2022-09-23`	3 months	crt.sh
*.trafmag.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-14` - `2023-06-14`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-15` - `2022-09-18`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.telegram.org Go Daddy Secure Certificate Authority - G2	`2021-09-10` - `2022-10-09`	a year	crt.sh
cdn4.telegram-cdn.org GTS CA 1D4	`2022-08-21` - `2022-11-19`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh

This page contains 18 frames:

Primary Page: https://www.buhoblik.org.ua/
Frame ID: C74D1D4A0E84144B31013E24537232EF
Requests: 45 HTTP requests in this frame

Frame: https://xn--r1a.website/s/buhoblik_org_ua
Frame ID: E210799A3E11283990B39A4A4CB8BF37
Requests: 42 HTTP requests in this frame

Frame: https://cdn.admixer.net/scripts3/49044/c.html?b=49044
Frame ID: BF5729F3EE887AF517A530799EFDB88B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.admixer.net/scripts3/49044/c.html?b=49044
Frame ID: 948BC558DDEC66E9A8A9B7A3C0D44CBA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20190131/zrt_lookup.html
Frame ID: 605F2D5C32B7A12124886543CE3D7D04
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&adk=1812271804&adf=3025194257&lmt=1661313435&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436345&bpp=2&bdt=505&idt=173&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7389845460158&frm=20&pv=2&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=185
Frame ID: DD51007AB6CDE90727436A23662F7928
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1661313435&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436347&bpp=2&bdt=507&idt=188&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=E7ftvUNTu1&p=https%3A//www.buhoblik.org.ua&dtd=194
Frame ID: 81B2FB2F2200136875B5E517A0087E42
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1661313435&psa=0&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436349&bpp=1&bdt=509&idt=202&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=oS5BPArR8f&p=https%3A//www.buhoblik.org.ua&dtd=205
Frame ID: B0553912A92CEBB29CA4D04B6E2E566F
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=4207227173&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1661313435&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436350&bpp=1&bdt=510&idt=208&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=3773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEebr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=oxaeqaC5ol&p=https%3A//www.buhoblik.org.ua&dtd=211
Frame ID: 70451CC0B80B1723B682EAE15151C5A1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html
Frame ID: 54AE43719807F6BA1AA526B998B4454A
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CuSghnKEFY_vzKuDF1fAP-d2y2AqJp7XKa-_A96GUEP7sxaimMRABIOfk8hZglfrwgYwHoAGyisGqAcgBCakCJq1pvsfjqT6oAwHIA0iqBPABT9CWygTVQBW9cV7ZX_BhthHt_V98jBFUDTknGl5v6Z5PSxS9-J9nBmgCxsZ4QAgM40jKtmsG5oPhxWNlsOAyzdO1-0l9kndzOfSktoWG7ev7AcAL3sHLUfQ7hueu5K4v63rkq2KGvQOCRiSPR4MLyAlrK12ExkXK-mkNzkBYSqam-oNgrexsViNjYB1OOec85wenDDE3CFO0w2NM_D0EXXiR12XFv8pZ_OL8ZOwPo_6YH_EXEZsT535Ce4RqYMYEKN2LvYDZ2CN_wcUIR9FE2Phfw0mJYSxqe1OtK2xTL1iJz-XBRfBrKklgsiXzHYxbwAT_t9qZhQSSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHtvW-1QKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCJmQLSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAaIMCCoGCgT5nrEC2BMK0BUBmBYBgBcBshccChoIABIUcHViLTU2MzA5NTY3NjYyMTY0NjUYAA&sigh=a9KBTELgun4&uach_m=[UACH]&template_id=419
Frame ID: 327B621136FA9A27CBFF4D6FDEEE0CCC
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html
Frame ID: A210B6F42A5F7052D670A68D350589BD
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=Ctso7nKEFY6CEK4LPxgPqgpKAAYmntcpr78D3oZQQ_uzFqKYxEAEg5-TyFmCV-vCBjAegAbKKwaoByAEJqQImrWm-x-OpPqgDAcgDSKoE9gFP0IjBHvGrwOtBYDP0EpTKYirmA44KZaM9FMdsX9_w1JVGXXgPoE0GXAeEZC7WfHSN1zFVF5h3KQCCqautS4msMq_GAb53FGXi3Vzb-vJoc_mn9d5OviI79yI9_qTHWRrqv-a9D2dNwSvz0pdthgMdfszTiWdgIFSv6d3YMIhpKaCPydjBjhFqOQPd_RqUOddYel8bg1ZfZ_5mRjtUDPhweGvgo7kb89NdtWKqagiSKk7uDg9w49EoTy7-PTRTHsZZlr5t-PYfhoWYeeSaBsyTGasgIrLWlC2wNZoerEhmtb1qDGbVcrFBE4T5DtJ8WBR6CrYy-F7ABP-32pmFBJIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAe29b7VAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEKCHENIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMK0BUBmBYBgBcBshccChoIABIUcHViLTU2MzA5NTY3NjYyMTY0NjUYAA&sigh=mNnemNWvzes&uach_m=[UACH]&cid=CAQSGwCsnQUxXRYr81QVuH6fRA3zeIww6ZhEbVXR_BgBIA4&template_id=419
Frame ID: F09BB8B1F4C4AB8723273429548D2B56
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: BA116B0362F16E4A5EDC19618F70D56E
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 9AD4EB3CBD02EAB6A18910B86EA65F83
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.buhoblik.org.ua
Frame ID: 09DC4D447F42B4BCFE6F3C50C75FD2EA
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4761D96D87AAEB16DBBE0A2799824274
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1307E50DBD84E33E21848ECA7BCF5681
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Бухучет в Украине : Бухгалтерский и налоговый учет

Page URL History Show full URLs

http://buhoblik.org.ua/ HTTP 301
https://buhoblik.org.ua/ HTTP 301
https://www.buhoblik.org.ua/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

148
Requests

97 %
HTTPS

61 %
IPv6

25
Domains

32
Subdomains

29
IPs

10
Countries

2956 kB
Transfer

6131 kB
Size

26
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://buhoblik.org.ua/ HTTP 301
https://buhoblik.org.ua/ HTTP 301
https://www.buhoblik.org.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://www.google.com.ua/cse/brand?form=cse-search-box%E2%8C%A9=ru HTTP 301
https://www.gstatic.com/prose/brandjs.js

Request Chain 31

https://ib.adnxs.com/setuid?entity=533&code=ce46d23ac90a48b683376c16b4936f4e HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D533%26code%3Dce46d23ac90a48b683376c16b4936f4e

Request Chain 32

https://x.bidswitch.net/sync?ssp=admixer&user_id=ce46d23ac90a48b683376c16b4936f4e&gdpr=&gdpr_consent=&us_privacy=[usPrivacy] HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=admixer&user_id=ce46d23ac90a48b683376c16b4936f4e&gdpr=&gdpr_consent=&us_privacy=[usPrivacy] HTTP 302
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dadmixer%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D%26gdpr_consent%3D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dadmixer%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D%26gdpr_consent%3D&crf=1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=429&user_id=33ce1bc9-5fdf-52ec-b18b-8c0ad28e2d97&ssp=admixer&expires=30&user_group=1&gdpr=&gdpr_consent= HTTP 302
https://inv-nets.admixer.net/bs/cm.aspx?id=8367d5ed-2cb4-4337-9579-ea900c607683&gdpr=&consent=&gdpr_pd=

Request Chain 33

https://creativecdn.com/cm-notify?pi=admixer HTTP 302
https://creativecdn.com/cm-notify?pi=admixer&tc=1

Request Chain 95

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 96

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 144

https://gum.criteo.com/sid/json?origin=publishertag&domain=buhoblik.org.ua&sn=ChromeSyncframe&so=0&topUrl=www.buhoblik.org.ua&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=4T9_qHwzZDZzNU5PYnVlV0hYcGxQMnBKbzZ0THlvN2s5ZUV3dkFxY1hSWUxYaUlJTEs0V0pzc3hOV2UvSXU3emJsK1BlN09jSjBMR00rangyUDFXRitFNVRVWUJNZkJDNkFraCtBb1ZJVW9KcnV1TGJSNHlBb3Izc3orcEV4azdBR0RiQkZxN1ZpZk5HalpsL3NMNWY4N3hERnRBL0hHWDUyM1dzS0pQTVF0TzBIVjdKQy9GL0dEZ2dTTGF3MFIwWXFyM25PYlBnMjh2Vm43YUYxSk95T0JoY0VwWW1pZjdsS1NvbVlZV0xaTFBLK2srcTA0d05Kc2NHcTdIcC9EYmQrdkNvSEg5RlBHQ2hrOW91dy9JRmlDak5JUT09fA&cppv=2

148 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.buhoblik.org.ua/
Redirect Chain

http://buhoblik.org.ua/
https://buhoblik.org.ua/
https://www.buhoblik.org.ua/

84 KB
15 KB

354ms
335ms

Document
text/html

2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: c79fe4aca7ad01b04807f0432625598e4e9cc7f46556b0e34a3ae84b767a812e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 public
content-encoding: gzip
content-length: 15299
content-type: text/html; charset=utf-8
date: Wed, 24 Aug 2022 03:57:15 GMT
expires: Wed, 17 Aug 2005 00:00:00 GMT
last-modified: Wed, 24 Aug 2022 03:57:15 GMT
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-ray: p953:0.173/wn25401:0.170/wa25401:D=167780

Redirect headers

cache-control: max-age=0
content-length: 236
content-type: text/html; charset=iso-8859-1
date: Wed, 24 Aug 2022 03:57:15 GMT
expires: Wed, 24 Aug 2022 03:57:15 GMT
location: https://www.buhoblik.org.ua/
server: nginx
x-ray: p953:0.012/wn25401:0.000/wa25401:D=2423

GET
H2 200 937d2c2ee43bca358b9b71d8167863c767f6a3e64cf2ba0703a7f07c0a987df3.css
www.buhoblik.org.ua/media/com_jchoptimize/cache/css/ 161 KB
23 KB 88ms
87ms Stylesheet
text/css 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buhoblik.org.ua/media/com_jchoptimize/cache/css/937d2c2ee43bca358b9b71d8167863c767f6a3e64cf2ba0703a7f07c0a987df3.css
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 88467b23c1044f571783e76997720036df1c0a9925eee5f428c7ff150fa7da56

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ray: p953:0.000/wn25401:0.000/
content-encoding: br
last-modified: Sat, 06 Aug 2022 07:42:02 GMT
server: nginx
etag: W/"62ee1b4a-28387"
content-type: text/css
cache-control: max-age=2592000
date: Wed, 24 Aug 2022 03:57:15 GMT
expires: Fri, 23 Sep 2022 03:57:15 GMT

GET
H2 200 937d2c2ee43bca358b9b71d8167863c7fe11058a8effe382178f5c9b88baefc8.js Show response
www.buhoblik.org.ua/media/com_jchoptimize/cache/js/ 137 KB
44 KB 171ms
170ms Script
application/javascript 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.buhoblik.org.ua/media/com_jchoptimize/cache/js/937d2c2ee43bca358b9b71d8167863c7fe11058a8effe382178f5c9b88baefc8.js
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 377d27d86822418762eb956a7d4eec9823d6a9d3fd6f6d3ca0d63fdf374a0b69

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ray: p953:0.010/wn25401:0.000/
content-encoding: br
last-modified: Sun, 19 Jun 2022 12:21:49 GMT
server: nginx
etag: W/"62af14dd-223b2"
content-type: application/javascript
cache-control: max-age=2592000
date: Wed, 24 Aug 2022 03:57:15 GMT
expires: Fri, 23 Sep 2022 03:57:15 GMT

GET
H2

200

brandjs.js Show response
www.gstatic.com/prose/
Redirect Chain

https://www.google.com.ua/cse/brand?form=cse-search-box%E2%8C%A9=ru
https://www.gstatic.com/prose/brandjs.js

14 KB
6 KB

169ms
53ms

Script
text/javascript

2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/prose/brandjs.js

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 21:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22612
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5807
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 15:14:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 24 Aug 2022 21:40:24 GMT

Redirect headers

date: Wed, 24 Aug 2022 03:38:48 GMT
x-content-type-options: nosniff
server: sffe
age: 1108
content-type: text/html; charset=UTF-8
location: https://www.gstatic.com/prose/brandjs.js
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
expires: Wed, 24 Aug 2022 04:08:48 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 165 KB
57 KB 195ms
78ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1204bcce82cc2af761e90b1ebf3e19a7a31ba11d0bc5db891850d3599180d3f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57466
x-xss-protection: 0
server: cafe
etag: 14770191315639612475
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 24 Aug 2022 03:57:16 GMT

GET
H2 200 list_black.png
www.buhoblik.org.ua/images/ 417 B
634 B 85ms
84ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/list_black.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 002a93857ca724d4828a347c2b419a56eabfd275f206a5febc48246ccfe5830d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ray: p953:0.000/wn25401:0.000/
last-modified: Thu, 27 Aug 2015 18:43:06 GMT
server: nginx
etag: "55df5a3a-1a1"
content-type: image/png
cache-control: max-age=2592000
date: Wed, 24 Aug 2022 03:57:16 GMT
accept-ranges: bytes
content-length: 417
expires: Fri, 23 Sep 2022 03:57:16 GMT

GET
H2 200 youtube-32.png
www.buhoblik.org.ua/images/ 918 B
1 KB 86ms
85ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/youtube-32.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: c6d254ee6b05a14666952b2b7629dedc518103bfed8a8d6ee0c1cbe28f76c6fd

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ray: p953:0.000/wn25401:0.000/
last-modified: Sat, 21 Mar 2020 22:41:20 GMT
server: nginx
etag: "5e769810-396"
content-type: image/png
cache-control: max-age=2592000
date: Wed, 24 Aug 2022 03:57:16 GMT
accept-ranges: bytes
content-length: 918
expires: Fri, 23 Sep 2022 03:57:16 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 164 KB
56 KB 190ms
74ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5630956766216465

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1aeb6aba357112ed219f363b49f07a1045465cc09e712910dffd2a74b256678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Origin: https://www.buhoblik.org.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57049
x-xss-protection: 0
server: cafe
etag: 7699062829452277136
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 24 Aug 2022 03:57:16 GMT

GET
H2 200 loader2.js Show response
cdn.admixer.net/scripts3/ 176 KB
55 KB 195ms
59ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/loader2.js
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 9784d739d5c17552246ac97886dd2455b93bd36df81741e57d408a20c827364e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc16
date: Wed, 24 Aug 2022 03:57:16 GMT
content-encoding: gzip
last-modified: Tue, 23 Aug 2022 09:34:39 GMT
server: nginx
etag: W/"63049f2f-2c101"
x-cached-since: 2022-08-24T03:50:22+00:00
content-type: application/javascript
cache-control: max-age=600
cache: HIT
expires: Tue, 23 Aug 2022 09:45:59 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 170ms
53ms Script
text/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 372
date: Wed, 24 Aug 2022 03:51:04 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Wed, 24 Aug 2022 05:51:04 GMT

GET
H2 200 module-main3.png
www.buhoblik.org.ua/images/ 70 KB
70 KB 85ms
85ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/module-main3.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 8dfbfa16c85400143f85eb24eef8df723fd19c190f841c2c5ff22b8d0a5eeb09

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ray: p953:0.000/wn25401:0.000/
last-modified: Sun, 13 Feb 2022 17:15:45 GMT
server: nginx
etag: "62093cc1-11743"
content-type: image/png
cache-control: max-age=2592000
date: Wed, 24 Aug 2022 03:57:16 GMT
accept-ranges: bytes
content-length: 71491
expires: Fri, 23 Sep 2022 03:57:16 GMT

GET
H/1.1 200
OK buhoblik_org_ua Show response
xn--r1a.website/s/ Frame E210 99 KB
13 KB 688ms
449ms Document
text/html 95.216.186.40
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://xn--r1a.website/s/buhoblik_org_ua

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.186.40 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.40.186.216.95.clients.your-server.de

Software

nginx /

Resource Hash

dab74606e0933cec4483e01523f74c632285b9368687651533dc2a055904bc6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=35768000

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-control: no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Wed, 24 Aug 2022 03:57:16 GMT
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=35768000
Transfer-Encoding: chunked

GET
H2 200 num_star.png
www.buhoblik.org.ua/images/ 2 KB
2 KB 84ms
84ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/num_star.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: a4d35007c83b3689910808811412e63293a2ae2abf1180a2dbaf4b3f7bb91ce9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ray: p953:0.000/wn25401:0.000/
last-modified: Tue, 03 Jan 2017 22:58:31 GMT
server: nginx
etag: "586c2c97-652"
content-type: image/png
cache-control: max-age=2592000
date: Wed, 24 Aug 2022 03:57:16 GMT
accept-ranges: bytes
content-length: 1618
expires: Fri, 23 Sep 2022 03:57:16 GMT

GET
H2 200 pdf-sborniki-vnizu-115-2022.png
avto-oblik.com.ua/images/ 72 KB
72 KB 339ms
152ms Image
image/png 2001:41d0:602:8bf::
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avto-oblik.com.ua/images/pdf-sborniki-vnizu-115-2022.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:41d0:602:8bf:: , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 89c114dc23d61c6b428f26c214e96d1fd49b43c8f777c8fcbb9ffdee7a84d81f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ray: wn33738:0.000/
last-modified: Mon, 27 Dec 2021 15:47:26 GMT
server: nginx
etag: "61c9e00e-1201c"
content-type: image/png
cache-control: max-age=2592000
date: Wed, 24 Aug 2022 03:57:16 GMT
accept-ranges: bytes
content-length: 73756
expires: Fri, 23 Sep 2022 03:57:16 GMT

GET
H2 200 dovidnik-buhgaltera-238.png
www.buhoblik.org.ua/normativka/spravochniki/spravochnik-buhgaltera/ 16 KB
16 KB 86ms
85ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/normativka/spravochniki/spravochnik-buhgaltera/dovidnik-buhgaltera-238.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 052155039c13b233f324882bd10dc38150b5bd74fb44f27c0ead4d518fbc901b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ray: p953:0.000/wn25401:0.000/
last-modified: Wed, 26 Jul 2017 08:14:12 GMT
server: nginx
etag: "59784f54-3eb3"
content-type: image/png
cache-control: max-age=2592000
date: Wed, 24 Aug 2022 03:57:16 GMT
accept-ranges: bytes
content-length: 16051
expires: Fri, 23 Sep 2022 03:57:16 GMT

GET
H2 200 sidebar-uchet-2021.png
www.buhoblik.org.ua/images/ 58 KB
58 KB 85ms
84ms Image
image/png 2a06:6440:0:2d02::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.buhoblik.org.ua/images/sidebar-uchet-2021.png
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a06:6440:0:2d02::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 6a82502c1baab28ba6f410aa012fff53bd4f01d8de430e54589e583a0dc3ce80

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ray: p953:0.000/wn25401:0.000/
last-modified: Wed, 06 Apr 2022 09:28:41 GMT
server: nginx
etag: "624d5d49-e758"
content-type: image/png
cache-control: max-age=2592000
date: Wed, 24 Aug 2022 03:57:16 GMT
accept-ranges: bytes
content-length: 59224
expires: Fri, 23 Sep 2022 03:57:16 GMT

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
197 B 63ms
62ms Image
image/gif 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=395952978&utmhn=www.buhoblik.org.ua&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%91%D1%83%D1%85%D1%83%D1%87%D0%B5%D1%82%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5%20%3A%20%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%81%D0%BA%D0%B8%D0%B9%20%D0%B8%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D0%B9%20%D1%83%D1%87%D0%B5%D1%82&utmhid=913968283&utmr=-&utmp=%2F&utmht=1661313436242&utmac=UA-23922474-1&utmcc=__utma%3D21695912.999373255.1661313436.1661313436.1661313436.1%3B%2B__utmz%3D21695912.1661313436.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=148109587&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 03:57:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 c.html Show response
cdn.admixer.net/scripts3/49044/ Frame BF57 738 B
450 B 58ms
58ms Document
text/html 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/49044/c.html?b=49044
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache: HIT
cache-control: max-age=31622400
content-encoding: gzip
content-type: text/html
date: Wed, 24 Aug 2022 03:57:16 GMT
etag: W/"63049f42-2e2"
expires: Thu, 24 Aug 2023 09:36:00 GMT
last-modified: Tue, 23 Aug 2022 09:34:58 GMT
server: nginx
vary: Accept-Encoding
x-cached-since: 2022-08-23T09:36:00+00:00
x-id: fr5-up-gc16

GET
H2 200 a21031c0f6a0994b3314.b.js Show response
cdn.admixer.net/scripts3/49044/ 23 KB
9 KB 58ms
57ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/49044/a21031c0f6a0994b3314.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 680f6e9a0e9f9d8c145e11d6937f688ff4299215d44bf0a54368ffc6acdbfc51

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc16
date: Wed, 24 Aug 2022 03:57:16 GMT
content-encoding: gzip
last-modified: Tue, 23 Aug 2022 09:34:56 GMT
server: nginx
etag: W/"63049f40-5d41"
vary: Accept-Encoding
x-cached-since: 2022-08-23T09:36:00+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Thu, 24 Aug 2023 09:36:00 GMT

GET
H2 200 0a75d04ce9f53a1a35b6.b.js Show response
cdn.admixer.net/scripts3/49044/ 75 KB
20 KB 63ms
62ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/49044/0a75d04ce9f53a1a35b6.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: ecd2e45fcd6ed0f17eaefccd72cdb8253be8673636adcbf3f8902aeeed654fe2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc16
date: Wed, 24 Aug 2022 03:57:16 GMT
content-encoding: gzip
last-modified: Tue, 23 Aug 2022 09:34:45 GMT
server: nginx
etag: W/"63049f35-12c39"
vary: Accept-Encoding
x-cached-since: 2022-08-23T17:03:37+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Thu, 24 Aug 2023 17:03:37 GMT

GET
H2 200 c.html Show response
cdn.admixer.net/scripts3/49044/ Frame 948B 738 B
405 B 56ms
56ms Document
text/html 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/49044/c.html?b=49044
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache: HIT
cache-control: max-age=31622400
content-encoding: gzip
content-type: text/html
date: Wed, 24 Aug 2022 03:57:16 GMT
etag: W/"63049f42-2e2"
expires: Thu, 24 Aug 2023 09:36:00 GMT
last-modified: Tue, 23 Aug 2022 09:34:58 GMT
server: nginx
vary: Accept-Encoding
x-cached-since: 2022-08-23T09:36:00+00:00
x-id: fr5-up-gc16

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208220101/ 343 KB
121 KB 83ms
83ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208220101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5630956766216465&plah=www.buhoblik.org.ua&bust=31069108

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a48e60f4c7475dd0cd34df26bf5f6534287bef30278e3d7811d7853dd4a291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123236
x-xss-protection: 0
server: cafe
etag: 5909171955233511489
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 24 Aug 2022 03:57:16 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220822/r20190131/ Frame 605F 10 KB
5 KB 169ms
53ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220822/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 34432
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Aug 2022 18:23:24 GMT
etag: 8616628553774171045
expires: Tue, 06 Sep 2022 18:23:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK dsp.aspx Show response
inv-nets.admixer.net/ 3 KB
2 KB 204ms
87ms Script
application/javascript 146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/dsp.aspx?sender=admixer&rct=4&v=2.0&rnd=2112534727522867.8&cpv=dfd73f19-1b2c-d7e5-4e3a-f51564f31a63&responseType=default&uids=%7B%7D&fpd=%7B%7D&kvTargeting=%7B%7D&data=%7B%22id%22%3A%22b9ab2f13-8d99-78ea-4a7a-56fc226899cb%22%2C%22site%22%3A%7B%22page%22%3A%22https%253A%252F%252Fwww.buhoblik.org.ua%252F%22%2C%22ref%22%3A%22%22%2C%22sf%22%3A0%7D%2C%22device%22%3A%7B%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F99.0.4844.51%20Safari%2F537.36%22%2C%22sr%22%3A%221600x1200%22%7D%2C%22labels%22%3A%7B%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2223202a96-a3d8-cf45-c10c-708365490e0f%22%2C%22tagid%22%3A%22dab6be62-b1e7-4d05-a12c-0a70b3291504%22%2C%22ext%22%3A%7B%22ph%22%3A%22admixer_dab6be62b1e74d05a12c0a70b3291504_zone_1393_sect_956_site_943%22%2C%22pos%22%3A1%2C%22inView%22%3A1%7D%2C%22i%22%3A%22inv-nets%22%2C%22sender%22%3A%22admixer%22%7D%5D%2C%22allimps%22%3A1%7D&am-uid=null&3rdEnabled=true&3rd=true

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

7a2710a85d42dbbc7b9c3abab2c254b149d2071e3e7f7051f563c3cc0e436f80

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 24 Aug 2022 03:57:16 GMT
Content-Encoding: gzip
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Keep-Alive: timeout=25
Content-Length: 1389
X-Xss-Protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 219 B
648 B 192ms
61ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.buhoblik.org.ua&callback=_gfp_s_&client=ca-pub-5630956766216465

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208220101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5630956766216465&plah=www.buhoblik.org.ua&bust=31069108

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ea70bde5d014f5464a085455274113efd21dbfd5b6bffe32b5e01c458f13423d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 204
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 194ms
65ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.buhoblik.org.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Aug 2022 03:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 193ms
63ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.buhoblik.org.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Aug 2022 03:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DD51 0
188 B 161ms
160ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&adk=1812271804&adf=3025194257&lmt=1661313435&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436345&bpp=2&bdt=505&idt=173&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7389845460158&frm=20&pv=2&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=185

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 03:57:16 GMT
expires: Wed, 24 Aug 2022 03:57:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 81B2 135 KB
43 KB 435ms
324ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1661313435&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436347&bpp=2&bdt=507&idt=188&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=E7ftvUNTu1&p=https%3A//www.buhoblik.org.ua&dtd=194

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9b39f61b9fc42b33e6b37c32685834dc9599875aa3409e85c41d062f348bd13

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKDCherK3vkCFYKncQodaoEEEA&gqi=nKEFY47qKZHO7_UPuOOKoAM&layout=/sadbundle/%24csp%253Der3%24/15125906671778944833/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 44400
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKDCherK3vkCFYKncQodaoEEEA&gqi=nKEFY47qKZHO7_UPuOOKoAM&layout=/sadbundle/%24csp%253Der3%24/15125906671778944833/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 03:57:16 GMT
expires: Wed, 24 Aug 2022 03:57:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B055 301 KB
93 KB 526ms
428ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1661313435&psa=0&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436349&bpp=1&bdt=509&idt=202&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=oS5BPArR8f&p=https%3A//www.buhoblik.org.ua&dtd=205

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3298314069708f10f20d7d8814f5b6461ea6492c2de913927a916a83d65fb3ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-expose-headers: x-google-amp-ad-validated-version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 95033
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 03:57:17 GMT
expires: Wed, 24 Aug 2022 03:57:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7045 135 KB
43 KB 374ms
284ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=4207227173&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1661313435&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436350&bpp=1&bdt=510&idt=208&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=3773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEebr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=oxaeqaC5ol&p=https%3A//www.buhoblik.org.ua&dtd=211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

33fc08bc70eda898647303afaa449535583909178a9fd38b5de055c2a80c2921

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPuxherK3vkCFeBiFQgd-a4Mqw&gqi=nKEFY87oKfCt9u8PzMqosA4&layout=/sadbundle/%24csp%253Der3%24/15125906671778944833/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 44296
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPuxherK3vkCFeBiFQgd-a4Mqw&gqi=nKEFY87oKfCt9u8PzMqosA4&layout=/sadbundle/%24csp%253Der3%24/15125906671778944833/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 03:57:16 GMT
expires: Wed, 24 Aug 2022 03:57:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ 119 KB
39 KB 173ms
59ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

99c664c6e0f9211430ca24054ef2365aa16aabaa3ca3c3a22674d3fb0c86c1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:16 GMT
content-encoding: gzip
last-modified: Tue, 16 Aug 2022 07:20:51 GMT
server: nginx
etag: W/"62fb4553-1ddb3"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 25 Aug 2022 03:57:16 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://ib.adnxs.com/setuid?entity=533&code=ce46d23ac90a48b683376c16b4936f4e
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D533%26code%3Dce46d23ac90a48b683376c16b4936f4e

43 B
844 B

55ms
54ms

Image
image/gif

185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D533%26code%3Dce46d23ac90a48b683376c16b4936f4e

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Aug 2022 03:57:16 GMT
X-Proxy-Origin: 82.199.130.42; 82.199.130.42; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: b594a319-b9be-4c77-b710-0eb74af2b17c
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 24 Aug 2022 03:57:16 GMT
X-Proxy-Origin: 82.199.130.42; 82.199.130.42; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 64a29902-8711-41ba-9e88-96e69c4b09fb
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D533%26code%3Dce46d23ac90a48b683376c16b4936f4e
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

cm.aspx
inv-nets.admixer.net/bs/
Redirect Chain

https://x.bidswitch.net/sync?ssp=admixer&user_id=ce46d23ac90a48b683376c16b4936f4e&gdpr=&gdpr_consent=&us_privacy=[usPrivacy]
https://x.bidswitch.net/ul_cb/sync?ssp=admixer&user_id=ce46d23ac90a48b683376c16b4936f4e&gdpr=&gdpr_consent=&us_privacy=[usPrivacy]
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dadmixer%26expires%3D30%26us...
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dadmixer%26expires%3D30%26us...
https://x.bidswitch.net/sync?dsp_id=429&user_id=33ce1bc9-5fdf-52ec-b18b-8c0ad28e2d97&ssp=admixer&expires=30&user_group=1&gdpr=&gdpr_consent=
https://inv-nets.admixer.net/bs/cm.aspx?id=8367d5ed-2cb4-4337-9579-ea900c607683&gdpr=&consent=&gdpr_pd=

43 B
463 B

55ms
54ms

Image
image/gif

146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/bs/cm.aspx?id=8367d5ed-2cb4-4337-9579-ea900c607683&gdpr=&consent=&gdpr_pd=

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 24 Aug 2022 03:57:17 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

Location: //inv-nets.admixer.net/bs/cm.aspx?id=8367d5ed-2cb4-4337-9579-ea900c607683&gdpr=&consent=&gdpr_pd=
Date: Wed, 24 Aug 2022 03:57:17 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

cm-notify
creativecdn.com/
Redirect Chain

https://creativecdn.com/cm-notify?pi=admixer
https://creativecdn.com/cm-notify?pi=admixer&tc=1

42 B
243 B

49ms
48ms

Image
image/gif

185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativecdn.com/cm-notify?pi=admixer&tc=1
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 03:57:16 GMT, Wed, 24 Aug 2022 03:57:16 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-type: image/gif
content-length: 42
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://creativecdn.com/cm-notify?pi=admixer&tc=1
date: Wed, 24 Aug 2022 03:57:16 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 1px-matching-admixer.gif
m.trafmag.com/images/ 35 B
351 B 213ms
56ms Image
image/gif 193.200.65.6
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.trafmag.com/images/1px-matching-admixer.gif?id=ce46d23ac90a48b683376c16b4936f4e
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 193.200.65.6 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: adforce.team
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 24 Aug 2022 03:57:16 GMT
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
P3P: CP="NON DSP COR CURa TIA"

GET
H2 200 ImgSync
image8.pubmatic.com/AdServer/ 0
42 B 203ms
57ms Image
text/plain 185.64.190.79
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?p=160846&gdpr={gdpr}&gdpr_consent={consent}&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D160846%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Finv-nets.admixer.net%252Fadxcm.aspx%253Fssp%253D8B7CB874-411E-4307-9BD3-661F1CB0A0E6%2526id%253D%2523PMUID
Requested by: Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:15 GMT
content-length: 0

POST
H2 200 cdb Show response
bidder.criteo.com/ 227 B
472 B 155ms
50ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=127&profileId=184&cb=84131351580

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e4f214301fbe8e04d1d42f2e1354470de327d49abea04b6a4116fa500cf5324a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.buhoblik.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Wed, 24 Aug 2022 03:57:16 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.buhoblik.org.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 198

POST
H2 200 cdb Show response
bidder.criteo.com/ 227 B
471 B 152ms
51ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=127&profileId=184&cb=50098190058

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

8c536404c272a95917a8d5e64827b9c1c154cbd29377443d9374540a1d2f42d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.buhoblik.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Wed, 24 Aug 2022 03:57:16 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.buhoblik.org.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 198

GET
H2 200 css
fonts.googleapis.com/ Frame E210 4 KB
1 KB 178ms
63ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 24 Aug 2022 02:10:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 24 Aug 2022 03:57:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 24 Aug 2022 03:57:17 GMT

GET
H2 200 widget-frame.css
telegram.org/css/ Frame E210 86 KB
22 KB 190ms
61ms Stylesheet
text/css 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/css/widget-frame.css?62

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

437e2f919345cdc64ce4cc4de32598b6c99b2962f3e209c4c2efe4eeb4db7971

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Fri, 15 Jul 2022 13:29:32 GMT
server: nginx/1.18.0
etag: W/"62d16bbc-157fd"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=345600
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 telegram-web.css
telegram.org/css/ Frame E210 30 KB
7 KB 252ms
123ms Stylesheet
text/css 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/css/telegram-web.css?33

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

dd4c56f7e4e4d47753a48540330518aa2f067e061970c7c3be640e23963aafb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Thu, 14 Jul 2022 22:52:43 GMT
server: nginx/1.18.0
etag: W/"62d09e3b-793b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=345600
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 MLOpDlpyb4rJJt81rY7OcFn9Qx3DDqq7dTdDfIGA7SpflSKTFm5BhLPCQ3wBa0ntCtrfJc00FhbHEvNEgzKPxwW-96HbSE322AzUxsRoUpAcC3ZRkcO1uM82eG5O93U2uXuamHvz_vUMxDrY8sIXqRXALnicsd9myVXKaV0YN-ovOnRxeEbakZePS40T0AJ1UEzsZ...
cdn4.telegram-cdn.org/file/ Frame E210 5 KB
5 KB 181ms
65ms Image
image/jpeg 34.111.35.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/MLOpDlpyb4rJJt81rY7OcFn9Qx3DDqq7dTdDfIGA7SpflSKTFm5BhLPCQ3wBa0ntCtrfJc00FhbHEvNEgzKPxwW-96HbSE322AzUxsRoUpAcC3ZRkcO1uM82eG5O93U2uXuamHvz_vUMxDrY8sIXqRXALnicsd9myVXKaV0YN-ovOnRxeEbakZePS40T0AJ1UEzsZPLPUEzXSQ38WxW9aPJEoyjJOTdpnGWBy_f4bT23coUbSQnWs1HVon_BxxolzzVmF9LxkxlCQ3Tp6vu-tmTWtcnG_ttF0Rjrb5ZfJcPNDwkVZ3GiMgaaS3xkUTseC9-wUDxhjZ4L6Dpjl5RrNQ.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

1da67e20c0a4ac1486f38f01e01cdb805992a3f857ef49dccd9529e6b7571d0c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; sandbox
via: 1.1 google
x-content-type-options: nosniff
date: Wed, 24 Aug 2022 03:57:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4611
x-xss-protection: 1; mode=block
server: nginx/1.18.0
x-frame-options: DENY
etag: "c306c2f92fde71f3d8b7f957309116d3efaf27c1"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 jquery.min.js Show response
telegram.org/js/ Frame E210 94 KB
38 KB 64ms
62ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/jquery.min.js

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-1762a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 jquery-ui.min.js Show response
telegram.org/js/ Frame E210 96 KB
32 KB 64ms
64ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/jquery-ui.min.js

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

eb46d82ef6f86859f18e379660e0f45b85c6f69fa97111905f0c125a08506376

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-181a9"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 tgwallpaper.min.js Show response
telegram.org/js/ Frame E210 3 KB
2 KB 60ms
59ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/tgwallpaper.min.js?3

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Thu, 03 Mar 2022 19:57:25 GMT
server: nginx/1.18.0
etag: W/"62211da5-ba3"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 tgsticker.js Show response
telegram.org/js/ Frame E210 24 KB
7 KB 67ms
67ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/tgsticker.js?29

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

dd6e691a27d07125e04993917cfb3f75ac9d8926f6b66d7c2e45368aa130e660

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Wed, 29 Jun 2022 21:52:44 GMT
server: nginx/1.18.0
etag: W/"62bcc9ac-5faf"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 widget-frame.js Show response
telegram.org/js/ Frame E210 91 KB
25 KB 62ms
61ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/widget-frame.js?59

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

a3a9666403dd904811c01ba6925d89449b27aa3efe19e86b9d8864d660922fc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Thu, 14 Jul 2022 22:52:43 GMT
server: nginx/1.18.0
etag: W/"62d09e3b-16c7c"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 telegram-web.js Show response
telegram.org/js/ Frame E210 12 KB
4 KB 63ms
62ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/telegram-web.js?14

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

e4b7033bdd850b9dd9847fb31e63627e352e38a3cb5cf5a483ca3d2cc1093c58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Fri, 18 Mar 2022 10:32:52 GMT
server: nginx/1.18.0
etag: W/"62345fd4-2e63"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/ Frame 54AE 16 KB
5 KB 236ms
116ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7b3d2fdc9f064d7169e5a1923d7cb19c579567d8ccb0dcc4702b162e2db4026

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 467568
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3903
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Thu, 18 Aug 2022 18:04:29 GMT
expires: Fri, 18 Aug 2023 18:04:29 GMT
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 327B 0
0 121ms
121ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CuSghnKEFY_vzKuDF1fAP-d2y2AqJp7XKa-_A96GUEP7sxaimMRABIOfk8hZglfrwgYwHoAGyisGqAcgBCakCJq1pvsfjqT6oAwHIA0iqBPABT9CWygTVQBW9cV7ZX_BhthHt_V98jBFUDTknGl5v6Z5PSxS9-J9nBmgCxsZ4QAgM40jKtmsG5oPhxWNlsOAyzdO1-0l9kndzOfSktoWG7ev7AcAL3sHLUfQ7hueu5K4v63rkq2KGvQOCRiSPR4MLyAlrK12ExkXK-mkNzkBYSqam-oNgrexsViNjYB1OOec85wenDDE3CFO0w2NM_D0EXXiR12XFv8pZ_OL8ZOwPo_6YH_EXEZsT535Ce4RqYMYEKN2LvYDZ2CN_wcUIR9FE2Phfw0mJYSxqe1OtK2xTL1iJz-XBRfBrKklgsiXzHYxbwAT_t9qZhQSSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHtvW-1QKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCJmQLSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAaIMCCoGCgT5nrEC2BMK0BUBmBYBgBcBshccChoIABIUcHViLTU2MzA5NTY3NjYyMTY0NjUYAA&sigh=a9KBTELgun4&uach_m=[UACH]&template_id=419

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=4207227173&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1661313435&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436350&bpp=1&bdt=510&idt=208&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=3773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEebr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=oxaeqaC5ol&p=https%3A//www.buhoblik.org.ua&dtd=211
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 24 Aug 2022 03:57:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 24 Aug 2022 03:57:17 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/ Frame 327B 23 KB
10 KB 172ms
53ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=4207227173&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1661313435&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436350&bpp=1&bdt=510&idt=208&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=3773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEebr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=oxaeqaC5ol&p=https%3A//www.buhoblik.org.ua&dtd=211

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:22:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2072
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 03:22:45 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 327B 3 KB
1 KB 247ms
129ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:27:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1809
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 03:27:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 327B 17 KB
8 KB 179ms
61ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:01:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3326
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 03:01:51 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 327B 140 KB
44 KB 185ms
67ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4f8d308a537be4d8442135addd3a1637ad70c831ec8d6fb21b460dc392031e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44049
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661168302676581"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 24 Aug 2022 03:57:17 GMT

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/ Frame A210 16 KB
4 KB 193ms
121ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7b3d2fdc9f064d7169e5a1923d7cb19c579567d8ccb0dcc4702b162e2db4026

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 467568
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3903
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Thu, 18 Aug 2022 18:04:29 GMT
expires: Fri, 18 Aug 2023 18:04:29 GMT
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame F09B 0
0 98ms
98ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Ctso7nKEFY6CEK4LPxgPqgpKAAYmntcpr78D3oZQQ_uzFqKYxEAEg5-TyFmCV-vCBjAegAbKKwaoByAEJqQImrWm-x-OpPqgDAcgDSKoE9gFP0IjBHvGrwOtBYDP0EpTKYirmA44KZaM9FMdsX9_w1JVGXXgPoE0GXAeEZC7WfHSN1zFVF5h3KQCCqautS4msMq_GAb53FGXi3Vzb-vJoc_mn9d5OviI79yI9_qTHWRrqv-a9D2dNwSvz0pdthgMdfszTiWdgIFSv6d3YMIhpKaCPydjBjhFqOQPd_RqUOddYel8bg1ZfZ_5mRjtUDPhweGvgo7kb89NdtWKqagiSKk7uDg9w49EoTy7-PTRTHsZZlr5t-PYfhoWYeeSaBsyTGasgIrLWlC2wNZoerEhmtb1qDGbVcrFBE4T5DtJ8WBR6CrYy-F7ABP-32pmFBJIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAe29b7VAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEKCHENIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMK0BUBmBYBgBcBshccChoIABIUcHViLTU2MzA5NTY3NjYyMTY0NjUYAA&sigh=mNnemNWvzes&uach_m=[UACH]&cid=CAQSGwCsnQUxXRYr81QVuH6fRA3zeIww6ZhEbVXR_BgBIA4&template_id=419

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1661313435&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436347&bpp=2&bdt=507&idt=188&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=E7ftvUNTu1&p=https%3A//www.buhoblik.org.ua&dtd=194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 24 Aug 2022 03:57:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 24 Aug 2022 03:57:17 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/ Frame F09B 23 KB
10 KB 140ms
69ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1661313435&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436347&bpp=2&bdt=507&idt=188&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=E7ftvUNTu1&p=https%3A//www.buhoblik.org.ua&dtd=194

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:22:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2072
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 03:22:45 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame F09B 3 KB
1 KB 202ms
131ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:27:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1809
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 03:27:08 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F09B 140 KB
43 KB 210ms
139ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4f8d308a537be4d8442135addd3a1637ad70c831ec8d6fb21b460dc392031e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44049
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661168302676581"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 24 Aug 2022 03:57:17 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame F09B 17 KB
7 KB 178ms
107ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:01:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3326
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 03:01:51 GMT

POST
H2 204 events
bidder.criteo.com/csm/ 0
220 B 92ms
91ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.buhoblik.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 24 Aug 2022 03:57:16 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://www.buhoblik.org.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H/1.1 204
No Content ev_prebid.aspx
inv-nets.admixer.net/ 0
220 B 54ms
54ms Image
text/plain 146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/ev_prebid.aspx?cc=DE&am-uid=ce46d23ac90a48b683376c16b4936f4e&zone=DAB6BE62-B1E7-4D05-A12C-0A70B3291504&device=28&rule=A115463E-E95D-4D45-91E3-2BE636EF4375&requestId=955f9292-813a-422d-ab9e-03d42b6fdeff&hp=-967666016&page=www.buhoblik.org.ua%2F&segments=5%2C2%2C495&ts=637969102365643564&ap=MA%3D%3D&asign=1315190295&sync=3%2C88&bt=3&carr=Core-Backbone&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=1A4D80BD-B81F-427C-A6F6-12DD363AA495&inst=ADS-EU-7&pxl=0&pvid=b73520eb-351e-49cf-9277-4655a1f5c132&ip=82.199.130.42&item=A0F0C54C-7ED4-485E-97FF-9946099AE54A&crid=A0F0C54C-7ED4-485E-97FF-9946099AE54A&size=240x350&profile=A08F3A11-214F-401E-9933-D17F544E4BE0&isopt=0&adv=Criteo+RU&dsp=Criteo+DE&dstUrl=http%3A%2F%2F&cet=18&sw=[e=screen.width]&sh=[e=screen.height]

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 24 Aug 2022 03:57:17 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H2 200 e1eee23f36481a69453f.b.js Show response
cdn.admixer.net/scripts3/49044/ 28 KB
11 KB 61ms
58ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/49044/e1eee23f36481a69453f.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 734b1760dd6b1371613bc5f380dc18f0d17ef81c0edf4622d5a1400c7ad9518a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc16
date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Tue, 23 Aug 2022 09:35:01 GMT
server: nginx
etag: W/"63049f45-702f"
vary: Accept-Encoding
x-cached-since: 2022-08-23T09:36:03+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Thu, 24 Aug 2023 09:36:03 GMT

GET
H2 200 fdabe098f34289659a17.b.js Show response
cdn.admixer.net/scripts3/49044/ 42 KB
18 KB 69ms
66ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/49044/fdabe098f34289659a17.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: f6247007e2b6a2b034c5ac6bb537e9451f7b5ed1dd8a23979068cd4e9160e72b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc16
date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Tue, 23 Aug 2022 09:35:02 GMT
server: nginx
etag: W/"63049f46-a793"
vary: Accept-Encoding
x-cached-since: 2022-08-23T09:36:04+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Thu, 24 Aug 2023 09:36:03 GMT

GET
H2 200 84011c43c3075e543c6d.b.js Show response
cdn.admixer.net/scripts3/49044/ 13 KB
5 KB 63ms
60ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/49044/84011c43c3075e543c6d.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 1083eef8b7598af7e021ae80d04890c3d02220b616f472acc64656ab024ba484

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc16
date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Tue, 23 Aug 2022 09:34:54 GMT
server: nginx
etag: W/"63049f3e-326c"
vary: Accept-Encoding
x-cached-since: 2022-08-23T09:36:03+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Thu, 24 Aug 2023 09:36:03 GMT

GET
H2 200 7103cce7fa6705169441.b.js Show response
cdn.admixer.net/scripts3/49044/ 11 KB
4 KB 63ms
61ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/49044/7103cce7fa6705169441.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: da5a6aaf22887d6be1d6aaf85b1bf31db6372817faeef47bd9f21b89fcb78109

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc16
date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Tue, 23 Aug 2022 09:34:52 GMT
server: nginx
etag: W/"63049f3c-2a79"
vary: Accept-Encoding
x-cached-since: 2022-08-23T09:36:03+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Thu, 24 Aug 2023 09:36:03 GMT

GET
H2 200 5927ef40e4a80e0040be.b.js Show response
cdn.admixer.net/scripts3/49044/ 215 KB
74 KB 74ms
72ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/49044/5927ef40e4a80e0040be.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 4d1f56b3032e5c392c0a0e812c52d5fcc3da8d9f157d1e21d78434196f58495e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-id: fr5-up-gc16
date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Tue, 23 Aug 2022 09:34:51 GMT
server: nginx
etag: W/"63049f3b-35ac7"
vary: Accept-Encoding
x-cached-since: 2022-08-23T17:03:41+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Thu, 24 Aug 2023 17:03:41 GMT

POST
H2 204 events
bidder.criteo.com/csm/ 0
220 B 49ms
48ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.buhoblik.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 24 Aug 2022 03:57:16 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://www.buhoblik.org.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H/1.1 204
No Content ev_prebid.aspx
inv-nets.admixer.net/ 0
220 B 106ms
54ms Image
text/plain 146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/ev_prebid.aspx?cc=DE&am-uid=ce46d23ac90a48b683376c16b4936f4e&zone=DAB6BE62-B1E7-4D05-A12C-0A70B3291504&device=28&rule=A115463E-E95D-4D45-91E3-2BE636EF4375&requestId=955f9292-813a-422d-ab9e-03d42b6fdeff&hp=-967666016&page=www.buhoblik.org.ua%2F&segments=5%2C2%2C495&ts=637969102365643564&ap=MA%3D%3D&asign=1315190295&sync=3%2C88&bt=3&carr=Core-Backbone&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=1A4D80BD-B81F-427C-A6F6-12DD363AA495&inst=ADS-EU-7&pxl=0&pvid=b73520eb-351e-49cf-9277-4655a1f5c132&ip=82.199.130.42&item=B980198E-7D27-4345-9615-F31943C77F0C&crid=B980198E-7D27-4345-9615-F31943C77F0C&size=240x400&profile=346392F6-218B-4A4F-8151-E8B46F15EB2A&isopt=0&adv=Criteo+RU&dsp=Criteo+DE&dstUrl=http%3A%2F%2F&cet=18&sw=[e=screen.width]&sh=[e=screen.height]

Requested by

Host: www.buhoblik.org.ua
URL: https://www.buhoblik.org.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 24 Aug 2022 03:57:17 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012208081650000/ Frame B055 220 KB
61 KB 187ms
54ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1661313435&psa=0&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436349&bpp=1&bdt=509&idt=202&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=oS5BPArR8f&p=https%3A//www.buhoblik.org.ua&dtd=205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2e5722cf0b8d8df31200550801d755733c56d9ca2758b7041fbed009e0c9d08

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117844
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61502
x-xss-protection: 0
server: sffe
date: Mon, 22 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "df13b0b17adb5918"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 22 Aug 2023 19:13:13 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame B055 14 KB
5 KB 279ms
146ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1661313435&psa=0&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436349&bpp=1&bdt=509&idt=202&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=oS5BPArR8f&p=https%3A//www.buhoblik.org.ua&dtd=205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e14ddde632bad66a3f79d6dc2c6a212d3b1b5cd8100cb6b73984b8797c5ed86

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117844
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5197
x-xss-protection: 0
server: sffe
date: Mon, 22 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aca8368210f82021"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 22 Aug 2023 19:13:13 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame B055 94 KB
28 KB 285ms
154ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-analytics-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1661313435&psa=0&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436349&bpp=1&bdt=509&idt=202&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=oS5BPArR8f&p=https%3A//www.buhoblik.org.ua&dtd=205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70fa25d0cd4744b6b91054ad55e3e931dad31cc85915b13e33e4e674426c7cc1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117844
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28794
x-xss-protection: 0
server: sffe
date: Mon, 22 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cc093c4134ec5f1e"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 22 Aug 2023 19:13:13 GMT

GET
H2 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame B055 72 KB
16 KB 315ms
185ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-animation-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1661313435&psa=0&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436349&bpp=1&bdt=509&idt=202&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=oS5BPArR8f&p=https%3A//www.buhoblik.org.ua&dtd=205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

902565ce7f27f6e504ee3790458fa3e9137a1c2b3d63d58ce6cd2fbcbf9db7ca

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 125376
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16649
x-xss-protection: 0
server: sffe
date: Mon, 22 Aug 2022 17:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0cc7ecc69c61be2b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 22 Aug 2023 17:07:41 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame B055 5 KB
2 KB 304ms
174ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-fit-text-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1661313435&psa=0&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436349&bpp=1&bdt=509&idt=202&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=oS5BPArR8f&p=https%3A//www.buhoblik.org.ua&dtd=205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec61d9fd1b3609a3a53f377ed07059c3dc7d2cb1502022e0623b4ebc1ea0f35e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117844
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
date: Mon, 22 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ef17e6cba96d5668"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 22 Aug 2023 19:13:13 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame B055 40 KB
13 KB 305ms
176ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-form-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1661313435&psa=0&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436349&bpp=1&bdt=509&idt=202&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=oS5BPArR8f&p=https%3A//www.buhoblik.org.ua&dtd=205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d200dc372fb333c0ca488fba2a569a686cbf5f1ba0cc0544a4a8c96a4f91de3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117844
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12948
x-xss-protection: 0
server: sffe
date: Mon, 22 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08e07a681963ea9f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 22 Aug 2023 19:13:13 GMT

GET
H2 200 uk.png
tpc.googlesyndication.com/pagead/images/abg/ Frame B055 3 KB
3 KB 144ms
127ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/uk.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1661313435&psa=0&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436349&bpp=1&bdt=509&idt=202&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=oS5BPArR8f&p=https%3A//www.buhoblik.org.ua&dtd=205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 09:25:21 GMT
x-content-type-options: nosniff
server: cafe
age: 66716
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14587847488922671356
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3073
x-xss-protection: 0
expires: Wed, 24 Aug 2022 09:25:21 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame B055 344 B
474 B 143ms
127ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1661313435&psa=0&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436349&bpp=1&bdt=509&idt=202&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=oS5BPArR8f&p=https%3A//www.buhoblik.org.ua&dtd=205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 09:25:19 GMT
x-content-type-options: nosniff
server: cafe
age: 66718
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6766994032117382215
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Wed, 24 Aug 2022 09:25:19 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B055 0
21 B 102ms
101ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CxabTnKEFY4utK5TexgOwtYPgBbinpoFs7rSDsYwQpIiFngsQASDn5PIWYJX68IGMB6AB8O6B4QPIAQmpAsaFSCvGt7A-qAMByAMIqgT1AU_QBVbKkFKWH3NnDbBCIXhhINfrDG3LZ1xrz--DfPRIPim_st_qT3FKlVKcY1kTz6ea_SoeBfhPlPEzXAm8f3jD0Y3rvxml9ukeGlTR-pxFJiL5jR2b41TUEZQWMFUZnodgxJeaYNu83AP_mmFStw5FWhDdBHWFiN7GctyhCApFP5juJhtKGQJ0kdBGdsvVmtvJ3hi6iY8An46BHdmBGqpYscbqiQ5t7_ELr4iE0A5FuoGwq5bT_fviDxzj4CleQmBFZmz6nwl2gUYVCeNAki_lyc0lh1PsxaRFVSgxaX2lwvJ4oW5os8M0_0s7APS2Lvf9WzCPwAT_ycWwyAOSBQQIBBgBkgUECAUYBKAGLoAH-JD-HqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEENa_CdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMK0BUBmBYBgBcBshccChoIABIUcHViLTU2MzA5NTY3NjYyMTY0NjUYAA&sigh=j12Rk0rqSUk&uach_m=[UACH]&template_id=419

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1661313435&psa=0&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436349&bpp=1&bdt=509&idt=202&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=oS5BPArR8f&p=https%3A//www.buhoblik.org.ua&dtd=205

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9722638899&adk=717558426&adf=3992750170&pi=t.ma~as.9722638899&w=336&lmt=1661313435&psa=0&format=336x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436349&bpp=1&bdt=509&idt=202&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=1934&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=oS5BPArR8f&p=https%3A//www.buhoblik.org.ua&dtd=205
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 24 Aug 2022 03:57:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 24 Aug 2022 03:57:17 GMT

GET
DATA 200
OK truncated
/ Frame B055 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a09a2106b08e8139055dff522ef9c698fd7c02d4ce9041dbf103bc1f6eaf6b13

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B055 56 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e5eb27dce9681337b02a363fa1ffb28b0889ced23e0eba592fea3db0f76d2417

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ Frame B055 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c4bb4b37f05bc5752d618ab4828f2a6749b9046ddec75fbc50d7943befd31e6

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B055 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 863becff90bf1df06057ece7de31b1873e4b7a56e7b5b2e2d8b48fd10b44c228

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B055 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d130141331999d0830ff4d31900720d58382d820f5a6df810780193a4cb0eccc

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B055 879 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bda0abf7f8615298475242a005ccfc0bfe887c43a71555288c4fd42d42d380f8

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B055 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f44a512b87b9a63da9b969a44054d0264649b776d682894db413f1d3c45aa28

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css2
fonts.googleapis.com/ Frame E210 112 KB
29 KB 178ms
67ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=M+PLUS+Rounded+1c:wght@700&display=swap

Requested by

Host: telegram.org
URL: https://telegram.org/css/widget-frame.css?62

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f1c5e16c3abc728ef3c7eb1ff66fc5b15f08232156bae6493e37becbd1b2f01d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://telegram.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 24 Aug 2022 03:35:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 24 Aug 2022 03:57:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 24 Aug 2022 03:57:17 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BA11 143 B
163 B 54ms
53ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=6954100132&adk=3374070490&adf=4207227173&pi=t.ma~as.6954100132&w=730&fwrn=4&fwrnh=100&lmt=1661313435&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436350&bpp=1&bdt=510&idt=208&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C730x280%2C336x280&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=3773&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEebr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=oxaeqaC5ol&p=https%3A//www.buhoblik.org.ua&dtd=211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 2759
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Wed, 24 Aug 2022 03:11:18 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 327B 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1d8aa8731db383e7245f7e0bec28bc577b5ce4aea013dd45b85100caeb452cf

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9AD4 143 B
163 B 56ms
54ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5630956766216465&output=html&h=280&slotname=9597306129&adk=3078983205&adf=3223326304&pi=t.ma~as.9597306129&w=730&fwrn=4&fwrnh=100&lmt=1661313435&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fwww.buhoblik.org.ua%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661313436347&bpp=2&bdt=507&idt=188&shv=r20220822&mjsv=m202208220101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7389845460158&frm=20&pv=1&ga_vid=999373255.1661313436&ga_sid=1661313436&ga_hid=913968283&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=310&ady=361&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069108&oid=2&pvsid=68993090492272&tmod=1553070728&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=E7ftvUNTu1&p=https%3A//www.buhoblik.org.ua&dtd=194
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 2759
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Wed, 24 Aug 2022 03:11:18 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 54AE 9 KB
3 KB 194ms
83ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 09:41:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65739
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 24 Aug 2022 09:41:38 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 54AE 26 KB
10 KB 180ms
70ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 16:14:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42180
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 24 Aug 2022 16:14:17 GMT

GET
H3 200 e6f40d138158e41bbc4290d1d8f9ae48.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/ Frame 54AE 84 KB
22 KB 197ms
88ms Script
application/x-javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/e6f40d138158e41bbc4290d1d8f9ae48.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63b31da7c560861dc044a6b35c1b51b9664daf1008174e88053ca298a429c8ac

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 3985
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22268
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
server: sffe
date: Wed, 24 Aug 2022 02:50:52 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 02:50:52 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame A210 9 KB
3 KB 156ms
53ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 09:41:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65739
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 24 Aug 2022 09:41:38 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame A210 26 KB
10 KB 160ms
57ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 16:14:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42180
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 24 Aug 2022 16:14:17 GMT

GET
H3 200 e6f40d138158e41bbc4290d1d8f9ae48.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/ Frame A210 84 KB
22 KB 212ms
110ms Script
application/x-javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/e6f40d138158e41bbc4290d1d8f9ae48.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63b31da7c560861dc044a6b35c1b51b9664daf1008174e88053ca298a429c8ac

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 3985
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22268
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
server: sffe
date: Wed, 24 Aug 2022 02:50:52 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 02:50:52 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BA11
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

68ms
68ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 03:57:17 GMT
expires: Wed, 24 Aug 2022 03:57:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 03:57:17 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9AD4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

79ms
78ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 03:57:17 GMT
expires: Wed, 24 Aug 2022 03:57:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 03:57:17 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F09B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3fbdef2fecbce49eba0eb48b871b4b78e0517f50cd9e5c7e31b9aaeaf90fdb87

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012208081650000/ 23 KB
8 KB 163ms
54ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/amp4ads-host-v0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4139220cef70b0dc6ec26232020d4ddb52acef1afcbf2e5b32ed00b7eef62ec7

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 125375
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7850
x-xss-protection: 0
server: sffe
date: Mon, 22 Aug 2022 17:07:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9cd8ef75d108969b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 22 Aug 2023 17:07:42 GMT

GET
H2 200 F09F9384.png
telegram.org/img/emoji/40/ Frame E210 1 KB
2 KB 63ms
62ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F9384.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 73e19dfae69969fd67f8ff0960f10e6d9620d7a0652f6875cdfbfa2a1fbfc897

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-5de"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1502
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 F09F968C.png
telegram.org/img/emoji/40/ Frame E210 2 KB
2 KB 63ms
62ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F968C.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: b87673d5f4085602ca52a2a9f1e923a436cfd682dce3050cf78fb11630e8f682

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-82a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 2090
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 E29C85.png
telegram.org/img/emoji/40/ Frame E210 2 KB
2 KB 63ms
62ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E29C85.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: d097bda59092b06b5bb3051bbef1791e8a7fc533a5aa62e40e898b3ec9308249

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-666"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1638
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 F09F9497.png
telegram.org/img/emoji/40/ Frame E210 3 KB
3 KB 63ms
63ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F9497.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: acc016d92200ab69a1bf453f9db6ceaf6d4ee6fe0db09e3db7fb8da82b781d68

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-add"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 2781
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
DATA 200
OK truncated
/ Frame E210 683 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9f40990683165a6c0b9eabab4ffbb1b6a2fb9617b2fe3101ee64299245dfe743

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame E210 15 KB
16 KB 170ms
55ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://xn--r1a.website
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 19:07:55 GMT
x-content-type-options: nosniff
age: 118162
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Aug 2023 19:07:55 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame E210 16 KB
16 KB 185ms
70ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://xn--r1a.website
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:56:05 GMT
x-content-type-options: nosniff
age: 140472
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Aug 2023 12:56:05 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ Frame E210 10 KB
10 KB 229ms
117ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://xn--r1a.website
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:55:48 GMT
x-content-type-options: nosniff
age: 140489
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9840
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Aug 2023 12:55:48 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ Frame E210 9 KB
10 KB 241ms
130ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://xn--r1a.website
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 18:17:14 GMT
x-content-type-options: nosniff
age: 121203
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9628
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Aug 2023 18:17:14 GMT

GET
H2 200 VdGBAYIAV6gnpUpoWwNkYvrugw9RuM064ZsPrfqk33YqOjLBxkUhdkeuqyIMwGYkDA.119.woff2
fonts.gstatic.com/s/mplusrounded1c/v15/ Frame E210 18 KB
18 KB 250ms
140ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/mplusrounded1c/v15/VdGBAYIAV6gnpUpoWwNkYvrugw9RuM064ZsPrfqk33YqOjLBxkUhdkeuqyIMwGYkDA.119.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=M+PLUS+Rounded+1c:wght@700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

319eb578634347f8bd6df61778b659ebe74e827b6395e114b084c3dbe613d854

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://xn--r1a.website
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 23:09:07 GMT
x-content-type-options: nosniff
age: 103690
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18600
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:31:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Aug 2023 23:09:07 GMT

GET
H2 200 E29C8F.png
telegram.org/img/emoji/40/ Frame E210 2 KB
2 KB 91ms
88ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E29C8F.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 53566fb30e9e4d17a6e90a1a2ab4c8ccd41c26342e4fc486788bc457fc7266a3

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-7fc"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 2044
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 E280BC.png
telegram.org/img/emoji/40/ Frame E210 1 KB
1 KB 91ms
89ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E280BC.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 4a003dc58f3e95a18e44712b9161181319e6a40613242cbcac158f6dc8d7339d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-4a6"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1190
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 F09FA5B8.png
telegram.org/img/emoji/40/ Frame E210 3 KB
3 KB 92ms
89ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09FA5B8.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 03bc0839c4ab84b2a470323f210bbf6762272651496b746d6a0e122bc66906ea

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Wed, 13 Jan 2021 21:25:08 GMT
server: nginx/1.18.0
etag: "5fff6534-c9c"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 3228
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 E296B6.png
telegram.org/img/emoji/40/ Frame E210 2 KB
2 KB 92ms
90ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E296B6.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: cf834601aa3e59f6a61453790dc88447b3d3910cc297be5f7891c41cc0ca21e9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-67a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1658
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 ElHIuh1txxl2cgmuIm0zcyHsvjQjhBzxJmxrvu6aFJ0XqmKh-PD6k61FIbjt-jIOyPUpD843aiblFz44aHUTRBcmyhASM-Nx1NboRv2lQ6JNjCZ1hSsgorIVvdLFPp6tgzE9ZpFslmaWMSWfykB8xEW5Xnsbt5NOlUf3NmuQkmGBI-L2DS9ALTFXQYaJR4Jt-8cJw...
cdn4.telegram-cdn.org/file/ Frame E210 62 KB
62 KB 320ms
232ms Image
image/jpeg 34.111.35.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/ElHIuh1txxl2cgmuIm0zcyHsvjQjhBzxJmxrvu6aFJ0XqmKh-PD6k61FIbjt-jIOyPUpD843aiblFz44aHUTRBcmyhASM-Nx1NboRv2lQ6JNjCZ1hSsgorIVvdLFPp6tgzE9ZpFslmaWMSWfykB8xEW5Xnsbt5NOlUf3NmuQkmGBI-L2DS9ALTFXQYaJR4Jt-8cJwqNv4LvGRUkptVO6k20PY0uC5WZGQlMdSk8V-TMlfVfJb5WU7WASnpyD6f2-0NgGVueWLpCTnVrioGNu-1Q9M_zhOTx-3bVSTkLU78AVgIKSwYv1s00WJzZLi3yclSjt5kNR0SwqJiPtfJKZPA.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

cf0f1054753e54c01e2d62f781173937b612a839aaafa2902316b321e5948b51

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; sandbox
via: 1.1 google
x-content-type-options: nosniff
date: Wed, 24 Aug 2022 03:57:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63784
x-xss-protection: 1; mode=block
server: nginx/1.18.0
x-frame-options: DENY
etag: "2e2b5149703a228b80fc7a37de38d0e2de3191a9"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 vVgpfU7RpwNtddxyqEx9kqiDp1RwkIUUP-lFh1ma9l4eJZDe_F52lC9vMKCYTO0o-ktK_TgMKHYdwIIaWMOXmkAEtjQxa5CYQ4vLYvpV5iZkzIET6Y0Hpfvf0WBYC2AxG1Tg9HrLhHPCY0Wd8qUhxlOOQWuRn4Rk8cLFvXIwd6mm8dtFRl3iIfVWYMQgbh0f0X0ZL...
cdn4.telegram-cdn.org/file/ Frame E210 166 KB
166 KB 291ms
203ms Image
image/jpeg 34.111.35.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/vVgpfU7RpwNtddxyqEx9kqiDp1RwkIUUP-lFh1ma9l4eJZDe_F52lC9vMKCYTO0o-ktK_TgMKHYdwIIaWMOXmkAEtjQxa5CYQ4vLYvpV5iZkzIET6Y0Hpfvf0WBYC2AxG1Tg9HrLhHPCY0Wd8qUhxlOOQWuRn4Rk8cLFvXIwd6mm8dtFRl3iIfVWYMQgbh0f0X0ZLUKtyuALpa7Pl7dp8_afLwUZDW2TD5UsscH68J94goQv9PsQnOiz1qnjPX2iUqe1PhInRaUUDo_Ari_hso9ilAY19DmZ9qO07QcgkrpOSva_TU1N-NVn9mpY4DhkMM9tRMV6iPbxRry6b4dO_g.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

8cd518f395ceb37e9a829bda5794c6bbbf8531b21b3d211f1e004573acc9edbb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; sandbox
via: 1.1 google
x-content-type-options: nosniff
date: Wed, 24 Aug 2022 03:57:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 169794
x-xss-protection: 1; mode=block
server: nginx/1.18.0
x-frame-options: DENY
etag: "a56ea5756f5be99edaa0a537cacb1f4f94469f4a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 F09F96A5.png
telegram.org/img/emoji/40/ Frame E210 1 KB
2 KB 60ms
59ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F96A5.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 25acfe84806b66b7cd6fa3c4f94183e78a32025415c2bd01d3dfb16340ab2e47

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-595"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1429
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 XDvBgFYzct8pWITTSau--Y7SavgOeF3JOWWR47LMIzuTt-HcZfLi_grT5JmRqAldIvokwEhSnt22bAxORqbshgAsS2zp67szkF2PksmCRp9KjgLQKv4kjulvWwJtgbFa1SQNGyLYSFQBy5UzHd6k_NDD5Z1kMZ88qQO4OpTmoqc9_732ZZ4kpExZiY5Em6OPm0bCb...
cdn4.telegram-cdn.org/file/ Frame E210 100 KB
100 KB 174ms
127ms Image
image/jpeg 34.111.35.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/XDvBgFYzct8pWITTSau--Y7SavgOeF3JOWWR47LMIzuTt-HcZfLi_grT5JmRqAldIvokwEhSnt22bAxORqbshgAsS2zp67szkF2PksmCRp9KjgLQKv4kjulvWwJtgbFa1SQNGyLYSFQBy5UzHd6k_NDD5Z1kMZ88qQO4OpTmoqc9_732ZZ4kpExZiY5Em6OPm0bCbjLXqxoS34t5MBFFLB6-jm3O_LBAX4wRo7z64xXvTVMt_kJ6Gg2JWmyoh7r6mRG1tKx1_CjDogrU46ueoHWvX9aAkY7dgcV0_o_9oW6zRHQggAT8_9R8aF16AuEseE61QR3z6NoYZ1faotyIOg.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

c1c4a7e98f5ffbfd019d18b00036671b4a3aa558427fe4394a794d60aef00f41

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; sandbox
via: 1.1 google
x-content-type-options: nosniff
date: Wed, 24 Aug 2022 03:57:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 102241
x-xss-protection: 1; mode=block
server: nginx/1.18.0
x-frame-options: DENY
etag: "52d9b14323154d893dc8d488c8ad1b31e72d364a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 E28FB0.png
telegram.org/img/emoji/40/ Frame E210 4 KB
4 KB 61ms
60ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E28FB0.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 32ae77196cf412d763b87b2aa85b038f536201a0df7164ed74581402b4733511

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-10e4"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 4324
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 F09F938C.png
telegram.org/img/emoji/40/ Frame E210 2 KB
2 KB 61ms
61ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F938C.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 1e46e48a837d9ff05a193956ee173159b7b1d360581c822844e9dbfbca6c9bf6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-905"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 2309
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 YoSjreKVN5ico7krZ5Q305p8sSyWrTF8cMNBIgF1kcsNthGcf5UB5AVydXh6xAqkSkf6RVrF6y7dzGUHgX-1QDBwbd613HOo_MUdlHYH1N2al4hoaMQILVsPh_wkpbNiQXSSMQ47EtO43xkLVi6dLX0SAyQRKoGpYL-xg7U2WaIirBc4Y30YxjG4UpeGK0k1gvBia...
cdn4.telegram-cdn.org/file/ Frame E210 124 KB
124 KB 151ms
105ms Image
image/jpeg 34.111.35.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/YoSjreKVN5ico7krZ5Q305p8sSyWrTF8cMNBIgF1kcsNthGcf5UB5AVydXh6xAqkSkf6RVrF6y7dzGUHgX-1QDBwbd613HOo_MUdlHYH1N2al4hoaMQILVsPh_wkpbNiQXSSMQ47EtO43xkLVi6dLX0SAyQRKoGpYL-xg7U2WaIirBc4Y30YxjG4UpeGK0k1gvBiam2la-atolei-cQBj6xC3srAZMVMGQHCgLdH4E0Pla0y7BU8s4SgtNoAprSCyNh488SbDYv2yyM0cmLYJbJ3J-h4tsS1-t0J5iHlGdxbG0Bk3pbmZimnpvuLbeqCfjCdjnC1KC6h2QPWVsZZ0Q.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

933205725b5a22d7dd0ee2d603c9ea51ca925dbb09ea3b62f074007e2ab4d335

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; sandbox
via: 1.1 google
x-content-type-options: nosniff
date: Wed, 24 Aug 2022 03:57:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127077
x-xss-protection: 1; mode=block
server: nginx/1.18.0
x-frame-options: DENY
etag: "3ec09c51ecde660f93d4904f7ca538a078d1672b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 gcn_Fx77-aKaDoLmv9fAAkp4RYJ6DoxTYPicVMNArvevDwn0MWcSb3JSNDnEBBUuQGj4pnCsT7JUsHb0DR23SCjPcFN4yP5OZnMnysHW11IIIS8Kn-rjQugFyA9sDLuzHyMVr9lV4HQsEa-B2V0SCGPMLtcePoEvxiFOCqldXGeKDeNb-DlwgJL8DnBTXEJtclWDF...
cdn4.telegram-cdn.org/file/ Frame E210 71 KB
71 KB 267ms
221ms Image
image/jpeg 34.111.35.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/gcn_Fx77-aKaDoLmv9fAAkp4RYJ6DoxTYPicVMNArvevDwn0MWcSb3JSNDnEBBUuQGj4pnCsT7JUsHb0DR23SCjPcFN4yP5OZnMnysHW11IIIS8Kn-rjQugFyA9sDLuzHyMVr9lV4HQsEa-B2V0SCGPMLtcePoEvxiFOCqldXGeKDeNb-DlwgJL8DnBTXEJtclWDFG_yh4tIfLfPytnDdSEILXYf1djL2iBdbgBpWLxXa_Nx-QzTouBREw79vUGUFiAOXC1qAgxBxfpcd1Nc_7m6Yt2WH-iQ0S3GmtoOWIm2xb4afFtEdV8sm-S2-JqiCe4kUq-VsHgzm9HN3z3FXA.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

dabffe4a0b71d6abf83cc82c3ed7fcda4cc3582a4197e026117f2dc99c1dde3c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; sandbox
via: 1.1 google
x-content-type-options: nosniff
date: Wed, 24 Aug 2022 03:57:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72546
x-xss-protection: 1; mode=block
server: nginx/1.18.0
x-frame-options: DENY
etag: "abb30017fd4e5d5179d0189b465a263e33c2a12d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 E28FB1.png
telegram.org/img/emoji/40/ Frame E210 3 KB
4 KB 61ms
60ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/E28FB1.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: b7b093955e7487be1bbec86d8a7ab2012c4716b5cf31b2b6df500edc04c06255

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-d5a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 3418
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 F09F9385.png
telegram.org/img/emoji/40/ Frame E210 2 KB
2 KB 61ms
61ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F9385.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 5abe4ec1b14120ec963c7bec8267ed0bbdcd52694f48daf0f1a57279748a1c6a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-7f3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 2035
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 F09F92BB.png
telegram.org/img/emoji/40/ Frame E210 2 KB
2 KB 61ms
61ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F92BB.png
Requested by: Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 26345a9625172670562d7ab2395db6bd15311e0f6cf5e66f2b4478bd994a7f6d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-71b"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 1819
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H2 200 jMFIMFd-t2VJBNHIhayRCsxZCxDhUM9I4w0cCbP0z7OjpgB6xI2WLdPb8DoKNam1MyH_Hl1077lUPKpl21VA78EkCnjJ2teVGj6RKSV1eIuWavToVvxx9cZHnlvsr7oD5j5Ut-hK6jWsrgXDlzma7SRlMHjzklI0G6BbF2m4QYORuHMaPKtB4y9C-jDnHmTh6jooz...
cdn4.telegram-cdn.org/file/ Frame E210 111 KB
112 KB 255ms
255ms Image
image/jpeg 34.111.35.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/jMFIMFd-t2VJBNHIhayRCsxZCxDhUM9I4w0cCbP0z7OjpgB6xI2WLdPb8DoKNam1MyH_Hl1077lUPKpl21VA78EkCnjJ2teVGj6RKSV1eIuWavToVvxx9cZHnlvsr7oD5j5Ut-hK6jWsrgXDlzma7SRlMHjzklI0G6BbF2m4QYORuHMaPKtB4y9C-jDnHmTh6joozfNvE0x5fOBFYeW5TAALVhrtk2mHeqCC7MoiC5ygyp7j7yt-8SUgptdkdbuNVDdZ15DEMppGPOHmCtJhXy3jf_NTAbj90qzCUGBY22-f4LJrMPglLvjkXNxwnFWDWQfESbnU86YlGf1R20waCw.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

3ab6bdc45b9e7ecded30d4f1c7b2215e990f446f331d3b646dffd6bb2c081c1c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; sandbox
via: 1.1 google
x-content-type-options: nosniff
date: Wed, 24 Aug 2022 03:57:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 114107
x-xss-protection: 1; mode=block
server: nginx/1.18.0
x-frame-options: DENY
etag: "776bbe9870fa58d9602df6d056a2227030b36098"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 Hmy-LKbwYUcbOUP2n70IifUK71w8eWf4dL64NT3M_pMs3VqY8yn-7sri-P-sKaKQ3baKOy7Q1Xp2zN-JEhuOazRJXgNG-C4BYCapmvQ9bmrf3Rf-MO1wqJshIDKA9xmSef1tVHkSkqjD87Vuy8rWxb_E21IaNv9BgZAcYYrmdIxp83Z9paU_gYGnrSfNZJBJRvxIR...
cdn4.telegram-cdn.org/file/ Frame E210 74 KB
74 KB 65ms
65ms Image
image/jpeg 34.111.35.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/Hmy-LKbwYUcbOUP2n70IifUK71w8eWf4dL64NT3M_pMs3VqY8yn-7sri-P-sKaKQ3baKOy7Q1Xp2zN-JEhuOazRJXgNG-C4BYCapmvQ9bmrf3Rf-MO1wqJshIDKA9xmSef1tVHkSkqjD87Vuy8rWxb_E21IaNv9BgZAcYYrmdIxp83Z9paU_gYGnrSfNZJBJRvxIRBjdwoVNCTp5etGdJGPrF5t1VKpnWY8Rmn_dq68dZlZ3AS09VUJ8MUQV7V4qwI7-anGBopEdmCLcb-jI6M10M5KpJKvplARghMrsxKIVKWA1LhuU-qRRTcMfS2S-1Nj6brrRBcFhrOMO17_Skg.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

1d08840a75c155fca6642bcc3d7ecc34497f6e0d19d030b1f2e0e249c753cfa3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; sandbox
via: 1.1 google
x-content-type-options: nosniff
date: Wed, 24 Aug 2022 03:57:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75518
x-xss-protection: 1; mode=block
server: nginx/1.18.0
x-frame-options: DENY
etag: "b6ef20de73f0107d5f6e8727b2951a9fcf7b3174"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 qpDs6Mf2noT6y9cnqRv9c5XnuUfV5o6UQaBndD3Sx9uEu2iXmY_RdkP1F5vHzZytgNO1pPmnayPmX7R3slnNZAHa6QHYUVv-5lMnI8XY1SMDXcLg1kXQkxyIavAc8p0CaA6oS11DX66piFkm3SZaixo5sw-d8gh7lC4xcRSsCsQv5v6GU93YmLWw8tdIx4Ss6u2oN...
cdn4.telegram-cdn.org/file/ Frame E210 59 KB
59 KB 282ms
281ms Image
image/jpeg 34.111.35.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/qpDs6Mf2noT6y9cnqRv9c5XnuUfV5o6UQaBndD3Sx9uEu2iXmY_RdkP1F5vHzZytgNO1pPmnayPmX7R3slnNZAHa6QHYUVv-5lMnI8XY1SMDXcLg1kXQkxyIavAc8p0CaA6oS11DX66piFkm3SZaixo5sw-d8gh7lC4xcRSsCsQv5v6GU93YmLWw8tdIx4Ss6u2oNEDB2aMCLkVtqkbyx_WpdzKJheKXO8OQyx_SIxm8ec-smDkE0OSj97ucFtIef-rjbw06py54Oj3KLU1rpKb9RzOponFxT0wOU24TU1GSxDYlSCRX5LP34ccXnceJwbg2MeLE0FA53Zn0sRhezA.jpg

Requested by

Host: xn--r1a.website
URL: https://xn--r1a.website/s/buhoblik_org_ua

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

536dab3f6cefa51f81e172ead35c79e2de704da110f4ee6e8286c3fa782467f2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://xn--r1a.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; sandbox
via: 1.1 google
x-content-type-options: nosniff
date: Wed, 24 Aug 2022 03:57:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60176
x-xss-protection: 1; mode=block
server: nginx/1.18.0
x-frame-options: DENY
etag: "d8a30d193d651c7f503ab8ed688505e5c21a7241"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 pattern.svg
telegram.org/img/tgme/ Frame E210 225 KB
81 KB 62ms
62ms Image
image/svg+xml 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/tgme/pattern.svg
Requested by: Host: telegram.org
URL: https://telegram.org/css/telegram-web.css?33
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: daa086b24cbd2610eb3261446100ff513a4526c5b2bce41e758629f5cd8a6a20

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://telegram.org/css/telegram-web.css?33
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:17 GMT
content-encoding: gzip
last-modified: Thu, 03 Mar 2022 09:45:08 GMT
server: nginx/1.18.0
etag: W/"62208e24-385d7"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=345600
expires: Sun, 28 Aug 2022 03:57:17 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 54AE 2 KB
540 B 63ms
62ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/e6f40d138158e41bbc4290d1d8f9ae48.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0e53fe7669a287b3f57bb942dcf1a1fc61c969891ddce211874c475996f8a029

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 24 Aug 2022 03:01:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 24 Aug 2022 03:57:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 24 Aug 2022 03:57:17 GMT

GET
H3 200 633e088a3898f921f6ac27a5a5710983.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/ Frame 54AE 35 KB
35 KB 54ms
54ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/633e088a3898f921f6ac27a5a5710983.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae93617b5e5757d71c80aaa8917cd5ab2614a6e3e000f39bca95c7eaac3c13b4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 7777
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35608
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
server: sffe
date: Wed, 24 Aug 2022 01:47:40 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 01:47:40 GMT

POST
H/1.1 200
OK / Show response
xn--r1a.website/v/ Frame E210 4 B
349 B 206ms
206ms XHR
application/json 95.216.186.40
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://xn--r1a.website/v/

Requested by

Host: telegram.org
URL: https://telegram.org/js/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.216.186.40 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.40.186.216.95.clients.your-server.de

Software

nginx /

Resource Hash

b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Security Headers

Name	Value
Strict-Transport-Security	max-age=35768000

Request headers

Accept: */*
Referer: https://xn--r1a.website/s/buhoblik_org_ua
X-Requested-With: XMLHttpRequest
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 24 Aug 2022 03:57:17 GMT
Content-Encoding: gzip
Server: nginx
Strict-Transport-Security: max-age=35768000
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-control: no-store
Transfer-Encoding: chunked
Connection: keep-alive

GET
H3 200 633e088a3898f921f6ac27a5a5710983.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/ Frame A210 35 KB
35 KB 54ms
53ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/633e088a3898f921f6ac27a5a5710983.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/e6f40d138158e41bbc4290d1d8f9ae48.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae93617b5e5757d71c80aaa8917cd5ab2614a6e3e000f39bca95c7eaac3c13b4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 7777
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35608
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
server: sffe
date: Wed, 24 Aug 2022 01:47:40 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 01:47:40 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame A210 2 KB
540 B 63ms
63ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/e6f40d138158e41bbc4290d1d8f9ae48.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0e53fe7669a287b3f57bb942dcf1a1fc61c969891ddce211874c475996f8a029

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 24 Aug 2022 03:57:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 24 Aug 2022 03:57:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 24 Aug 2022 03:57:17 GMT

GET
H3 200 633e088a3898f921f6ac27a5a5710983.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/ Frame 54AE 35 KB
35 KB 53ms
53ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/633e088a3898f921f6ac27a5a5710983.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae93617b5e5757d71c80aaa8917cd5ab2614a6e3e000f39bca95c7eaac3c13b4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 7777
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35608
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
server: sffe
date: Wed, 24 Aug 2022 01:47:40 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 01:47:40 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 54AE 15 KB
16 KB 166ms
57ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 16:44:52 GMT
x-content-type-options: nosniff
age: 126745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Aug 2023 16:44:52 GMT

GET
H3 200 3127958a0263b7b909ae1c083b5f372b.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/ Frame 54AE 36 KB
36 KB 58ms
58ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/3127958a0263b7b909ae1c083b5f372b.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23fae131bf2450f9e8e54c459daee65cda8fc23c8cd36b8578faff4259a1d59c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 4207
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
server: sffe
date: Wed, 24 Aug 2022 02:47:10 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 02:47:10 GMT

GET
H3 200 3127958a0263b7b909ae1c083b5f372b.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/ Frame A210 36 KB
36 KB 54ms
53ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/3127958a0263b7b909ae1c083b5f372b.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/e6f40d138158e41bbc4290d1d8f9ae48.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23fae131bf2450f9e8e54c459daee65cda8fc23c8cd36b8578faff4259a1d59c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 4207
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
server: sffe
date: Wed, 24 Aug 2022 02:47:10 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 02:47:10 GMT

GET
H3 200 633e088a3898f921f6ac27a5a5710983.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/ Frame A210 35 KB
35 KB 77ms
77ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/633e088a3898f921f6ac27a5a5710983.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae93617b5e5757d71c80aaa8917cd5ab2614a6e3e000f39bca95c7eaac3c13b4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 7777
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35608
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
server: sffe
date: Wed, 24 Aug 2022 01:47:40 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 01:47:40 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A210 15 KB
16 KB 134ms
54ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 16:44:52 GMT
x-content-type-options: nosniff
age: 126745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Aug 2023 16:44:52 GMT

GET
H3 200 hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js Show response
pagead2.googlesyndication.com/bg/ Frame 54AE 36 KB
14 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85df6a888180aa37ac71991e22dc32db0800b427df7aa8a52321a463743f3137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 20:57:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 111574
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14041
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Aug 2023 20:57:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 178ms
69ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220822&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15b77948dc99254f2a625f8a89fc3948b7b2100b85c069d410e0c1ec7b0ec6ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Aug 2022 03:57:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11042
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 09DC 15 KB
6 KB 193ms
64ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.buhoblik.org.ua

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

6e842f654a304fd1eece02a5d588d2a998cc87cc65730b04d1e2c916e3a72a10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6144
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 03:57:17 GMT
server-processing-duration-in-ticks: 2024
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js Show response
pagead2.googlesyndication.com/bg/ Frame A210 36 KB
14 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85df6a888180aa37ac71991e22dc32db0800b427df7aa8a52321a463743f3137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 20:57:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 111574
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14041
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Aug 2023 20:57:43 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 24 Aug 2022 03:57:18 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 09DC
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=buhoblik.org.ua&sn=ChromeSyncframe&so=0&topUrl=www.buhoblik.org.ua&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=4T9_qHwzZDZzNU5PYnVlV0hYcGxQMnBKbzZ0THlvN2s5ZUV3dkFxY1hSWUxYaUlJTEs0V0pzc3hOV2UvSXU3emJsK1BlN09jSjBMR00rangyUDFXRitFNVRVWUJNZkJDNkFraCtBb1ZJVW9KcnV1TGJSNHlBb3Izc3orcE...

439 B
634 B

182ms
59ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=4T9_qHwzZDZzNU5PYnVlV0hYcGxQMnBKbzZ0THlvN2s5ZUV3dkFxY1hSWUxYaUlJTEs0V0pzc3hOV2UvSXU3emJsK1BlN09jSjBMR00rangyUDFXRitFNVRVWUJNZkJDNkFraCtBb1ZJVW9KcnV1TGJSNHlBb3Izc3orcEV4azdBR0RiQkZxN1ZpZk5HalpsL3NMNWY4N3hERnRBL0hHWDUyM1dzS0pQTVF0TzBIVjdKQy9GL0dEZ2dTTGF3MFIwWXFyM25PYlBnMjh2Vm43YUYxSk95T0JoY0VwWW1pZjdsS1NvbVlZV0xaTFBLK2srcTA0d05Kc2NHcTdIcC9EYmQrdkNvSEg5RlBHQ2hrOW91dy9JRmlDak5JUT09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

8e98e9ef3fe9cd26f8b307e29a8fcdd1d927f94165809b78dca197e1a28cb5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 03:57:18 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4266
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 24 Aug 2022 03:57:17 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=4T9_qHwzZDZzNU5PYnVlV0hYcGxQMnBKbzZ0THlvN2s5ZUV3dkFxY1hSWUxYaUlJTEs0V0pzc3hOV2UvSXU3emJsK1BlN09jSjBMR00rangyUDFXRitFNVRVWUJNZkJDNkFraCtBb1ZJVW9KcnV1TGJSNHlBb3Izc3orcEV4azdBR0RiQkZxN1ZpZk5HalpsL3NMNWY4N3hERnRBL0hHWDUyM1dzS0pQTVF0TzBIVjdKQy9GL0dEZ2dTTGF3MFIwWXFyM25PYlBnMjh2Vm43YUYxSk95T0JoY0VwWW1pZjdsS1NvbVlZV0xaTFBLK2srcTA0d05Kc2NHcTdIcC9EYmQrdkNvSEg5RlBHQ2hrOW91dy9JRmlDak5JUT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1483
content-length: 541
expires: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4761 13 KB
5 KB 54ms
53ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 15825
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 23 Aug 2022 23:33:33 GMT
expires: Wed, 23 Aug 2023 23:33:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1307 783 B
535 B 174ms
63ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ca7aafbf3d29ec602aaa2969db0de525c0a12c4a50bb14bf2c6ec6bebd0cebd6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-neGWxOfXryGquQDyElPHzA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.buhoblik.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-neGWxOfXryGquQDyElPHzA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 03:57:18 GMT
expires: Wed, 24 Aug 2022 03:57:18 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 204
No Content logcz.aspx
inv-nets.admixer.net/ 0
220 B 54ms
54ms Image
text/plain 146.0.227.109
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/logcz.aspx?zone=dab6be62-b1e7-4d05-a12c-0a70b3291504

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.109 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 24 Aug 2022 03:57:18 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H3 200 hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js Show response
pagead2.googlesyndication.com/bg/ Frame 4761 36 KB
14 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85df6a888180aa37ac71991e22dc32db0800b427df7aa8a52321a463743f3137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 20:57:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 111575
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14041
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Aug 2023 20:57:43 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F09B 42 B
64 B 90ms
89ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss-d6g98vdIHxgS9KonxuTgiRjuqMNpVhtX2cpg-FTomF-uGmvVij4oNsIidjIWc4k3OLb9fJ2HRAvEXtkQI98sGMjRt3Vd17pXJSE8xlx71wNcp4LqPDXMBF1b6LyZYPtaIGAhMUCyJfta&sai=AMfl-YTlvRNsTXrHCvYbTCIp5lthix9UE2QOYf33cs1sZhORUAOoxkhxdq1G7O2KCeRL_3ALzrut3mJ4F2Tv&sig=Cg0ArKJSzIXdq_s4KCrOEAE&cid=CAQSGwCsnQUxXRYr81QVuH6fRA3zeIww6ZhEbVXR_BgBIA4&id=lidar2&mcvt=1001&p=0,0,188.15625,730&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220822&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=3078983205&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1661313437004&rpt=301&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 03:57:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1307 0
0 88ms
88ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220822&jk=68993090492272&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4761 0
10 B 53ms
53ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?POTsvg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 03:57:18 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 90ms
90ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220822&jk=68993090492272&bg=!xcalxoLNAAYUOm8VNDo7ACkAdvg8WkSFWDw1S821EfalddUZvP6uREjgx1KpkMmpO6AaBpwAEk9bPQIAAABZUgAAAANoAQeZAqoqya4_m6PmmSbbkIkS8IUp4MEwELtwfnKpV6gnqVEYbRS-KYJ4F7XCXI2hAbfSoZOLaocIVwZFFa9s3OTf3qmTf78P7TBZTnRlq8yqOUKGpBbt1VhzxtR_EYsBxBI-M9YNl271e-a8Y0Ck9WRm-KvMDXNWSOkynxzib7dG0x5xBubbHewsbUd4VASxg5LAEGJc02eKQkVp3J89PREDROvK5m_Hdqs8FF1L3Oz6YklBNWpxQkvjXLlUSK85VRTyjalqyGMcYotvnU9UaUhpRNSnCRcgDHu4ROMtjpc1NrWsuAobnuUyJMp704Woby2GzBHU227KriOZK7vbd3XfSoWKc7nM7LzrxfhV2Sf_YmpXqcbpQfEhSR0ThIjRvMagaGKiCR3yMeam1TprisnVgYYDVVsRxozYYP1NGLYzv2ZKu56kSu4aiY463ozVM2fHNOjQZxLLN_ow8zB3ZqXhpYTFLYxMKNolOo3Fqak3RRETTALh3eGgawHu3wymCvKd-Oo_4_8zZ1yy4k0YkoQVseQwRsG8q3kyBk4w4cMV47QjehAfHpHBX9yfQ2HQpMOS6KeigXW5V251pMISG8sUJJTqEqg11hFyijVM_GDc0z-hXCO8Ui-BtQjkHRe_1gJSwuheG-dp674oTgvPH4YaqufdA6LA9qlN_d1rwTxCXvqkhi67tZMAbyWlWv_tqN4Lgs5XFaJ4KsmDvRj8D1QtLAqEPxHJjfGO8z1vrkAlChRsZYaHRsRNUxlGM_enABpFFj4APKs3lvI97H_yNgSdpz9UT2ZVSGMBb68AJW_TqZN3al77uD2Dp6bCo9MYPAOFdvSU6sd5ac21V-1-0I_e05pniJzp_yqnAB6MygytLfxUjM6BCJegGneZDD1itLBQyCYaqPTOpd_aE5-D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.buhoblik.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 3127958a0263b7b909ae1c083b5f372b.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/ Frame 54AE 36 KB
36 KB 54ms
53ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/3127958a0263b7b909ae1c083b5f372b.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23fae131bf2450f9e8e54c459daee65cda8fc23c8cd36b8578faff4259a1d59c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 4210
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
server: sffe
date: Wed, 24 Aug 2022 02:47:10 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 02:47:10 GMT

GET
H3 200 9fbe5a08624347d977dabb53b3c849e6.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/ Frame 54AE 52 KB
52 KB 57ms
57ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/9fbe5a08624347d977dabb53b3c849e6.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

752e1f9f0553e50d5c78aa8edb0ace2502129625d47c811a49dac9d6fdd7ea49

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 4206
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52771
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
server: sffe
date: Wed, 24 Aug 2022 02:47:14 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 02:47:14 GMT

GET
H3 200 9fbe5a08624347d977dabb53b3c849e6.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/ Frame A210 52 KB
52 KB 54ms
53ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/9fbe5a08624347d977dabb53b3c849e6.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/e6f40d138158e41bbc4290d1d8f9ae48.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

752e1f9f0553e50d5c78aa8edb0ace2502129625d47c811a49dac9d6fdd7ea49

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 4206
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52771
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
server: sffe
date: Wed, 24 Aug 2022 02:47:14 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 02:47:14 GMT

GET
H3 200 3127958a0263b7b909ae1c083b5f372b.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/ Frame A210 36 KB
36 KB 58ms
57ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15125906671778944833/media/3127958a0263b7b909ae1c083b5f372b.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23fae131bf2450f9e8e54c459daee65cda8fc23c8cd36b8578faff4259a1d59c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 4210
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 01:11:45 GMT
server: sffe
date: Wed, 24 Aug 2022 02:47:10 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Aug 2023 02:47:10 GMT

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.admixer.net/bs	1970-01-20 07:38:09	Name: am-uid Value: ce46d23ac90a48b683376c16b4936f4e
www.buhoblik.org.ua/	1969-12-31 23:59:59	Name: 54328dacc8285ec61fa19f90fac03db6 Value: a3ac6ca0ad29e50a46dd5fcbca110c7c
.buhoblik.org.ua/	1970-01-20 15:04:33	Name: __utma Value: 21695912.999373255.1661313436.1661313436.1661313436.1
.buhoblik.org.ua/	1969-12-31 23:59:59	Name: __utmc Value: 21695912
.buhoblik.org.ua/	1970-01-20 09:51:21	Name: __utmz Value: 21695912.1661313436.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.buhoblik.org.ua/	1970-01-20 05:28:34	Name: __utmt Value: 1
.buhoblik.org.ua/	1970-01-20 05:28:35	Name: __utmb Value: 21695912.1.10.1661313436
www.buhoblik.org.ua/	1969-12-31 23:59:59	Name: Value: store.test
.admixer.net/	1970-01-20 07:38:09	Name: am-uid Value: ce46d23ac90a48b683376c16b4936f4e
www.buhoblik.org.ua/	1970-01-20 05:38:38	Name: am-uid Value: ce46d23ac90a48b683376c16b4936f4e
.buhoblik.org.ua/	1970-01-20 14:50:09	Name: __gads Value: ID=d4761687fda4458c-22060bce4cd60032:T=1661313436:RT=1661313436:S=ALNI_MbUFqR8Tpwix3OvNTMoNZnNlQvFew
.creativecdn.com/	1970-01-20 14:14:09	Name: u Value: BmSH6ixdpYzVq75ScblY
.creativecdn.com/	1970-01-20 14:14:09	Name: ts Value: 1661313436
.adnxs.com/	1970-01-20 07:38:09	Name: uuid2 Value: 5719374310314969319
xn--r1a.website/	1970-01-20 05:29:59	Name: stel_ssid Value: 9457b51210ab82fc12_7657735096390992131
.bidswitch.net/	1970-01-20 14:14:09	Name: tuuid Value: 8367d5ed-2cb4-4337-9579-ea900c607683
.bidswitch.net/	1970-01-20 14:14:09	Name: c Value: 1661313436
.bidswitch.net/	1970-01-20 14:14:09	Name: tuuid_lu Value: 1661313436
.betweendigital.com/	1970-01-20 14:14:09	Name: dc Value: lux1
.betweendigital.com/	1970-01-20 14:14:09	Name: tuuid Value: 33ce1bc9-5fdf-52ec-b18b-8c0ad28e2d97
.betweendigital.com/	1970-01-20 14:14:09	Name: ss Value: 1
.doubleclick.net/	1970-01-20 14:50:09	Name: IDE Value: AHWqTUmU64UH21svk4ABnNrRO8hPowtt4Z_LkCAqKz8afQiqASYjzPx6GFT-IKlQDv0
.betweendigital.com/	1970-01-20 14:14:09	Name: ut Value: YwWhnQADfoiud191edaaV6AbIutIECj9s2hg-Q==
.doubleclick.net/	1970-01-20 05:28:37	Name: DSID Value: NO_DATA
.criteo.com/	1970-01-20 14:50:09	Name: uid Value: dc30c47a-3196-4dff-bc78-f6f03473fa72
.buhoblik.org.ua/	1970-01-20 14:50:09	Name: cto_bundle Value: a3NsBF9BWDUlMkJRbXg5M1BHd25KSUYlMkZtWXU2QktyVmU2TmNFQXhRdzBlS21zJTJGbUNUWEhuYlJ4VUJGYWNjbEIxdHd6Q3ZvcXd0ZnBBdmt0dnNWJTJGczQ3JTJGWWVaRGVjREloSjclMkIwaExKb2JJcDVMNWx6Y2xwVkFBdzR2bmdIbiUyQkhHYlhoelMxNUc3UndqYVNDV21hYzZZMDVDeXhSdyUzRCUzRA

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.betweendigital.com
adservice.google.com
adservice.google.de
avto-oblik.com.ua
bidder.criteo.com
buhoblik.org.ua
cdn.admixer.net
cdn.ampproject.org
cdn4.telegram-cdn.org
creativecdn.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
image8.pubmatic.com
inv-nets.admixer.net
m.trafmag.com
mug.criteo.com
pagead2.googlesyndication.com
partner.googleadservices.com
ssl.google-analytics.com
static.criteo.net
telegram.org
tpc.googlesyndication.com
www.buhoblik.org.ua
www.google.com
www.google.com.ua
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
xn--r1a.website
142.250.185.98
146.0.227.109
178.250.2.131
178.250.2.146
185.184.8.90
185.64.190.79
185.89.210.180
188.42.196.115
193.200.65.6
2001:41d0:602:8bf::
2001:67c:4e8:f004::9
2a00:1450:4001:801::2003
2a00:1450:4001:802::2002
2a00:1450:4001:802::2003
2a00:1450:4001:803::2002
2a00:1450:4001:806::2004
2a00:1450:4001:80b::2002
2a00:1450:4001:812::2001
2a00:1450:4001:812::200a
2a00:1450:4001:813::2001
2a00:1450:4001:828::2003
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a02:2638::1c
2a02:2638::3
2a03:90c0:41:2801::254
2a06:6440:0:2d02::1
3.125.77.13
34.111.35.152
95.216.186.40
002a93857ca724d4828a347c2b419a56eabfd275f206a5febc48246ccfe5830d
03bc0839c4ab84b2a470323f210bbf6762272651496b746d6a0e122bc66906ea
052155039c13b233f324882bd10dc38150b5bd74fb44f27c0ead4d518fbc901b
0e53fe7669a287b3f57bb942dcf1a1fc61c969891ddce211874c475996f8a029
1083eef8b7598af7e021ae80d04890c3d02220b616f472acc64656ab024ba484
1204bcce82cc2af761e90b1ebf3e19a7a31ba11d0bc5db891850d3599180d3f3
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
15b77948dc99254f2a625f8a89fc3948b7b2100b85c069d410e0c1ec7b0ec6ff
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c4bb4b37f05bc5752d618ab4828f2a6749b9046ddec75fbc50d7943befd31e6
1d08840a75c155fca6642bcc3d7ecc34497f6e0d19d030b1f2e0e249c753cfa3
1da67e20c0a4ac1486f38f01e01cdb805992a3f857ef49dccd9529e6b7571d0c
1e14ddde632bad66a3f79d6dc2c6a212d3b1b5cd8100cb6b73984b8797c5ed86
1e46e48a837d9ff05a193956ee173159b7b1d360581c822844e9dbfbca6c9bf6
1f44a512b87b9a63da9b969a44054d0264649b776d682894db413f1d3c45aa28
2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6
23fae131bf2450f9e8e54c459daee65cda8fc23c8cd36b8578faff4259a1d59c
25acfe84806b66b7cd6fa3c4f94183e78a32025415c2bd01d3dfb16340ab2e47
26345a9625172670562d7ab2395db6bd15311e0f6cf5e66f2b4478bd994a7f6d
281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340
319eb578634347f8bd6df61778b659ebe74e827b6395e114b084c3dbe613d854
3298314069708f10f20d7d8814f5b6461ea6492c2de913927a916a83d65fb3ec
32ae77196cf412d763b87b2aa85b038f536201a0df7164ed74581402b4733511
33fc08bc70eda898647303afaa449535583909178a9fd38b5de055c2a80c2921
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
377d27d86822418762eb956a7d4eec9823d6a9d3fd6f6d3ca0d63fdf374a0b69
3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888
3ab6bdc45b9e7ecded30d4f1c7b2215e990f446f331d3b646dffd6bb2c081c1c
3fbdef2fecbce49eba0eb48b871b4b78e0517f50cd9e5c7e31b9aaeaf90fdb87
4139220cef70b0dc6ec26232020d4ddb52acef1afcbf2e5b32ed00b7eef62ec7
437e2f919345cdc64ce4cc4de32598b6c99b2962f3e209c4c2efe4eeb4db7971
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
4a003dc58f3e95a18e44712b9161181319e6a40613242cbcac158f6dc8d7339d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d1f56b3032e5c392c0a0e812c52d5fcc3da8d9f157d1e21d78434196f58495e
53566fb30e9e4d17a6e90a1a2ab4c8ccd41c26342e4fc486788bc457fc7266a3
536dab3f6cefa51f81e172ead35c79e2de704da110f4ee6e8286c3fa782467f2
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
5abe4ec1b14120ec963c7bec8267ed0bbdcd52694f48daf0f1a57279748a1c6a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69
63b31da7c560861dc044a6b35c1b51b9664daf1008174e88053ca298a429c8ac
680f6e9a0e9f9d8c145e11d6937f688ff4299215d44bf0a54368ffc6acdbfc51
6a82502c1baab28ba6f410aa012fff53bd4f01d8de430e54589e583a0dc3ce80
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6e842f654a304fd1eece02a5d588d2a998cc87cc65730b04d1e2c916e3a72a10
70fa25d0cd4744b6b91054ad55e3e931dad31cc85915b13e33e4e674426c7cc1
734b1760dd6b1371613bc5f380dc18f0d17ef81c0edf4622d5a1400c7ad9518a
73e19dfae69969fd67f8ff0960f10e6d9620d7a0652f6875cdfbfa2a1fbfc897
752e1f9f0553e50d5c78aa8edb0ace2502129625d47c811a49dac9d6fdd7ea49
78a48e60f4c7475dd0cd34df26bf5f6534287bef30278e3d7811d7853dd4a291
7a2710a85d42dbbc7b9c3abab2c254b149d2071e3e7f7051f563c3cc0e436f80
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85df6a888180aa37ac71991e22dc32db0800b427df7aa8a52321a463743f3137
863becff90bf1df06057ece7de31b1873e4b7a56e7b5b2e2d8b48fd10b44c228
88467b23c1044f571783e76997720036df1c0a9925eee5f428c7ff150fa7da56
89c114dc23d61c6b428f26c214e96d1fd49b43c8f777c8fcbb9ffdee7a84d81f
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8c536404c272a95917a8d5e64827b9c1c154cbd29377443d9374540a1d2f42d2
8cd518f395ceb37e9a829bda5794c6bbbf8531b21b3d211f1e004573acc9edbb
8d200dc372fb333c0ca488fba2a569a686cbf5f1ba0cc0544a4a8c96a4f91de3
8dfbfa16c85400143f85eb24eef8df723fd19c190f841c2c5ff22b8d0a5eeb09
8e98e9ef3fe9cd26f8b307e29a8fcdd1d927f94165809b78dca197e1a28cb5ef
902565ce7f27f6e504ee3790458fa3e9137a1c2b3d63d58ce6cd2fbcbf9db7ca
933205725b5a22d7dd0ee2d603c9ea51ca925dbb09ea3b62f074007e2ab4d335
9784d739d5c17552246ac97886dd2455b93bd36df81741e57d408a20c827364e
99c664c6e0f9211430ca24054ef2365aa16aabaa3ca3c3a22674d3fb0c86c1e0
9f40990683165a6c0b9eabab4ffbb1b6a2fb9617b2fe3101ee64299245dfe743
a09a2106b08e8139055dff522ef9c698fd7c02d4ce9041dbf103bc1f6eaf6b13
a3a9666403dd904811c01ba6925d89449b27aa3efe19e86b9d8864d660922fc6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4d35007c83b3689910808811412e63293a2ae2abf1180a2dbaf4b3f7bb91ce9
a4f8d308a537be4d8442135addd3a1637ad70c831ec8d6fb21b460dc392031e3
a9b39f61b9fc42b33e6b37c32685834dc9599875aa3409e85c41d062f348bd13
acc016d92200ab69a1bf453f9db6ceaf6d4ee6fe0db09e3db7fb8da82b781d68
ae93617b5e5757d71c80aaa8917cd5ab2614a6e3e000f39bca95c7eaac3c13b4
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b7b093955e7487be1bbec86d8a7ab2012c4716b5cf31b2b6df500edc04c06255
b87673d5f4085602ca52a2a9f1e923a436cfd682dce3050cf78fb11630e8f682
ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10
bda0abf7f8615298475242a005ccfc0bfe887c43a71555288c4fd42d42d380f8
c1c4a7e98f5ffbfd019d18b00036671b4a3aa558427fe4394a794d60aef00f41
c1d8aa8731db383e7245f7e0bec28bc577b5ce4aea013dd45b85100caeb452cf
c6d254ee6b05a14666952b2b7629dedc518103bfed8a8d6ee0c1cbe28f76c6fd
c79fe4aca7ad01b04807f0432625598e4e9cc7f46556b0e34a3ae84b767a812e
ca7aafbf3d29ec602aaa2969db0de525c0a12c4a50bb14bf2c6ec6bebd0cebd6
cf0f1054753e54c01e2d62f781173937b612a839aaafa2902316b321e5948b51
cf834601aa3e59f6a61453790dc88447b3d3910cc297be5f7891c41cc0ca21e9
d097bda59092b06b5bb3051bbef1791e8a7fc533a5aa62e40e898b3ec9308249
d130141331999d0830ff4d31900720d58382d820f5a6df810780193a4cb0eccc
d2e5722cf0b8d8df31200550801d755733c56d9ca2758b7041fbed009e0c9d08
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d7b3d2fdc9f064d7169e5a1923d7cb19c579567d8ccb0dcc4702b162e2db4026
da5a6aaf22887d6be1d6aaf85b1bf31db6372817faeef47bd9f21b89fcb78109
daa086b24cbd2610eb3261446100ff513a4526c5b2bce41e758629f5cd8a6a20
dab74606e0933cec4483e01523f74c632285b9368687651533dc2a055904bc6f
dabffe4a0b71d6abf83cc82c3ed7fcda4cc3582a4197e026117f2dc99c1dde3c
dd4c56f7e4e4d47753a48540330518aa2f067e061970c7c3be640e23963aafb4
dd6e691a27d07125e04993917cfb3f75ac9d8926f6b66d7c2e45368aa130e660
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
e1aeb6aba357112ed219f363b49f07a1045465cc09e712910dffd2a74b256678
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b7033bdd850b9dd9847fb31e63627e352e38a3cb5cf5a483ca3d2cc1093c58
e4f214301fbe8e04d1d42f2e1354470de327d49abea04b6a4116fa500cf5324a
e5eb27dce9681337b02a363fa1ffb28b0889ced23e0eba592fea3db0f76d2417
ea70bde5d014f5464a085455274113efd21dbfd5b6bffe32b5e01c458f13423d
eb46d82ef6f86859f18e379660e0f45b85c6f69fa97111905f0c125a08506376
ec61d9fd1b3609a3a53f377ed07059c3dc7d2cb1502022e0623b4ebc1ea0f35e
ecd2e45fcd6ed0f17eaefccd72cdb8253be8673636adcbf3f8902aeeed654fe2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1c5e16c3abc728ef3c7eb1ff66fc5b15f08232156bae6493e37becbd1b2f01d
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6247007e2b6a2b034c5ac6bb537e9451f7b5ed1dd8a23979068cd4e9160e72b
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

www.buhoblik.org.ua Open in urlscan Pro 2a06:6440:0:2d02::1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

148 Requests

97 %HTTPS

61 %IPv6

25 Domains

32 Subdomains

29 IPs

10 Countries

2956 kBTransfer

6131 kBSize

26 Cookies

0 Outgoing links

Page URL History

Redirected requests

148 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.buhoblik.org.ua Open in urlscan Pro
2a06:6440:0:2d02::1 Public Scan

Screenshot
Live screenshot

Full Image

148
Requests

97 %
HTTPS

61 %
IPv6

25
Domains

32
Subdomains

29
IPs

10
Countries

2956 kB
Transfer

6131 kB
Size

26
Cookies

148 HTTP transactions
10 data transactions