Submitted URL: http://news.2xclick.ru/
Effective URL: https://news.2xclick.ru/
Submission: On March 08 via manual from IL

Summary

This website contacted 41 IPs in 7 countries across 31 domains to perform 145 HTTP transactions. The main IP is 93.95.100.117, located in Podolsk, Russian Federation and belongs to MTW-AS, RU. The main domain is news.2xclick.ru.
TLS certificate: Issued by R3 on February 28th 2021. Valid for: 3 months.
This is the only time news.2xclick.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 5 93.95.100.117 48347 (MTW-AS)
24 93.95.99.151 48347 (MTW-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 91.210.107.38 50867 (HOSTKEY-R...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42:1b:... 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
5 93.184.221.133 15133 (EDGECAST)
6 2a00:1450:400... 15169 (GOOGLE)
17 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 5 2a02:6b8::1:119 13238 (YANDEX)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 195.54.48.26 12516 (WEBORAMA ...)
2 4 35.201.80.102 15169 (GOOGLE)
6 6 35.190.16.14 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 142.250.185.226 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 185.148.37.79 48347 (MTW-AS)
1 2 154.47.36.46 174 (COGENT-174)
1 2 91.216.195.7 12516 (WEBORAMA ...)
1 31 35.227.208.19 15169 (GOOGLE)
1 91.216.195.18 12516 (WEBORAMA ...)
1 8 142.250.186.34 15169 (GOOGLE)
1 35.201.81.244 15169 (GOOGLE)
1 35.244.174.68 15169 (GOOGLE)
1 2 35.227.248.159 15169 (GOOGLE)
1 2 88.99.149.88 24940 (HETZNER-AS)
6 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
4 145.239.211.22 16276 (OVH)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 2 185.33.220.243 29990 (ASN-APPNEX)
2 2 185.86.138.144 201081 (SMARTADSE...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2620:116:800d... 16509 (AMAZON-02)
1 1 3.120.24.152 16509 (AMAZON-02)
2 2 35.227.252.103 15169 (GOOGLE)
2 2 185.64.190.78 62713 (AS-PUBMATIC)
1 1 69.173.144.165 26667 (RUBICONPR...)
2 2 23.218.208.246 16625 (AKAMAI-AS)
1 1 79.137.69.120 16276 (OVH)
1 2a00:1450:400... 15169 (GOOGLE)
145 41
Apex Domain
Subdomains
Transfer
48 weborama.fr
cstatic.weborama.fr
gnezdoruanalytics.solution.weborama.fr
rd.frontend.weborama.fr
aimfar.solution.weborama.fr
cr.frontend.weborama.fr
wam.solution.weborama.fr
wam-google.solution.weborama.fr
idsync.frontend.weborama.fr
20 KB
22 googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
277 KB
19 gnezdo.ru
news.gnezdo.ru
zn2.gnezdo.ru
fcgi5.gnezdo.ru
204 KB
17 doubleclick.net
googleads.g.doubleclick.net
stats.g.doubleclick.net
cm.g.doubleclick.net
55 KB
10 gnezdo.news
zn2.gnezdo.news
44 KB
7 gstatic.com
fonts.gstatic.com
www.gstatic.com
87 KB
5 google.com
www.google.com
adservice.google.com
1 KB
5 yandex.ru
mc.yandex.ru
2 KB
4 crm4d.com
p.crm4d.com
3 KB
4 weborama.com
dx.frontend.weborama.com
825 B
3 googletagservices.com
www.googletagservices.com
95 KB
3 google.de
www.google.de
adservice.google.de
1 KB
2 casalemedia.com
ssum-sec.casalemedia.com
2 KB
2 pubmatic.com
image6.pubmatic.com
2 KB
2 openx.net
rtb.openx.net
760 B
2 smartadserver.com
sync.smartadserver.com
1 KB
2 adnxs.com
ib.adnxs.com
2 KB
2 1dmp.io
sync.1dmp.io
810 B
2 tapad.com
pixel.tapad.com
893 B
2 webvisor.org
mc.webvisor.org
715 B
2 google-analytics.com
www.google-analytics.com
19 KB
2 googleapis.com
fonts.googleapis.com
2 KB
2 2xclick.ru
news.2xclick.ru
7 KB
1 gemius.pl
googlecm.hit.gemius.pl
306 B
1 rubiconproject.com
pixel.rubiconproject.com
461 B
1 agkn.com
d.agkn.com
665 B
1 quantserve.com
cms.quantserve.com
462 B
1 rlcdn.com
idsync.rlcdn.com
416 B
1 googleadservices.com
partner.googleadservices.com
639 B
1 jsdelivr.net
cdn.jsdelivr.net
49 KB
1 backforward.bid
backforward.bid
6 KB
145 31
Domain Requested by
31 cr.frontend.weborama.fr 1 redirects cstatic.weborama.fr
14 zn2.gnezdo.ru news.2xclick.ru
zn2.gnezdo.news
12 tpc.googlesyndication.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
tpc.googlesyndication.com
10 pagead2.googlesyndication.com news.2xclick.ru
pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
tpc.googlesyndication.com
10 zn2.gnezdo.news news.2xclick.ru
zn2.gnezdo.news
8 cm.g.doubleclick.net 1 redirects news.2xclick.ru
googleads.g.doubleclick.net
8 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
6 rd.frontend.weborama.fr 6 redirects
6 fonts.gstatic.com fonts.googleapis.com
5 mc.yandex.ru 2 redirects news.2xclick.ru
cdn.jsdelivr.net
5 cstatic.weborama.fr news.2xclick.ru
cstatic.weborama.fr
4 p.crm4d.com rd.frontend.weborama.fr
cstatic.weborama.fr
4 dx.frontend.weborama.com 2 redirects news.2xclick.ru
cstatic.weborama.fr
3 www.googletagservices.com pagead2.googlesyndication.com
googleads.g.doubleclick.net
3 www.google.com 1 redirects news.2xclick.ru
googleads.g.doubleclick.net
3 news.gnezdo.ru news.2xclick.ru
2 ssum-sec.casalemedia.com 2 redirects
2 image6.pubmatic.com 2 redirects
2 rtb.openx.net 2 redirects
2 sync.smartadserver.com 2 redirects
2 ib.adnxs.com 2 redirects
2 sync.1dmp.io 1 redirects news.2xclick.ru
2 pixel.tapad.com 1 redirects cstatic.weborama.fr
2 mc.webvisor.org 1 redirects news.2xclick.ru
2 fcgi5.gnezdo.ru news.gnezdo.ru
news.2xclick.ru
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.de pagead2.googlesyndication.com
2 gnezdoruanalytics.solution.weborama.fr 1 redirects news.2xclick.ru
2 www.google-analytics.com news.2xclick.ru
www.google-analytics.com
2 fonts.googleapis.com zn2.gnezdo.news
googleads.g.doubleclick.net
2 news.2xclick.ru 1 redirects
1 googlecm.hit.gemius.pl 1 redirects
1 pixel.rubiconproject.com 1 redirects
1 d.agkn.com 1 redirects
1 cms.quantserve.com googleads.g.doubleclick.net
1 www.gstatic.com googleads.g.doubleclick.net
1 idsync.rlcdn.com cstatic.weborama.fr
1 idsync.frontend.weborama.fr cstatic.weborama.fr
1 wam-google.solution.weborama.fr 1 redirects
1 wam.solution.weborama.fr cstatic.weborama.fr
1 aimfar.solution.weborama.fr cstatic.weborama.fr
1 partner.googleadservices.com pagead2.googlesyndication.com
1 www.google.de news.2xclick.ru
1 stats.g.doubleclick.net www.google-analytics.com
1 cdn.jsdelivr.net news.2xclick.ru
1 backforward.bid news.2xclick.ru
145 46

This site contains links to these domains. Also see Links.

Domain
gnezdo.online
lk-gnezdo.com
www.rambler.ru
news.gnezdo.ru
Subject Issuer Validity Valid
news.2xclick.ru
R3
2021-02-28 -
2021-05-29
3 months crt.sh
zn2.2xclick.ru
R3
2021-02-17 -
2021-05-18
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2021-02-17 -
2021-05-12
3 months crt.sh
news.gnezdo.ru
R3
2021-02-28 -
2021-05-29
3 months crt.sh
backforward.bid
R3
2021-03-07 -
2021-06-05
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2021-02-17 -
2021-05-12
3 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-10-26 -
2021-04-17
6 months crt.sh
*.google-analytics.com
GTS CA 1O1
2021-02-17 -
2021-05-12
3 months crt.sh
edgecastcdn.net
DigiCert TLS RSA SHA256 2020 CA1
2020-11-19 -
2021-11-17
a year crt.sh
*.gstatic.com
GTS CA 1O1
2021-02-17 -
2021-05-12
3 months crt.sh
mc.yandex.ru
Yandex CA
2021-02-27 -
2021-08-09
5 months crt.sh
*.solution.weborama.fr
Go Daddy Secure Certificate Authority - G2
2020-01-11 -
2022-03-11
2 years crt.sh
*.frontend.weborama.com
Go Daddy Secure Certificate Authority - G2
2019-08-29 -
2021-10-27
2 years crt.sh
www.google.com
GTS CA 1O1
2021-02-17 -
2021-05-12
3 months crt.sh
www.google.de
GTS CA 1O1
2021-02-17 -
2021-05-12
3 months crt.sh
*.googleadservices.com
GTS CA 1O1
2021-02-17 -
2021-05-12
3 months crt.sh
*.google.de
GTS CA 1O1
2021-02-17 -
2021-05-12
3 months crt.sh
*.google.com
GTS CA 1O1
2021-02-17 -
2021-05-12
3 months crt.sh
fcgi5.gnezdo.ru
R3
2021-02-25 -
2021-05-26
3 months crt.sh
mc.webvisor.com
Yandex CA
2020-09-29 -
2021-03-23
6 months crt.sh
*.frontend.weborama.fr
Go Daddy Secure Certificate Authority - G2
2019-02-20 -
2021-04-21
2 years crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2021-02-25 -
2022-03-28
a year crt.sh
*.tapad.com
DigiCert SHA2 Secure Server CA
2020-10-05 -
2021-11-06
a year crt.sh
sync.1dmp.io
R3
2021-01-21 -
2021-04-21
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1
2021-02-17 -
2021-05-12
3 months crt.sh
crm4d.com
R3
2021-02-25 -
2021-05-26
3 months crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA
2020-10-02 -
2021-10-07
a year crt.sh

This page contains 13 frames:

Primary Page: https://news.2xclick.ru/
Frame ID: 7B3DB1C44D0505769F7DC7B750638AFA
Requests: 59 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210303/r20190131/zrt_lookup.html
Frame ID: 3F5EEF6F9527FAEE9C9D76A20DDBE77C
Requests: 1 HTTP requests in this frame

Frame: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Frame ID: 8CE69FB8D3DE7907E0DC04114268BBCE
Requests: 42 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
Frame ID: EF51E665DCF5A5C204D29EB4F1F518EC
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&adk=1812271804&adf=3025194257&lmt=1615211571&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fnews.2xclick.ru%2F&ea=0&flash=0&pra=7&wgl=1&dt=1615211571279&bpp=3&bdt=329&idt=141&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=500x280&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=2&uci=a!2&fsb=1&dtd=149
Frame ID: FE0E54D72DCDB485F385D50608CC1544
Requests: 1 HTTP requests in this frame

Frame: https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r=%27499495
Frame ID: B802AA0AE9994059B1FEE0487212F521
Requests: 1 HTTP requests in this frame

Frame: https://cr.frontend.weborama.fr/cr?key=nielsen&url=https%3A%2F%2Floadus.exelator.com%2Fload%2F%3Fp%3D204%26g%3D1020%26j%3Dw
Frame ID: 6114DB332F377DC58D6DA2995860FA1B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 4D3694A9A3BD512C82455D4B1324291E
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js
Frame ID: 6BBEAA6692AE9DA863863471B25D7766
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Frame ID: C4D253A8B5011F0E219D92D7044A5E03
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3C18CF0A7DB7E39C4F7979151B5B17C4
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js
Frame ID: 24CEE13644D5ECF2AB1A87D6428265CD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 281F5DE36D0A1805884E1F801FA7B4B9
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Gnezdo.ru.

Page URL History Show full URLs

  1. http://news.2xclick.ru/ HTTP 301
    https://news.2xclick.ru/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

145
Requests

100 %
HTTPS

45 %
IPv6

31
Domains

46
Subdomains

41
IPs

7
Countries

870 kB
Transfer

1795 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://news.2xclick.ru/ HTTP 301
    https://news.2xclick.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38
  • https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A2%3Adp%3A0%3Als%3A269869058032%3Ahid%3A696317235%3Az%3A60%3Ai%3A20210308145251%3Aet%3A1615211571%3Ac%3A1%3Arn%3A308078489%3Au%3A1615211571448562942%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615211570513%3Ads%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C329%2C8%2C%2C%2C%2C766%3Adsn%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C330%2C8%2C%2C%2C%2C766%3Ati%3A2%3Ast%3A1615211571 HTTP 302
  • https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A2%3Adp%3A0%3Als%3A269869058032%3Ahid%3A696317235%3Az%3A60%3Ai%3A20210308145251%3Aet%3A1615211571%3Ac%3A1%3Arn%3A308078489%3Au%3A1615211571448562942%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615211570513%3Ads%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C329%2C8%2C%2C%2C%2C766%3Adsn%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C330%2C8%2C%2C%2C%2C766%3Ati%3A2%3Ast%3A1615211571
Request Chain 42
  • https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615215171&ta=1600x1200&co=24&ref= HTTP 302
  • https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615215171&ta=1600x1200&co=24&ref=&BOUNCE=OK
Request Chain 43
  • https://dx.frontend.weborama.com/collect?touchpoint=0&url=https%3A//news.2xclick.ru/ HTTP 302
  • https://dx.frontend.weborama.com/collect?touchpoint=0&url=https%3A%2F%2Fnews.2xclick.ru%2F&bounce=1&random=1413784783 HTTP 302
  • https://rd.frontend.weborama.fr/rd?key=wamsync&url=https%3A%2F%2Fdx.frontend.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D HTTP 302
  • https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h
Request Chain 54
  • https://mc.webvisor.org/sync_cookie_image_check HTTP 302
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=9206.86JSP64E5lRZjZyowZ75W4hOOd5zL2vIJZUwkfm5IjWjkPAyPTRuIOX8LrRtSVVV.2UYgzPwv6bqM1aiwnr0wafnt_uQ%2C HTTP 302
  • https://mc.webvisor.org/sync_cookie_image_decide?token=9206.yFdRSMBaZF2fNK9wy1GaGDqlbsk63O3sSKQOiRpyK1tsPzmgOfnyE00rtXEvXUegYmK6m9pfuAaxzMoG1_uluB9-QH3pnpWFv7SjK6b2cV4%2C.xb16uSVlcIHi1J3ShqV5eSIWTY4%2C
Request Chain 55
  • https://rd.frontend.weborama.fr/rd?key=synchro&url=https%3A%2F%2Fcstatic.weborama.fr%2Fiframe%2Fexternal_all.html%3Fsite%3D485736%26loop%3D1 HTTP 302
  • https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Request Chain 57
  • https://rd.frontend.weborama.fr/rd?key=idsync-prx&url=https%3A%2F%2Faimfar.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dprx%26g.r%3D%27499495 HTTP 302
  • https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r=%27499495
Request Chain 59
  • https://rd.frontend.weborama.fr/rd?key=idsync-cj&url=https%3A%2F%2Fwam.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dcj%26d.k%3Dgraphinium HTTP 302
  • https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cj&d.k=graphinium
Request Chain 60
  • https://cm.g.doubleclick.net/pixel?google_nid=weborama_dmp&google_cm HTTP 302
  • https://wam-google.solution.weborama.fr/pixel?google_gid=CAESENc1o4fZD-i6Hu9StGqExuE&google_cver=1 HTTP 301
  • https://idsync.frontend.weborama.fr/ids?key=ggl&value=CAESENc1o4fZD-i6Hu9StGqExuE&google_gid=CAESENc1o4fZD-i6Hu9StGqExuE&google_cver=1
Request Chain 66
  • https://cr.frontend.weborama.fr/cr?key=acxiom&url=https%3a%2f%2fidsync.rlcdn.com%2f401736.gif%3fpartner_uid%3d%7bWEBO_CID%7d HTTP 302
  • https://idsync.rlcdn.com/401736.gif?partner_uid=Cn1cZQNnWLah2a6qycY9cu
Request Chain 67
  • https://rd.frontend.weborama.fr/rd?key=bigsea&url=https%3A%2F%2Fdx.frontend.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D HTTP 302
  • https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h
Request Chain 69
  • https://rd.frontend.weborama.fr/rd?key=tapad&url=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3D2964%26partner_device_id%3D%7BWEBO_ID%7D HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2964&partner_device_id=IYJb7z0RWv8h HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2964&partner_device_id=IYJb7z0RWv8h
Request Chain 93
  • https://sync.1dmp.io/pixel.gif?cid=4619280f-7aee-412b-991e-5007b05519a2&brid=1b89b071-72bc-4c19-b96c-2ee973304856&pid=w&uid=XV9kdWBGLDM7aiDpBGtjAg== HTTP 302
  • https://sync.1dmp.io/pixel.gif?cid=4619280f-7aee-412b-991e-5007b05519a2&brid=1b89b071-72bc-4c19-b96c-2ee973304856&pid=w&uid=XV9kdWBGLDM7aiDpBGtjAg==&cs=1
Request Chain 106
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 109
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fp.crm4d.com%2Fsync%2Fappnexus%2Fs.gif%3Fbounce%3D1%26uid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fp.crm4d.com%252Fsync%252Fappnexus%252Fs.gif%253Fbounce%253D1%2526uid%253D%2524UID HTTP 302
  • https://p.crm4d.com/sync/appnexus/s.gif?bounce=1&uid=1792241714239790060
Request Chain 110
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D HTTP 302
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D&cklb=1 HTTP 302
  • https://p.crm4d.com/sync/sas/s.gif?bounce=1&uid=3054413842940510375
Request Chain 127
  • https://d.agkn.com/pixel/2175/?google_gid=CAESEJRqdYZcOhaiBBRubsebFl4&google_cver=1&google_push=AQvitUJM3CMsG-nqN37veRUkGmks-ZwWObiAyl57-RlThmyEfIPyc8I1YHu4set_rSuLgNdGnDKwaJxssgjiG8BvE5Po6rpEAD-U HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VKUnFkWVpjT2hhaUJCUnVic2ViRmw0
Request Chain 128
  • https://rtb.openx.net/sync/dds?google_gid=CAESEDe52FZqri6F1S7gSpu04Sk&google_cver=1&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET HTTP 302
  • https://rtb.openx.net/sync/dds?google_gid=CAESEDe52FZqri6F1S7gSpu04Sk&google_cver=1&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET&ox_sc=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET&google_hm=ruKnt9bhyq4yHtoEhmzZrA==
Request Chain 129
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEM0VOjZzN_LN-5Qcx4ci5yE&google_cver=1&google_push=AQvitUKDXo98dN3cmDvjIEIq9tbmNiCabiaiB3fAiu2wgbB-qqi8n4pWe3TktYP3t1o2il97f3FoPgxibg0UN5jz8YWXqLOGhcw HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEM0VOjZzN_LN-5Qcx4ci5yE&google_cver=1&google_push=AQvitUKDXo98dN3cmDvjIEIq9tbmNiCabiaiB3fAiu2wgbB-qqi8n4pWe3TktYP3t1o2il97f3FoPgxibg0UN5jz8YWXqLOGhcw&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=2wzcwqw4R_6L4FafT4bpYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKDXo98dN3cmDvjIEIq9tbmNiCabiaiB3fAiu2wgbB-qqi8n4pWe3TktYP3t1o2il97f3FoPgxibg0UN5jz8YWXqLOGhcw
Request Chain 130
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDrNZQAcilko0_sUF8QmRZU&google_cver=1&google_push=AQvitULYguSTcGja-DdaHX5QTkKLxVRhvyBL40_WocoPfiMVGaqOgQWw_wzYJf7BFYevmGIpysko9hxc1bGL8MQsA-_E9rZj6W7j HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S00wTjlMV1ktMjMtRVBTVQ==&google_push=AQvitULYguSTcGja-DdaHX5QTkKLxVRhvyBL40_WocoPfiMVGaqOgQWw_wzYJf7BFYevmGIpysko9hxc1bGL8MQsA-_E9rZj6W7j
Request Chain 131
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk&google_cver=1&google_push=AQvitUI2D_jYeJB2uSEo__ldFxc62qHHajnQmjYCVXrppN_zIyfXT4aJqwqFgr331QYFRmyYk3QtkUseHoD2BAq9dnsL2gG96Di7 HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk&google_cver=1&google_push=AQvitUI2D_jYeJB2uSEo__ldFxc62qHHajnQmjYCVXrppN_zIyfXT4aJqwqFgr331QYFRmyYk3QtkUseHoD2BAq9dnsL2gG96Di7&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YEYsNCmKsemMpelDKfzgwwAABLwAAAAB&google_push=AQvitUI2D_jYeJB2uSEo__ldFxc62qHHajnQmjYCVXrppN_zIyfXT4aJqwqFgr331QYFRmyYk3QtkUseHoD2BAq9dnsL2gG96Di7&google_cver=1&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk
Request Chain 132
  • https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEDhYS18MJg_DGM63WJWmMwc&google_cver=1&google_push=AQvitUIf6VUctgT4XTgLBVsSgIbb_-XGQhJSJI1qTMwMLGnLnBCGNprQr9ONGGgV6G69giLWCOfUikd5cp9ukOPeg_SybOpnchb_HQ HTTP 301
  • https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUIf6VUctgT4XTgLBVsSgIbb_-XGQhJSJI1qTMwMLGnLnBCGNprQr9ONGGgV6G69giLWCOfUikd5cp9ukOPeg_SybOpnchb_HQ&google_hm=

145 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set /
news.2xclick.ru/
Redirect Chain
  • http://news.2xclick.ru/
  • https://news.2xclick.ru/
16 KB
6 KB
Document
General
Full URL
https://news.2xclick.ru/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.100.117 Podolsk, Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
30de18a45b7d212cfe98ee09d37f4e795a77965d71d797ab503f448fab5763b7

Request headers

Host
news.2xclick.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx/1.10.3
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 08 Mar 2021 13:52:51 GMT
Date
Mon, 08 Mar 2021 13:52:50 GMT
Cache-control
no-cache, no-store, must-revalidate
Pragma
no-cache
Set-Cookie
uid=XV9kdWBGLDI4yCDhBh44Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/; secure; SameSite=none
P3P
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Content-Encoding
gzip

Redirect headers

Server
nginx/1.10.3
Date
Mon, 08 Mar 2021 13:52:50 GMT
Content-Type
text/html
Content-Length
185
Connection
keep-alive
Location
https://news.2xclick.ru/
Set-Cookie
uid=XV9kdWBGLDI3JCDdBDlzAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/
P3P
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
style15.css
zn2.gnezdo.news/new-lenta/
8 KB
2 KB
Stylesheet
General
Full URL
https://zn2.gnezdo.news/new-lenta/style15.css?1234
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
95f9f7d5fc896cddb14ac87de2c177488da4249aa25c977a620cf99463d615d4

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
last-modified
Wed, 30 Sep 2020 04:23:26 GMT
server
nginx
etag
"5f74083e-848"
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
content-length
2120
expires
Thu, 31 Dec 2037 23:55:55 GMT
health.css
zn2.gnezdo.news/new-lenta/
2 KB
2 KB
Stylesheet
General
Full URL
https://zn2.gnezdo.news/new-lenta/health.css?1
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
01266b002c3a5fd944f5d5a6c9a7bcedf1274ea6c9baef3d2f14457d364014da

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Tue, 29 Sep 2020 05:06:28 GMT
server
nginx
etag
"5f72c0d4-8f1"
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
2289
expires
Thu, 31 Dec 2037 23:55:55 GMT
white-logo.png
zn2.gnezdo.news/new-lenta/img/
4 KB
4 KB
Image
General
Full URL
https://zn2.gnezdo.news/new-lenta/img/white-logo.png
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
f3d3d5e79c6c3971916ebb40d8f16c3d584efe53669023273eeca33928178bfe

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Fri, 12 Jul 2019 13:56:19 GMT
server
nginx
etag
"5d289183-1100"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
4352
expires
Thu, 31 Dec 2037 23:55:55 GMT
enter_ad.png
zn2.gnezdo.news/src/
693 B
891 B
Image
General
Full URL
https://zn2.gnezdo.news/src/enter_ad.png
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
679c798fd4e7e8b2e875df662470ae6a0e01f5d8490a8d22bca5d419b30987cd

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Tue, 25 Apr 2017 08:51:56 GMT
server
nginx
etag
"58ff0e2c-2b5"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
693
expires
Thu, 31 Dec 2037 23:55:55 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
140 KB
49 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4b9b5737c8859fa4566da81b0d34c3084f0d83ee7dc2ac8afab3c4ed45685d9a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
50479
x-xss-protection
0
server
cafe
etag
13215137272821469477
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 08 Mar 2021 13:52:50 GMT
health.jpg
news.gnezdo.ru/tests/health/
4 KB
5 KB
Image
General
Full URL
https://news.gnezdo.ru/tests/health/health.jpg
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.100.117 Podolsk, Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
1c38153acac347bda02a24b09e16db230167f0a51d6d1974ff1e505c1282bdd6

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Mar 2021 13:52:51 GMT
Last-Modified
Thu, 08 Nov 2018 10:09:56 GMT
Server
nginx/1.10.3
ETag
"5be40b74-110b"
P3P
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Cache-Control
max-age=31536000, public
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
4363
Expires
Tue, 08 Mar 2022 13:52:51 GMT
loader.js
news.gnezdo.ru/
85 KB
17 KB
Script
General
Full URL
https://news.gnezdo.ru/loader.js
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.100.117 Podolsk, Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
ec5f165087df17f3e42b3dd772feaa4cb90a47a130f0e6000a29aad4aadfb666

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Mar 2021 13:52:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Mar 2021 11:25:45 GMT
Server
nginx/1.10.3
ETag
"603f7239-428c"
P3P
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Cache-Control
max-age=86400
Connection
keep-alive
Content-Type
application/javascript
Content-Length
17036
Expires
Tue, 09 Mar 2021 13:52:51 GMT
jquery-2.2.4.min.js
zn2.gnezdo.news/js/
84 KB
29 KB
Script
General
Full URL
https://zn2.gnezdo.news/js/jquery-2.2.4.min.js
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
last-modified
Fri, 20 Apr 2018 12:54:54 GMT
server
nginx
etag
"5ad9e31e-7429"
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
content-length
29737
expires
Thu, 31 Dec 2037 23:55:55 GMT
modernizr.js
zn2.gnezdo.news/new-lenta/
3 KB
2 KB
Script
General
Full URL
https://zn2.gnezdo.news/new-lenta/modernizr.js
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
840f575220d6b42197251483e8b3b486bce6f7c4c4bddfff022580d3bb39ce4b

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
last-modified
Thu, 28 Jun 2018 11:03:22 GMT
server
nginx
etag
"5b34c07a-53e"
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
content-length
1342
expires
Thu, 31 Dec 2037 23:55:55 GMT
new_lenta_colors13.js
zn2.gnezdo.news/js/
5 KB
2 KB
Script
General
Full URL
https://zn2.gnezdo.news/js/new_lenta_colors13.js
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
288f12fba91b5cb98bbceee4d2affe465da49ec64528bba1f3525826c771846c

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
last-modified
Thu, 18 Feb 2021 07:58:16 GMT
server
nginx
etag
"602e1e18-6eb"
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
content-length
1771
expires
Thu, 31 Dec 2037 23:55:55 GMT
QUiaUaxw.js
backforward.bid/pushJs/
24 KB
6 KB
Script
General
Full URL
https://backforward.bid/pushJs/QUiaUaxw.js
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.210.107.38 Moscow, Russian Federation, ASN50867 (HOSTKEY-RU-AS, NL),
Reverse DNS
Software
cloudflare-nginx /
Resource Hash
d36426977c5c9a2f7e81196df9ac0198158c4d641fd6c7e445b7204051c11395

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
br
last-modified
Thu, 17 Dec 2020 10:15:50 GMT
server
cloudflare-nginx
etag
W/"5fdb2fd6-5ed7"
content-type
application/javascript
cache-control
max-age=259200, public, must_revalidate
expires
Mon, 25 Jan 2021 05:45:09 GMT
css
fonts.googleapis.com/
2 KB
668 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto+Condensed
Requested by
Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f51c09f7389cdc5cfdbd249cc66f95f51480041e42da46e5adf088e7bea9a686
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://zn2.gnezdo.news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 08 Mar 2021 13:24:01 GMT
server
ESF
date
Mon, 08 Mar 2021 13:52:51 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 08 Mar 2021 13:52:51 GMT
watch.js
cdn.jsdelivr.net/npm/yandex-metrica-watch/
123 KB
49 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
13b5305d3842a4989f440c5590607a3c30b20276e6945f48c9061be4469ec449
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
41597
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
content-length
49961
etag
W/"1ed5d-z5nC/r3r16ufr3F0zB9RZLtc/ME"
x-served-by
cache-fra19182-FRA, cache-hhn4029-HHN
date
Mon, 08 Mar 2021 13:52:51 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
analytics.js
www.google-analytics.com/
46 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 05 Feb 2021 21:33:27 GMT
server
Golfe2
age
6615
date
Mon, 08 Mar 2021 12:02:36 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18980
expires
Mon, 08 Mar 2021 14:02:36 GMT
products.js
cstatic.weborama.fr/js/
25 KB
7 KB
Script
General
Full URL
https://cstatic.weborama.fr/js/products.js
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C9A) /
Resource Hash
0c2e51ff8d93d23a47ac9696ba28911ef3bd596e40a8d456a238219ff1607a42

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
last-modified
Tue, 24 Nov 2020 13:24:27 GMT
server
ECAcc (mil/6C9A)
age
519791
etag
"3608441127"
vary
Accept-Encoding
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
text/javascript
content-length
7235
expires
Mon, 15 Mar 2021 13:52:51 GMT
pink-top.png
zn2.gnezdo.news/new-lenta/img/
143 B
341 B
Image
General
Full URL
https://zn2.gnezdo.news/new-lenta/img/pink-top.png
Requested by
Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
91a23159638a846a426eb990ec53821e49518e78924d10f45ee5178ba44de83b

Request headers

Referer
https://zn2.gnezdo.news/new-lenta/style15.css?1234
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Tue, 20 Aug 2019 12:24:30 GMT
server
nginx
etag
"5d5be67e-8f"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
143
expires
Thu, 31 Dec 2037 23:55:55 GMT
u1275_favicon__a4440b35c2.jpg
news.gnezdo.ru/img/original/
418 B
786 B
Image
General
Full URL
https://news.gnezdo.ru/img/original/u1275_favicon__a4440b35c2.jpg
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.100.117 Podolsk, Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
e57a5e9c483b7b5fc03a86cd27b51d0524385d8323378d586a854d16b1844816

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Mar 2021 13:52:51 GMT
Last-Modified
Fri, 25 May 2018 14:14:43 GMT
Server
nginx/1.10.3
ETag
"5b081a53-1a2"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
418
Expires
Thu, 31 Dec 2037 23:55:55 GMT
1067300_181dc2481e.jpg
zn2.gnezdo.ru/img/300x300/300/
16 KB
16 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/300x300/300/1067300_181dc2481e.jpg
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
2c47d0f235ec7716df9225cfa5343612118acf59be4d8ff658147d8aaca85db7

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Mon, 08 Feb 2021 09:31:16 GMT
server
nginx
etag
"602104e4-3f3c"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
16188
expires
Thu, 31 Dec 2037 23:55:55 GMT
like.png
zn2.gnezdo.news/new-lenta/img/
684 B
882 B
Image
General
Full URL
https://zn2.gnezdo.news/new-lenta/img/like.png
Requested by
Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
b59d5d931ece7fab4c2378e6e3979c793f6e52e8a1bc6e7c1fa569e03d96f49f

Request headers

Referer
https://zn2.gnezdo.news/new-lenta/style15.css?1234
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Thu, 28 Jun 2018 10:56:50 GMT
server
nginx
etag
"5b34bef2-2ac"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
684
expires
Thu, 31 Dec 2037 23:55:55 GMT
close.png
zn2.gnezdo.news/new-lenta/img/
276 B
474 B
Image
General
Full URL
https://zn2.gnezdo.news/new-lenta/img/close.png
Requested by
Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
9b6b5e0c551bac6ccde502c3bf5c75d1efe6b1da975c0d251a4a17b8adcc74a5

Request headers

Referer
https://zn2.gnezdo.news/new-lenta/style15.css?1234
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Thu, 28 Jun 2018 10:56:50 GMT
server
nginx
etag
"5b34bef2-114"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
276
expires
Thu, 31 Dec 2037 23:55:55 GMT
1084402_f5493e6a58.jpg
zn2.gnezdo.ru/img/200x200/402/
10 KB
10 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/200x200/402/1084402_f5493e6a58.jpg
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
cf168895b75473e4deef6e9a37d5ded455e419df68393abf1a598cc753e632d1

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Sun, 07 Mar 2021 13:27:21 GMT
server
nginx
etag
"6044d4b9-26a8"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
9896
expires
Thu, 31 Dec 2037 23:55:55 GMT
1081819_d6f76c759b.jpg
zn2.gnezdo.ru/img/200x200/819/
12 KB
12 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/200x200/819/1081819_d6f76c759b.jpg
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
c13a975196eba31a7bedd7eefd67e28d0b692dbfeecdceab71a2389ef4f840f2

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Wed, 03 Mar 2021 10:52:17 GMT
server
nginx
etag
"603f6a61-3042"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
12354
expires
Thu, 31 Dec 2037 23:55:55 GMT
1055700_745195a483.jpg
zn2.gnezdo.ru/img/300x300/700/
20 KB
21 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/300x300/700/1055700_745195a483.jpg
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
774a5433618525ab5bfee92b4291b762331c83123c3492a0c2eef948bf3cfec8

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Tue, 19 Jan 2021 19:19:25 GMT
server
nginx
etag
"600730bd-518c"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
20876
expires
Thu, 31 Dec 2037 23:55:55 GMT
1076771_f6d7e52de9.jpg
zn2.gnezdo.ru/img/200x200/771/
8 KB
8 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/200x200/771/1076771_f6d7e52de9.jpg
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
b4564c488105877b36227160aea0e748dea88465ef3ac31de3f534bb8888dbfa

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Tue, 23 Feb 2021 13:27:10 GMT
server
nginx
etag
"603502ae-1f7c"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
8060
expires
Thu, 31 Dec 2037 23:55:55 GMT
1003567_f9e72dc443.jpg
zn2.gnezdo.ru/img/200x200/567/
12 KB
12 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/200x200/567/1003567_f9e72dc443.jpg
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
a0596eb3022fd302233ff74da6ecd8eb4c511abf9112d8a8e09cfe356616193a

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Sat, 24 Oct 2020 13:03:09 GMT
server
nginx
etag
"5f94260d-2e46"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
11846
expires
Thu, 31 Dec 2037 23:55:55 GMT
1059145_ff4dc2a58a.jpg
zn2.gnezdo.ru/img/200x200/145/
8 KB
9 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/200x200/145/1059145_ff4dc2a58a.jpg
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
78130fb1304df552cb3519b8c1cfd9dcfdbb9dd736c69ed917e13e8cf368220c

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Mon, 25 Jan 2021 14:09:38 GMT
server
nginx
etag
"600ed122-21c7"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
8647
expires
Thu, 31 Dec 2037 23:55:55 GMT
ieVl2ZhZI2eCN5jzbjEETS9weq8-19a7DRs5.woff2
fonts.gstatic.com/s/robotocondensed/v19/
10 KB
10 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19a7DRs5.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a665b3ad14cb2075a396c2c542ea83c928fbcfb08160330bdec73177c63cc97e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://news.2xclick.ru
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 04 Mar 2021 19:41:26 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:08:53 GMT
server
sffe
age
324685
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9908
x-xss-protection
0
expires
Fri, 04 Mar 2022 19:41:26 GMT
ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v19/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://news.2xclick.ru
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 01 Mar 2021 18:30:34 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:08:56 GMT
server
sffe
age
588137
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15720
x-xss-protection
0
expires
Tue, 01 Mar 2022 18:30:34 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/
227 KB
86 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c1f6f1027092d281d624e67f9f83460ed291ae367b558c16cd6afad7af5eba1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
87278
x-xss-protection
0
server
cafe
etag
4389487008424739880
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 08 Mar 2021 13:52:51 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210303/r20190131/ Frame 3F5E
11 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210303/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e78c14aeb9435fd03f67ad2ee4c45e18bfcfc100a4c62c8bd886324ce6296f77
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210303/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://news.2xclick.ru/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://news.2xclick.ru/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Sun, 07 Mar 2021 20:37:42 GMT
expires
Sun, 21 Mar 2021 20:37:42 GMT
content-type
text/html; charset=UTF-8
etag
14371272352318978350
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
5136
x-xss-protection
0
age
62109
cache-control
public, max-age=1209600
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
1067300_181dc2481e.jpg
zn2.gnezdo.ru/img/300x300/300/
16 KB
16 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/300x300/300/1067300_181dc2481e.jpg
Requested by
Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
2c47d0f235ec7716df9225cfa5343612118acf59be4d8ff658147d8aaca85db7

Request headers

Origin
https://news.2xclick.ru
Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Mon, 08 Feb 2021 09:31:16 GMT
server
nginx
etag
"602104e4-3f3c"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
16188
expires
Thu, 31 Dec 2037 23:55:55 GMT
1084402_f5493e6a58.jpg
zn2.gnezdo.ru/img/200x200/402/
10 KB
10 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/200x200/402/1084402_f5493e6a58.jpg
Requested by
Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
cf168895b75473e4deef6e9a37d5ded455e419df68393abf1a598cc753e632d1

Request headers

Origin
https://news.2xclick.ru
Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Sun, 07 Mar 2021 13:27:21 GMT
server
nginx
etag
"6044d4b9-26a8"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
9896
expires
Thu, 31 Dec 2037 23:55:55 GMT
1081819_d6f76c759b.jpg
zn2.gnezdo.ru/img/200x200/819/
12 KB
12 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/200x200/819/1081819_d6f76c759b.jpg
Requested by
Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
c13a975196eba31a7bedd7eefd67e28d0b692dbfeecdceab71a2389ef4f840f2

Request headers

Origin
https://news.2xclick.ru
Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Wed, 03 Mar 2021 10:52:17 GMT
server
nginx
etag
"603f6a61-3042"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
12354
expires
Thu, 31 Dec 2037 23:55:55 GMT
1055700_745195a483.jpg
zn2.gnezdo.ru/img/300x300/700/
20 KB
21 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/300x300/700/1055700_745195a483.jpg
Requested by
Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
774a5433618525ab5bfee92b4291b762331c83123c3492a0c2eef948bf3cfec8

Request headers

Origin
https://news.2xclick.ru
Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Tue, 19 Jan 2021 19:19:25 GMT
server
nginx
etag
"600730bd-518c"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
20876
expires
Thu, 31 Dec 2037 23:55:55 GMT
1076771_f6d7e52de9.jpg
zn2.gnezdo.ru/img/200x200/771/
8 KB
8 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/200x200/771/1076771_f6d7e52de9.jpg
Requested by
Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
b4564c488105877b36227160aea0e748dea88465ef3ac31de3f534bb8888dbfa

Request headers

Origin
https://news.2xclick.ru
Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Tue, 23 Feb 2021 13:27:10 GMT
server
nginx
etag
"603502ae-1f7c"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
8060
expires
Thu, 31 Dec 2037 23:55:55 GMT
1003567_f9e72dc443.jpg
zn2.gnezdo.ru/img/200x200/567/
12 KB
12 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/200x200/567/1003567_f9e72dc443.jpg
Requested by
Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
a0596eb3022fd302233ff74da6ecd8eb4c511abf9112d8a8e09cfe356616193a

Request headers

Origin
https://news.2xclick.ru
Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Sat, 24 Oct 2020 13:03:09 GMT
server
nginx
etag
"5f94260d-2e46"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
11846
expires
Thu, 31 Dec 2037 23:55:55 GMT
1059145_ff4dc2a58a.jpg
zn2.gnezdo.ru/img/200x200/145/
8 KB
9 KB
Image
General
Full URL
https://zn2.gnezdo.ru/img/200x200/145/1059145_ff4dc2a58a.jpg
Requested by
Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
78130fb1304df552cb3519b8c1cfd9dcfdbb9dd736c69ed917e13e8cf368220c

Request headers

Origin
https://news.2xclick.ru
Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Mon, 25 Jan 2021 14:09:38 GMT
server
nginx
etag
"600ed122-21c7"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
8647
expires
Thu, 31 Dec 2037 23:55:55 GMT
collect
www.google-analytics.com/j/
4 B
68 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j88&a=810653130&t=pageview&_s=1&dl=https%3A%2F%2Fnews.2xclick.ru%2F&ul=en-us&de=UTF-8&dt=Gnezdo.ru.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1213974873&gjid=1140625271&cid=205560568.1615211571&tid=UA-5044672-6&_gid=1495975381.1615211571&_r=1&_slc=1&z=1319035267
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://news.2xclick.ru
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
1
mc.yandex.ru/watch/3/
Redirect Chain
  • https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%3...
  • https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%...
35 B
69 B
XHR
General
Full URL
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A2%3Adp%3A0%3Als%3A269869058032%3Ahid%3A696317235%3Az%3A60%3Ai%3A20210308145251%3Aet%3A1615211571%3Ac%3A1%3Arn%3A308078489%3Au%3A1615211571448562942%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615211570513%3Ads%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C329%2C8%2C%2C%2C%2C766%3Adsn%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C330%2C8%2C%2C%2C%2C766%3Ati%3A2%3Ast%3A1615211571
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
efbdf9cab6b6cf2bf7207ae4e0456c9462b2c0d4c2de76d65442de2af7253f2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 08-Mar-2021 13:52:51 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://news.2xclick.ru
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
35
x-xss-protection
1; mode=block
expires
Mon, 08-Mar-2021 13:52:51 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Mon, 08-Mar-2021 13:52:51 GMT
location
/watch/3/1?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A2%3Adp%3A0%3Als%3A269869058032%3Ahid%3A696317235%3Az%3A60%3Ai%3A20210308145251%3Aet%3A1615211571%3Ac%3A1%3Arn%3A308078489%3Au%3A1615211571448562942%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615211570513%3Ads%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C329%2C8%2C%2C%2C%2C766%3Adsn%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C330%2C8%2C%2C%2C%2C766%3Ati%3A2%3Ast%3A1615211571
strict-transport-security
max-age=31536000
access-control-allow-origin
https://news.2xclick.ru
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
x-xss-protection
1; mode=block
expires
Mon, 08-Mar-2021 13:52:51 GMT
collect
stats.g.doubleclick.net/j/
4 B
88 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j88&tid=UA-5044672-6&cid=205560568.1615211571&jid=1213974873&gjid=1140625271&_gid=1495975381.1615211571&_u=IEBAAEAAAAAAAC~&z=25719060
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 08 Mar 2021 13:52:51 GMT
content-type
text/plain
access-control-allow-origin
https://news.2xclick.ru
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
advert.gif
mc.yandex.ru/metrika/
43 B
177 B
Image
General
Full URL
https://mc.yandex.ru/metrika/advert.gif
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
last-modified
Thu, 04 Mar 2021 17:30:33 GMT
etag
"603efc40-2b"
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Mon, 08 Mar 2021 14:52:51 GMT
external_all.html
cstatic.weborama.fr/iframe/ Frame 8CE6
6 KB
2 KB
Document
General
Full URL
https://cstatic.weborama.fr/iframe/external_all.html?site=485736
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/js/products.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C14) /
Resource Hash
dd06964bce4d3d30c47a19c923bae3589dcbf82614938d4ff8fd1772cdf20249

Request headers

:method
GET
:authority
cstatic.weborama.fr
:scheme
https
:path
/iframe/external_all.html?site=485736
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://news.2xclick.ru/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://news.2xclick.ru/

Response headers

content-encoding
gzip
accept-ranges
bytes
access-control-allow-origin
*
age
521179
cache-control
max-age=604800
content-type
text/html
date
Mon, 08 Mar 2021 13:52:51 GMT
etag
"1973320744"
expires
Mon, 15 Mar 2021 13:52:51 GMT
last-modified
Tue, 02 Mar 2021 12:57:24 GMT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server
ECAcc (mil/6C14)
vary
Accept-Encoding
x-cache
HIT
content-length
1697
comptage_wreport.fcgi
gnezdoruanalytics.solution.weborama.fr/fcgi-bin/
Redirect Chain
  • https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615215171&ta=1600x1200&co=24&ref=
  • https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615215171&ta=1600x1200&co=24&ref=&BOUNCE=OK
67 B
721 B
Image
General
Full URL
https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615215171&ta=1600x1200&co=24&ref=&BOUNCE=OK
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.54.48.26 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
Software
Apache /
Resource Hash
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
cache-control
no-cache
server
Apache
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
transfer-encoding
chunked
content-type
image/gif

Redirect headers

location
https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615215171&ta=1600x1200&co=24&ref=&BOUNCE=OK
date
Mon, 08 Mar 2021 13:52:51 GMT
server
Apache
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
content-length
399
content-type
text/html; charset=iso-8859-1
collect
dx.frontend.weborama.com/
Redirect Chain
  • https://dx.frontend.weborama.com/collect?touchpoint=0&url=https%3A//news.2xclick.ru/
  • https://dx.frontend.weborama.com/collect?touchpoint=0&url=https%3A%2F%2Fnews.2xclick.ru%2F&bounce=1&random=1413784783
  • https://rd.frontend.weborama.fr/rd?key=wamsync&url=https%3A%2F%2Fdx.frontend.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D
  • https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h
0
123 B
Image
General
Full URL
https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.80.102 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
location
https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
118 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-5044672-6&cid=205560568.1615211571&jid=1213974873&_u=IEBAAEAAAAAAAC~&z=1292343838
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
107 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-5044672-6&cid=205560568.1615211571&jid=1213974873&_u=IEBAAEAAAAAAAC~&z=1292343838
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie.js
partner.googleadservices.com/gampad/
200 B
639 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=news.2xclick.ru&callback=_gfp_s_&client=ca-pub-5828883634660773
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
79d3da19d3afba5d03555e93708223c10dc83c0073b32fc7bb6b6c90a9d9e8ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
191
x-xss-protection
0
integrator.js
adservice.google.de/adsid/
107 B
165 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=news.2xclick.ru
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
165 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=news.2xclick.ru
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame EF51
60 KB
22 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3e4b85486d70f1abded316e6a990d906182b3f9761c432a00ad86c4d29dc0bb1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://news.2xclick.ru/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://news.2xclick.ru/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Mon, 08 Mar 2021 13:52:51 GMT
server
cafe
content-length
22112
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Mon, 08-Mar-2021 14:07:51 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 08 Mar 2021 13:52:51 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/
74 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2b04100564fd9141d7acbd40482d40a3c5b4af2cf25b2cf8726b5608841d61a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1614774803212306"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28399
x-xss-protection
0
expires
Mon, 08 Mar 2021 13:52:51 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame FE0E
0
270 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&adk=1812271804&adf=3025194257&lmt=1615211571&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fnews.2xclick.ru%2F&ea=0&flash=0&pra=7&wgl=1&dt=1615211571279&bpp=3&bdt=329&idt=141&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=500x280&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=2&uci=a!2&fsb=1&dtd=149
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-5828883634660773&output=html&adk=1812271804&adf=3025194257&lmt=1615211571&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fnews.2xclick.ru%2F&ea=0&flash=0&pra=7&wgl=1&dt=1615211571279&bpp=3&bdt=329&idt=141&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=500x280&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=2&uci=a!2&fsb=1&dtd=149
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://news.2xclick.ru/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://news.2xclick.ru/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Mon, 08 Mar 2021 13:52:51 GMT
server
cafe
content-length
0
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Mon, 08-Mar-2021 14:07:51 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 08 Mar 2021 13:52:51 GMT
cache-control
private
tzr.fcgi
fcgi5.gnezdo.ru/cgi-bin/
7 KB
7 KB
XHR
General
Full URL
https://fcgi5.gnezdo.ru/cgi-bin/tzr.fcgi?id=18081&f=2&ref=https%3A//news.2xclick.ru/&gw=801&gh=0&gaid=0&gtvm=&ids=0
Requested by
Host: news.gnezdo.ru
URL: https://news.gnezdo.ru/loader.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.148.37.79 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
6084dbc9ba1c3508eb1c5a44194140376dcde207aff89ab34f6cd1ea4cfcd5dd

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx
access-control-allow-methods
GET, POST, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
https://news.2xclick.ru
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, Content-Type, X-Requested-With
external_libs.js
cstatic.weborama.fr/iframe/ Frame 8CE6
5 KB
2 KB
Script
General
Full URL
https://cstatic.weborama.fr/iframe/external_libs.js
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C8D) /
Resource Hash
05380d354053cfd0e7a2f0f6abd805fbfb303e487bbe67ef78ea91a278d56a96

Request headers

Referer
https://cstatic.weborama.fr/iframe/external_all.html?site=485736
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
last-modified
Tue, 08 Sep 2020 08:07:23 GMT
server
ECAcc (mil/6C8D)
age
20919
etag
"3469217132"
vary
Accept-Encoding
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
text/javascript
content-length
1997
expires
Mon, 15 Mar 2021 13:52:51 GMT
sync_cookie_image_decide
mc.webvisor.org/
Redirect Chain
  • https://mc.webvisor.org/sync_cookie_image_check
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=9206.86JSP64E5lRZjZyowZ75W4hOOd5zL2vIJZUwkfm5IjWjkPAyPTRuIOX8LrRtSVVV.2UYgzPwv6bqM1aiwnr0wafnt_uQ%2C
  • https://mc.webvisor.org/sync_cookie_image_decide?token=9206.yFdRSMBaZF2fNK9wy1GaGDqlbsk63O3sSKQOiRpyK1tsPzmgOfnyE00rtXEvXUegYmK6m9pfuAaxzMoG1_uluB9-QH3pnpWFv7SjK6b2cV4%2C.xb16uSVlcIHi1J3ShqV5eSIWTY...
43 B
358 B
Image
General
Full URL
https://mc.webvisor.org/sync_cookie_image_decide?token=9206.yFdRSMBaZF2fNK9wy1GaGDqlbsk63O3sSKQOiRpyK1tsPzmgOfnyE00rtXEvXUegYmK6m9pfuAaxzMoG1_uluB9-QH3pnpWFv7SjK6b2cV4%2C.xb16uSVlcIHi1J3ShqV5eSIWTY4%2C
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
154.47.36.46 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
strict-transport-security
max-age=31536000
content-length
43
x-xss-protection
1; mode=block
content-type
image/gif

Redirect headers

location
https://mc.webvisor.org/sync_cookie_image_decide?token=9206.yFdRSMBaZF2fNK9wy1GaGDqlbsk63O3sSKQOiRpyK1tsPzmgOfnyE00rtXEvXUegYmK6m9pfuAaxzMoG1_uluB9-QH3pnpWFv7SjK6b2cV4%2C.xb16uSVlcIHi1J3ShqV5eSIWTY4%2C
date
Mon, 08 Mar 2021 13:52:51 GMT
strict-transport-security
max-age=31536000
content-length
0
x-xss-protection
1; mode=block
external_all.html
cstatic.weborama.fr/iframe/ Frame 8CE6
Redirect Chain
  • https://rd.frontend.weborama.fr/rd?key=synchro&url=https%3A%2F%2Fcstatic.weborama.fr%2Fiframe%2Fexternal_all.html%3Fsite%3D485736%26loop%3D1
  • https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
6 KB
2 KB
Document
General
Full URL
https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_libs.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C14) /
Resource Hash
dd06964bce4d3d30c47a19c923bae3589dcbf82614938d4ff8fd1772cdf20249

Request headers

:method
GET
:authority
cstatic.weborama.fr
:scheme
https
:path
/iframe/external_all.html?site=485736&loop=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://cstatic.weborama.fr/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
wbo_temps_reel=NDg1NzM2; AFFICHE_W=IYJb7z0RWv8h55
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://cstatic.weborama.fr/iframe/external_all.html?site=485736

Response headers

content-encoding
gzip
accept-ranges
bytes
access-control-allow-origin
*
age
521179
cache-control
max-age=604800
content-type
text/html
date
Mon, 08 Mar 2021 13:52:51 GMT
etag
"1973320744"
expires
Mon, 15 Mar 2021 13:52:51 GMT
last-modified
Tue, 02 Mar 2021 12:57:24 GMT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server
ECAcc (mil/6C14)
vary
Accept-Encoding
x-cache
HIT
content-length
1697

Redirect headers

server
nginx/1.12.0
date
Mon, 08 Mar 2021 13:52:51 GMT
content-length
0
location
https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
access-control-allow-origin
*
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma
no-cache
expires
Tue, 03 Jul 2001 06:00:00 GMT
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
alt-svc
clear
external_libs.js
cstatic.weborama.fr/iframe/ Frame 8CE6
5 KB
2 KB
Script
General
Full URL
https://cstatic.weborama.fr/iframe/external_libs.js
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C8D) /
Resource Hash
05380d354053cfd0e7a2f0f6abd805fbfb303e487bbe67ef78ea91a278d56a96

Request headers

Referer
https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
last-modified
Tue, 08 Sep 2020 08:07:23 GMT
server
ECAcc (mil/6C8D)
age
20919
etag
"3469217132"
vary
Accept-Encoding
x-cache
HIT
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-type
text/javascript
content-length
1997
expires
Mon, 15 Mar 2021 13:52:51 GMT
dispatch.fcgi
aimfar.solution.weborama.fr/fcgi-bin/ Frame B802
Redirect Chain
  • https://rd.frontend.weborama.fr/rd?key=idsync-prx&url=https%3A%2F%2Faimfar.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dprx%26g.r%3D%27499495
  • https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r=%27499495
41 B
524 B
Document
General
Full URL
https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r=%27499495
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_libs.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.216.195.7 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
Software
Apache /
Resource Hash
f752c9d78517ca9e04bd89d00ad15e914800aad0f8471c18b9114c620b74463b

Request headers

Host
aimfar.solution.weborama.fr
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://cstatic.weborama.fr/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
wbo_temps_reel=NDg1NzM2; AFFICHE_W=IYJb7z0RWv8h55
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://cstatic.weborama.fr/

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
server
Apache
access-control-allow-origin
*
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma
no-cache
expires
Tue, 03 Jul 2001 06:00:00 GMT
vary
Accept-Encoding
content-encoding
gzip
transfer-encoding
chunked
content-type
text/html

Redirect headers

server
nginx/1.12.0
date
Mon, 08 Mar 2021 13:52:51 GMT
content-length
0
location
https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r='499495
access-control-allow-origin
*
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma
no-cache
expires
Tue, 03 Jul 2001 06:00:00 GMT
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
alt-svc
clear
cr
cr.frontend.weborama.fr/ Frame 6114
0
0
Document
General
Full URL
https://cr.frontend.weborama.fr/cr?key=nielsen&url=https%3A%2F%2Floadus.exelator.com%2Fload%2F%3Fp%3D204%26g%3D1020%26j%3Dw
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_libs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash

Request headers

:method
GET
:authority
cr.frontend.weborama.fr
:scheme
https
:path
/cr?key=nielsen&url=https%3A%2F%2Floadus.exelator.com%2Fload%2F%3Fp%3D204%26g%3D1020%26j%3Dw
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://cstatic.weborama.fr/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
wbo_temps_reel=NDg1NzM2; AFFICHE_W=IYJb7z0RWv8h55
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://cstatic.weborama.fr/

Response headers

server
nginx/1.12.0
date
Mon, 08 Mar 2021 13:52:51 GMT
access-control-allow-origin
*
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma
no-cache
expires
Tue, 03 Jul 2001 06:00:00 GMT
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
alt-svc
clear
dispatch.fcgi
wam.solution.weborama.fr/fcgi-bin/ Frame 8CE6
Redirect Chain
  • https://rd.frontend.weborama.fr/rd?key=idsync-cj&url=https%3A%2F%2Fwam.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dcj%26d.k%3Dgraphinium
  • https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cj&d.k=graphinium
334 B
753 B
Script
General
Full URL
https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cj&d.k=graphinium
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
Software
Apache /
Resource Hash
9e47dfa75560387fd54011506724a6eb70b1747318105937e89150dadca2ed26

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
Apache
vary
Accept-Encoding
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
transfer-encoding
chunked
content-type
application/x-javascript
expires
Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
location
https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cj&d.k=graphinium
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
ids
idsync.frontend.weborama.fr/ Frame 8CE6
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=weborama_dmp&google_cm
  • https://wam-google.solution.weborama.fr/pixel?google_gid=CAESENc1o4fZD-i6Hu9StGqExuE&google_cver=1
  • https://idsync.frontend.weborama.fr/ids?key=ggl&value=CAESENc1o4fZD-i6Hu9StGqExuE&google_gid=CAESENc1o4fZD-i6Hu9StGqExuE&google_cver=1
0
236 B
Image
General
Full URL
https://idsync.frontend.weborama.fr/ids?key=ggl&value=CAESENc1o4fZD-i6Hu9StGqExuE&google_gid=CAESENc1o4fZD-i6Hu9StGqExuE&google_cver=1
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.81.244 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:52 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:52 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

location
https://idsync.frontend.weborama.fr/ids?key=ggl&value=CAESENc1o4fZD-i6Hu9StGqExuE&google_gid=CAESENc1o4fZD-i6Hu9StGqExuE&google_cver=1
date
Mon, 08 Mar 2021 13:52:51 GMT
server
Apache
content-length
354
content-type
text/html; charset=iso-8859-1
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=appnexus&url=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dappnexus_id%26value%3D%24UID
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=tubemogul&url=https%3A%2F%2Frtd-tm.everesttech.net%2Fupi%2Fpid%2FI4EAHwnE%3Fredir%3Dhttps%253A%252F%252Fidsync.frontend.weborama.fr%252Fids%253Fkey%253Dtubemogul_id%2526value%253D%2524%257BUSER_ID%257D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=criteov2&url=https%3A%2F%2Fgum.criteo.com%2Fsync%3Fc%3D13%26a%3D1%26r%3D1%26u%3Dhttps%253A%252F%252Fidsync.frontend.weborama.fr%252Fids%253Fkey%253Dcriteov2_id%2526value%253D%2540USERID%2540
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
236 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=mediamath&url=https%3A%2F%2Fpixel.mathtag.com%2Fsync%2Fimg%3Fmt_exid%3D10014%26redir%3Dhttps%253A%252F%252Fidsync.frontend.weborama.fr%252Fids%253Fkey%253Dmediamath_id%2526value%253D%255BMM_UUID%255D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=smartadserver&url=https%3A%2F%2Fsync.smartadserver.com%2Fgetuid%3Furl%3Dhttps%253A%252F%252Fidsync.frontend.weborama.fr%252Fids%253Fkey%253Dsmartadserver_id%2526value%253D%255Bsas_uid%255D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
401736.gif
idsync.rlcdn.com/ Frame 8CE6
Redirect Chain
  • https://cr.frontend.weborama.fr/cr?key=acxiom&url=https%3a%2f%2fidsync.rlcdn.com%2f401736.gif%3fpartner_uid%3d%7bWEBO_CID%7d
  • https://idsync.rlcdn.com/401736.gif?partner_uid=Cn1cZQNnWLah2a6qycY9cu
42 B
416 B
Image
General
Full URL
https://idsync.rlcdn.com/401736.gif?partner_uid=Cn1cZQNnWLah2a6qycY9cu
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
clear
content-length
42

Redirect headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
location
https://idsync.rlcdn.com/401736.gif?partner_uid=Cn1cZQNnWLah2a6qycY9cu
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
collect
dx.frontend.weborama.com/ Frame 8CE6
Redirect Chain
  • https://rd.frontend.weborama.fr/rd?key=bigsea&url=https%3A%2F%2Fdx.frontend.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D
  • https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h
0
123 B
Image
General
Full URL
https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.80.102 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
location
https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=thetradedesk&url=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3D4n2tpwc%26ttd_tpi%3D1
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
check
pixel.tapad.com/idsync/ex/receive/ Frame 8CE6
Redirect Chain
  • https://rd.frontend.weborama.fr/rd?key=tapad&url=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3D2964%26partner_device_id%3D%7BWEBO_ID%7D
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2964&partner_device_id=IYJb7z0RWv8h
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2964&partner_device_id=IYJb7z0RWv8h
95 B
426 B
Image
General
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2964&partner_device_id=IYJb7z0RWv8h
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Jetty(9.4.28.v20200408) /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
server
Jetty(9.4.28.v20200408)
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/png
alt-svc
clear
content-length
95

Redirect headers

date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
server
Jetty(9.4.28.v20200408)
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2964&partner_device_id=IYJb7z0RWv8h
alt-svc
clear
content-length
0
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=mailru&url=https%3A%2F%2Fad.mail.ru%2Fcm.gif%3Fp%3D68%26id%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=yandex&url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fdmpweborama%2F%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=getintent&url=https%3A%2F%2Fpx.adhigh.net%2Fp%2Fcm%2Fweborama%3Fu%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=seedr&url=https%3A%2F%2Fstats.seedr.com%2Fnr%2Fsync%3Fdsp_id%3Dwbrm%26external_uid%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=rambler&url=https%3A%2F%2Fsync.rambler.ru%2Fset%3Fpartner_id%3Dab56d453-f95a-4cbc-97b3-1e30a8f95173%26id%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=yahoo&url=https%3A%2F%2Fcms.analytics.yahoo.com%2Fcms%3Fpartner_id%3DWEBMA%26gdpr%3Dfalse
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=tremelio&url=https%3A%2F%2Fsync-uid.leadplace.fr%2Fsync-uid.php%3Fpart%3Dweborama%26id%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=crm4d&url=https%3A%2F%2Fp.crm4d.com%2Femt%2Fsync%2Fweborama%3Fuid%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=relap&url=https%3A%2F%2Frelap.io%2Fpartners%2Fwbrmcs%3Fuid%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=zbo&url=https%3A%2F%2Fsync.zebestof.com%2Fsync%2Fweborama
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=vkcom&url=https%3A%2F%2Fvk.com%2Fwbrh%3Fr%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=adsniper&url=https%3A%2F%2Fsync.bumlam.com%2F%3Fsrc%3Dwbr_nr%26uid%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=audrte&url=https%3A%2F%2Fa.audrte.com%2Fmatch%3Fuid%3D%7BWEBO_CID%7D%26p%3D1468142154
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=zemanta&url=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fweborama%2F%3Fwebouuid%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=adcamp&url=https%3A%2F%2Fpixel.kost.tv%2Fweborama%2F%3Fweborama_id%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=avito&url=https%3A%2F%2Fwww.avito.ru%2Fadvertisement%2Fweborama.gif%3Fwebouuid%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=otm&url=https%3A%2F%2Fsync.dmp.otm-r.com%2Fmatch%2Fweborama%3Fid%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=soloway&url=https%3A%2F%2Fssp.adriver.ru%2Fcgi-bin%2Fsync.cgi%3Fssp_id%3D20323%26external_id%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=buzzoola&url=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdmp%2Fweborama%3Fuid%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=adform&url=https%3A%2F%2Fc1.adform.net%2Fserving%2Fcookie%2Fmatch%3FCC%3D1%26party%3D1145%26cid%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=mediatoday&url=https%3A%2F%2Fmediatoday.ru%2Fcore%2Fmatch.gif%3Fs%3D15%26id%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=mailruv2&url=https%3A%2F%2Ftop-fwz1.mail.ru%2Fcounter%3Fid%3D3201812%3Bpid%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
cr
cr.frontend.weborama.fr/ Frame 8CE6
0
44 B
Image
General
Full URL
https://cr.frontend.weborama.fr/cr?key=beeline&url=https%3A%2F%2F%7BWEBO_CID%7D-wbr.ops.beeline.ru%2Fid%3D%7BWEBO_CID%7D
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx/1.12.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
via
1.1 google
last-modified
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx/1.12.0
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
expires
Tue, 03 Jul 2001 06:00:00 GMT
pixel.gif
sync.1dmp.io/
Redirect Chain
  • https://sync.1dmp.io/pixel.gif?cid=4619280f-7aee-412b-991e-5007b05519a2&brid=1b89b071-72bc-4c19-b96c-2ee973304856&pid=w&uid=XV9kdWBGLDM7aiDpBGtjAg==
  • https://sync.1dmp.io/pixel.gif?cid=4619280f-7aee-412b-991e-5007b05519a2&brid=1b89b071-72bc-4c19-b96c-2ee973304856&pid=w&uid=XV9kdWBGLDM7aiDpBGtjAg==&cs=1
35 B
376 B
Image
General
Full URL
https://sync.1dmp.io/pixel.gif?cid=4619280f-7aee-412b-991e-5007b05519a2&brid=1b89b071-72bc-4c19-b96c-2ee973304856&pid=w&uid=XV9kdWBGLDM7aiDpBGtjAg==&cs=1
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.99.149.88 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
cache-control
private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
server
nginx
content-type
image/gif
content-length
35
expires
0

Redirect headers

location
/pixel.gif?cid=4619280f-7aee-412b-991e-5007b05519a2&brid=1b89b071-72bc-4c19-b96c-2ee973304856&pid=w&uid=XV9kdWBGLDM7aiDpBGtjAg==&cs=1
date
Mon, 08 Mar 2021 13:52:51 GMT
cache-control
private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
server
nginx
content-length
0
expires
0
/
fcgi5.gnezdo.ru/e/
43 B
116 B
Image
General
Full URL
https://fcgi5.gnezdo.ru/e/?dr=&du=https%3A//news.2xclick.ru/&tizer_id=18081&r=0.8856384675410427
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.148.37.79 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
server
nginx
content-type
image/gif; charset=windows-1251
7081411861158272307
tpc.googlesyndication.com/simgad/ Frame EF51
47 KB
47 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/7081411861158272307?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qny9Ednmw1VvkxuoSqSDwX5LjXLTg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c5d2939212c29eb52c43dc9a2e0dea71599d920ec7f043e0256a0cca67e9aad5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 03:22:40 GMT
x-content-type-options
nosniff
last-modified
Fri, 04 Dec 2020 06:26:21 GMT
server
sffe
age
469811
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
48174
x-xss-protection
0
expires
Thu, 03 Mar 2022 03:22:40 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/ Frame EF51
18 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c3b18cc0a385c6d5e81af3d1739aa9565f88e7d6b9a00d2e3b6d732e3b9ba3e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:51:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
82
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7378
x-xss-protection
0
server
cafe
etag
2412555088240638002
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Mar 2021 13:51:29 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/ Frame EF51
3 KB
2 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:44:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
524
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1546
x-xss-protection
0
server
cafe
etag
8852521427838746165
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Mar 2021 13:44:07 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame EF51
110 KB
34 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1614774766775808"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34192
x-xss-protection
0
expires
Mon, 08 Mar 2021 13:52:51 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/ Frame EF51
14 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
523f846901bad5ce921ac4ca7c5fb06d39658428a641c7ea496f8560b4cb517f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:48:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
240
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6140
x-xss-protection
0
server
cafe
etag
17031075750977984330
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Mar 2021 13:48:51 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/ Frame EF51
26 KB
11 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
758608abf5c456ea8cb5515828cabb68f082df67c04d350d0519241841cbf9d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:05:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2870
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10963
x-xss-protection
0
server
cafe
etag
5048180228173261443
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Mar 2021 13:05:01 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame EF51
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CEHP7MyxGYOvcGp2RmLAP2MmImAOE7ZDhYZmThsCVDa3N-MuRDhABIP2O9CVglYq4gsgHoAGHg7_3A8gBAqgDAcgDyQSqBL0BT9A7QY--ZNiRn9Ss_5XFfJXlHbd0AsAKKQx9s0ze_vtCUWKLnw8Pv6QDl8z2O8NuhpMeSgICNh58qvtpFdXz7jLoU6bO-rz2JT6rLW1owBl8xctl9DAnixpLKPutbPyh1IiSmSyLyAw_WEJWWyvs-1d4qu4eg0ipqRlBCrEVZ_69y2uuaebGlvDU3BDe0hfzA9rhorujRGGgGXI4_6fyOmWI53VmoVj1fI0CySy6TAR1q_d2zr8UinEuOUr0wATonoDZnQOSBQQIBBgBkgUECAUYBKAGAoAH5PSXiQGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQiuwa0ggJCIDhgBAQARgfgAoByAsB2BMMshcaChgIABIUcHViLTU4Mjg4ODM2MzQ2NjA3NzM&sigh=cO6kGOH4B2M&tpd=AGWhJmtXDiIX17XszhJnn-Q_ordWRjkwXZ09vbuRWohZoyMqQA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Mon, 08 Mar 2021 13:52:51 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame 4D36
143 B
216 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/s?v=r20120211
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUlrx4F5_Ls0JPSu5AzbkToMPEG3RVqRTdCa5BEAjOF84p8Gj1mkYKUWKzPflEA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Mon, 08 Mar 2021 13:23:20 GMT
server
safe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
1771
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame EF51
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
66a454884459ae02c723b1da087913bafed6a414a6b08315ea72825be317382e

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
11859022
mc.yandex.ru/watch/
167 B
198 B
XHR
General
Full URL
https://mc.yandex.ru/watch/11859022?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&charset=utf-8&site-info=%7B%22gnezdoSourceId%22%3A0%2C%22gnezdoTagId%22%3A0%2C%22gnezdoTeaserId%22%3A0%2C%22gnezdoGroupId%22%3A%220%22%2C%22gnezdoSubId%22%3A0%2C%22gnezdoADGender%22%3A%22%22%2C%22gnezdoADAge%22%3A%22%22%2C%22gnezdoLentaId%22%3A%22def%22%7D&ut=noindex&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A1%3Adp%3A0%3Als%3A384991408094%3Ahid%3A696317235%3Az%3A60%3Ai%3A20210308145251%3Aet%3A1615211571%3Ac%3A1%3Arn%3A201865558%3Au%3A1615211571448562942%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615211570513%3Ads%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C329%2C8%2C%2C%2C%2C766%3Adsn%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C330%2C8%2C%2C%2C%2C766%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1615211572%3At%3AGnezdo.ru.
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
4800664e72d4b8e85f214add4f3c7baf0be0d07d535d1b7475cfbbf6be58bad5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 08-Mar-2021 13:52:51 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://news.2xclick.ru
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
167
x-xss-protection
1; mode=block
expires
Mon, 08-Mar-2021 13:52:51 GMT
weborama.js
p.crm4d.com/sync/ Frame 8CE6
2 KB
2 KB
Script
General
Full URL
https://p.crm4d.com/sync/weborama.js?r=0.0981547308373707
Requested by
Host: rd.frontend.weborama.fr
URL: https://rd.frontend.weborama.fr/rd?key=idsync-cj&url=https%3A%2F%2Fwam.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dcj%26d.k%3Dgraphinium
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
145.239.211.22 Valence, France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
6f7c9c1828fc0b39e1f8943174430e13a6eafc5089325276c7027f19a9af447f

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Mar 2021 13:52:52 GMT
Content-Encoding
gzip
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Transfer-Encoding
chunked
P3P
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
si
googleads.g.doubleclick.net/pagead/drt/ Frame 4D36
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
156 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/si
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUlrx4F5_Ls0JPSu5AzbkToMPEG3RVqRTdCa5BEAjOF84p8Gj1mkYKUWKzPflEA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Mon, 08 Mar 2021 13:52:52 GMT
server
safe
content-length
0
x-xss-protection
0
set-cookie
DSID=NO_DATA; expires=Mon, 08-Mar-2021 14:52:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 08 Mar 2021 13:52:52 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Mon, 08 Mar 2021 13:52:52 GMT
server
safe
content-length
246
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js
pagead2.googlesyndication.com/bg/ Frame 6BBE
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 07:40:57 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Mar 2021 10:45:00 GMT
server
sffe
age
22314
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5643
x-xss-protection
0
expires
Tue, 08 Mar 2022 07:40:57 GMT
match
p.crm4d.com/sync/weborama/ Frame 8CE6
42 B
545 B
Image
General
Full URL
https://p.crm4d.com/sync/weborama/match?uid=Cn1cZQNnWLah2a6qycY9cu
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
145.239.211.22 Valence, France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Mar 2021 13:52:52 GMT
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
P3P
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
s.gif
p.crm4d.com/sync/appnexus/ Frame 8CE6
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fp.crm4d.com%2Fsync%2Fappnexus%2Fs.gif%3Fbounce%3D1%26uid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fp.crm4d.com%252Fsync%252Fappnexus%252Fs.gif%253Fbounce%253D1%2526uid%253D%2524UID
  • https://p.crm4d.com/sync/appnexus/s.gif?bounce=1&uid=1792241714239790060
42 B
221 B
Image
General
Full URL
https://p.crm4d.com/sync/appnexus/s.gif?bounce=1&uid=1792241714239790060
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
145.239.211.22 Valence, France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Mar 2021 13:52:56 GMT
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
P3P
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"

Redirect headers

Pragma
no-cache
Date
Mon, 08 Mar 2021 13:52:56 GMT
X-Proxy-Origin
185.156.175.107; 185.156.175.107; 722.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.82:80
AN-X-Request-Uuid
3e9f5ea3-fe21-4a50-ab62-ca59066d2455
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://p.crm4d.com/sync/appnexus/s.gif?bounce=1&uid=1792241714239790060
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
s.gif
p.crm4d.com/sync/sas/ Frame 8CE6
Redirect Chain
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D&cklb=1
  • https://p.crm4d.com/sync/sas/s.gif?bounce=1&uid=3054413842940510375
42 B
556 B
Image
General
Full URL
https://p.crm4d.com/sync/sas/s.gif?bounce=1&uid=3054413842940510375
Requested by
Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
145.239.211.22 Valence, France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://cstatic.weborama.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Mar 2021 13:52:52 GMT
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
P3P
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"

Redirect headers

location
https://p.crm4d.com/sync/sas/s.gif?bounce=1&uid=3054413842940510375
pragma
no-cache
date
Mon, 08 Mar 2021 13:52:51 GMT
cache-control
no-cache,no-store
x-smrt-reason
5
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
integrator.js
adservice.google.de/adsid/
107 B
777 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=news.2xclick.ru
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Mar 2021 13:52:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
531 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=news.2xclick.ru
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Mar 2021 13:52:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame C4D2
75 KB
25 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4929854d618a97ed7d8fff1854d41a7f580b2876abf4f425be3417eec1d113b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://news.2xclick.ru/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUlrx4F5_Ls0JPSu5AzbkToMPEG3RVqRTdCa5BEAjOF84p8Gj1mkYKUWKzPflEA; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://news.2xclick.ru/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Mon, 08 Mar 2021 13:52:52 GMT
server
cafe
content-length
25690
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
css
fonts.googleapis.com/ Frame C4D2
4 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d344632c01d1ca55dc380216de660c9b8a5a3174e7d7afa6784aff50c945e1cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 08 Mar 2021 13:24:38 GMT
server
ESF
date
Mon, 08 Mar 2021 13:52:52 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 08 Mar 2021 13:52:52 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/ Frame C4D2
2 KB
992 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1e93f66cbe9b485135f0c8bbc9eaccf882ded6eb71daadde99a8426f6db7cb31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:46:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
377
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
896
x-xss-protection
0
server
cafe
etag
948078048762640732
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Mar 2021 13:46:35 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/ Frame C4D2
18 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c3b18cc0a385c6d5e81af3d1739aa9565f88e7d6b9a00d2e3b6d732e3b9ba3e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
19
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7378
x-xss-protection
0
server
cafe
etag
2412555088240638002
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Mar 2021 13:52:33 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/ Frame C4D2
3 KB
2 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1546
x-xss-protection
0
server
cafe
etag
8852521427838746165
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Mar 2021 13:52:46 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame C4D2
110 KB
33 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1614774766775808"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34192
x-xss-protection
0
expires
Mon, 08 Mar 2021 13:52:52 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/ Frame C4D2
14 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
523f846901bad5ce921ac4ca7c5fb06d39658428a641c7ea496f8560b4cb517f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:48:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
268
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6140
x-xss-protection
0
server
cafe
etag
17031075750977984330
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 22 Mar 2021 13:48:24 GMT
l
www.google.com/ads/measurement/ Frame C4D2
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTEeIPmfSaJmHCwlE8rFfyFRdQO3K3freV5PO75F6gQn5i-EFC9jNmjx3aCHBIJoramzDB3p_KoWCCgqY93ZMCNjq8Lrg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

1e8eaeef6431cb6de349a68674062a29.js
www.gstatic.com/mysidia/ Frame C4D2
26 KB
11 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/1e8eaeef6431cb6de349a68674062a29.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b0b572a90abb3fce27b9dc1f79145706c7bcc6cc3ac84c8f501d344132816d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 05 Mar 2021 14:30:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Mar 2021 07:11:17 GMT
server
sffe
age
256966
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7776000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10971
x-xss-protection
0
expires
Thu, 03 Jun 2021 14:30:06 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/14157471132680731757/ Frame C4D2
16 KB
16 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/14157471132680731757/downsize_200k_v1?w=400&h=209
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3fabb86a56cc16d4bb21985ae64537a3aeb28cc07091167d408eeb76aae9097a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 05 Mar 2021 05:36:02 GMT
x-content-type-options
nosniff
age
289010
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16495
x-xss-protection
0
last-modified
Thu, 24 Sep 2020 11:55:06 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 05 Mar 2022 05:36:02 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame C4D2
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CKIKdNCxGYOvKDq-PmLAPtNOWiA6l4fPSYYLr6-fIDI-6iNGdHBABIP2O9CVglYq4gsgHoAGhlfLtAsgBBqkCa8wI3BDysz6oAwHIA8sEqgS7AU_Ql6hrszvpF2yXeBaNQO_G4FZzjGpNJb8BXfVHwFnSe3no_1kZ_KVud0wF5jFrNz6s7QF50syl3L4KJ1iy5zQu_5K1ZcIckfKtqg9JxsCmbfikbxebR14mexaOHDiE8iEp21JeZSGTJEJiLnW4b45PaR15o-hMKkwjqhSW9-wIowZOq3ySB0DAQqGjvy-6oFYbW64ppSyE3fOUN_JYIC14qTNmRgjdF039MOL8WoizLWgc9vBMX0nFOWLABNTq6cfVA5IFBAgEGAGSBQQIBRgEoAY3gAfH6o2SAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDXlhzSCAkIgOGAEBABGB-ACgHICwHYEw2YFgGyFxoKGAgAEhRwdWItNTgyODg4MzYzNDY2MDc3Mw&sigh=XyHTrXyvgXY&template_id=492&tpd=AGWhJmu2LHdgvKYz20KpX-KxcQDwGW2mdSKa6P5kgbMkWmriwA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Mon, 08 Mar 2021 13:52:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 3C18
1 KB
835 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
pagead2.googlesyndication.com
:scheme
https
:path
/pagead/s/cookie_push_onload.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Sun, 07 Mar 2021 15:30:58 GMT
expires
Mon, 08 Mar 2021 15:30:58 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
cache-control
public, max-age=86400
age
80514
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame C4D2
210 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6a56851c135b09bdcb67c013221b0b0556d125823e6c1d9d8f773255ea7f9e92

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
dpixel
cms.quantserve.com/ Frame 3C18
35 B
462 B
Image
General
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEMqW2b22ddywG7P9gbxdC7A&google_cver=1&google_push=AQvitUL-ZhR9Ug_aTUD8eHpnI1e2XDNrosuQoZ367Jf2pF8osTjCwTuLWVHAtz43WFPNKm_czDktiS-J4wqXDvCDKrLA4FGbdmQJ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:52 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 3C18
Redirect Chain
  • https://d.agkn.com/pixel/2175/?google_gid=CAESEJRqdYZcOhaiBBRubsebFl4&google_cver=1&google_push=AQvitUJM3CMsG-nqN37veRUkGmks-ZwWObiAyl57-RlThmyEfIPyc8I1YHu4set_rSuLgNdGnDKwaJxssgjiG8BvE5Po6rpEAD-U
  • https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VKUnFkWVpjT2hhaUJCUnVic2ViRmw0
170 B
190 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VKUnFkWVpjT2hhaUJCUnVic2ViRmw0
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:52 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Mar 2021 13:52:52 GMT
Server
Apache-Coyote/1.1
P3P
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VKUnFkWVpjT2hhaUJCUnVic2ViRmw0
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 3C18
Redirect Chain
  • https://rtb.openx.net/sync/dds?google_gid=CAESEDe52FZqri6F1S7gSpu04Sk&google_cver=1&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET
  • https://rtb.openx.net/sync/dds?google_gid=CAESEDe52FZqri6F1S7gSpu04Sk&google_cver=1&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET&...
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET&google_hm=ruKnt9bhyq4yHtoEhmzZrA==
170 B
190 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET&google_hm=ruKnt9bhyq4yHtoEhmzZrA==
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:52 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:52 GMT
via
1.1 google
server
Cowboy
access-control-allow-origin
null
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET&google_hm=ruKnt9bhyq4yHtoEhmzZrA==
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
0
x-request-id
jh5rnkfch4r88roi1ntgjn05obnv8ltl
pixel
cm.g.doubleclick.net/ Frame 3C18
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=2wzcwqw4R_6L4FafT4bpYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
190 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=2wzcwqw4R_6L4FafT4bpYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKDXo98dN3cmDvjIEIq9tbmNiCabiaiB3fAiu2wgbB-qqi8n4pWe3TktYP3t1o2il97f3FoPgxibg0UN5jz8YWXqLOGhcw
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:52 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=2wzcwqw4R_6L4FafT4bpYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKDXo98dN3cmDvjIEIq9tbmNiCabiaiB3fAiu2wgbB-qqi8n4pWe3TktYP3t1o2il97f3FoPgxibg0UN5jz8YWXqLOGhcw
Date
Mon, 08 Mar 2021 13:52:51 GMT
P3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
0
Content-Type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame 3C18
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDrNZQAcilko0_sUF8QmRZU&google_cver=1&google_push=AQvitULYguSTcGja-DdaHX5QTkKLxVRhvyBL40_WocoPfiMVGaqOgQWw_wzYJf7BFYevmGIpysk...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S00wTjlMV1ktMjMtRVBTVQ==&google_push=AQvitULYguSTcGja-DdaHX5QTkKLxVRhvyBL40_WocoPfiMVGaqOgQWw_wzYJf7BFYevmGIpysko9hxc1bGL8MQsA-_E9rZj6W7j
170 B
287 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S00wTjlMV1ktMjMtRVBTVQ==&google_push=AQvitULYguSTcGja-DdaHX5QTkKLxVRhvyBL40_WocoPfiMVGaqOgQWw_wzYJf7BFYevmGIpysko9hxc1bGL8MQsA-_E9rZj6W7j
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:52 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S00wTjlMV1ktMjMtRVBTVQ==&google_push=AQvitULYguSTcGja-DdaHX5QTkKLxVRhvyBL40_WocoPfiMVGaqOgQWw_wzYJf7BFYevmGIpysko9hxc1bGL8MQsA-_E9rZj6W7j
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
pixel
cm.g.doubleclick.net/ Frame 3C18
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk&google_cver=1&googl...
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YEYsNCmKsemMpelDKfzgwwAABLwAAAAB&google_push=AQvitUI2D_jYeJB2uSEo__ldFxc62qHHajnQmjYCVXrppN_zIyfXT4aJqwqFgr331QYFRmyYk3QtkUseHoD2BAq9dn...
170 B
190 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YEYsNCmKsemMpelDKfzgwwAABLwAAAAB&google_push=AQvitUI2D_jYeJB2uSEo__ldFxc62qHHajnQmjYCVXrppN_zIyfXT4aJqwqFgr331QYFRmyYk3QtkUseHoD2BAq9dnsL2gG96Di7&google_cver=1&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:52 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Mar 2021 13:52:52 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YEYsNCmKsemMpelDKfzgwwAABLwAAAAB&google_push=AQvitUI2D_jYeJB2uSEo__ldFxc62qHHajnQmjYCVXrppN_zIyfXT4aJqwqFgr331QYFRmyYk3QtkUseHoD2BAq9dnsL2gG96Di7&google_cver=1&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
460
Expires
Mon, 08 Mar 2021 13:52:52 GMT
pixel
cm.g.doubleclick.net/ Frame 3C18
Redirect Chain
  • https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEDhYS18MJg_DGM63WJWmMwc&google_cver=1&google_push=AQvitUIf6VUctgT4XTgLBVsS...
  • https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUIf6VUctgT4XTgLBVsSgIbb_-XGQhJSJI1qTMwMLGnLnBCGNprQr9ONGGgV6G69giLWCOfUikd5cp9ukOPeg_SybOpnchb_HQ&google_hm=
170 B
190 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUIf6VUctgT4XTgLBVsSgIbb_-XGQhJSJI1qTMwMLGnLnBCGNprQr9ONGGgV6G69giLWCOfUikd5cp9ukOPeg_SybOpnchb_HQ&google_hm=
Requested by
Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:52 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:52 GMT
server
GHC
p3p
CP="NOI DSP COR NID PSAo OUR IND"
location
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUIf6VUctgT4XTgLBVsSgIbb_-XGQhJSJI1qTMwMLGnLnBCGNprQr9ONGGgV6G69giLWCOfUikd5cp9ukOPeg_SybOpnchb_HQ&google_hm=
cache-control
no-store, no-cache, must-revalidate, max-age=0
accept-ranges
none
content-length
0
expires
Sun, 07 Mar 2021 13:52:52 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 3C18
0
223 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L3SUv6W90QjSkB16TcPATqb9vGOxNF4u-P5Ak60BStwOTtrcED7X2-zqR9ZNpZvGSoVm1mQg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:52 GMT
server
HTTP server (unknown)
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v20/ Frame C4D2
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://googleads.g.doubleclick.net
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 01 Mar 2021 18:51:47 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:36 GMT
server
sffe
age
586865
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15736
x-xss-protection
0
expires
Tue, 01 Mar 2022 18:51:47 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v20/ Frame C4D2
10 KB
10 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
491158614c16e4a767df0f1ddbb82a8462b6ba308b8774c698b82e850a425291
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://googleads.g.doubleclick.net
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 05 Mar 2021 04:25:34 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:51 GMT
server
sffe
age
293238
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9900
x-xss-protection
0
expires
Sat, 05 Mar 2022 04:25:34 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ Frame C4D2
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://googleads.g.doubleclick.net
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 01 Mar 2021 18:27:39 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:37 GMT
server
sffe
age
588313
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15872
x-xss-protection
0
expires
Tue, 01 Mar 2022 18:27:39 GMT
KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v20/ Frame C4D2
10 KB
10 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e6bbcc62f3b6a3ada1215006f0f6c04dbcc035efe815caf60e6a26eafc335b7f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://googleads.g.doubleclick.net
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 05 Mar 2021 03:54:15 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:36 GMT
server
sffe
age
295117
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10048
x-xss-protection
0
expires
Sat, 05 Mar 2022 03:54:15 GMT
Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js
pagead2.googlesyndication.com/bg/ Frame 24CE
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 07:40:57 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Mar 2021 10:45:00 GMT
server
sffe
age
22315
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5643
x-xss-protection
0
expires
Tue, 08 Mar 2022 07:40:57 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame EF51
42 B
479 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstXwypYkq3Cw8o5DVM19bVcgJUSJJP-yGXO8D0XCed9XSn-kOJ9cUTb9ckiWNru1mVjlj4bKKDNH9mLecXz_6GcjKac_kvi1wtbLhzheD-iD0MqYoJf9b3xTSTAQg&sai=AMfl-YQGlVFRaJxqriA6BAmLZGpKPBJKLrXH_2RR6AcUFkKb_2S0EoRdH-igGXUFYphcxAf4WYgEeZ1GrYJb&sig=Cg0ArKJSzNNmg9R_ePyxEAE&id=osdim&mcvt=1000&p=219,1132,499,1468&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210303&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=1514590946&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1615211571412&dlt=380&rpt=76&isd=0&msd=0&r=v&uup=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame C4D2
42 B
108 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuEwDTPFlrfx_es8p87QiHKZ49O4vFODmQ6TyfNHJ46wAsCM9boGXlqe0NC9aoTBkRyBdF7zJEdhtfes4D25UwXTM3XAwtNXjKw_G99A6o8vIEAHCxqpLAA90_rXw&sai=AMfl-YRVOt5rgyWSGKbq9v95kpT6F_sf5nfDogG-ll1axBJ15MuPKqxAys00Mf8_WawizbofYUiWUf6BwoJJlEPuEOiQPtKV4MonAVnqTOUQFWFOCdzappaMCMrOlboB&sig=Cg0ArKJSzNZSCxYJ3k3gEAE&cid=CAASF-RoqGG4yNHun7HSuz6Jkp8Osdt1Kiy5&id=osdim&mcvt=1000&p=1091,238,1291,1039&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20210303&bin=7&avms=nio&bs=0,0&mc=0.54&if=1&app=0&itpl=22&adk=3013329466&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1615211572214&dlt=355&rpt=2&isd=0&msd=0&r=v&uup=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/
8 KB
6 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210303&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
eb7caf25fd3c990a4afc5f23245194b02cf62e8f7a86b16024c7f8036e71bdeb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Mar 2021 13:52:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6450
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 13:52:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1611170586013198"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6403
x-xss-protection
0
expires
Mon, 08 Mar 2021 13:52:56 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 281F
12 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/221/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://news.2xclick.ru/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://news.2xclick.ru/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
4984
date
Mon, 08 Mar 2021 10:54:50 GMT
expires
Tue, 08 Mar 2022 10:54:50 GMT
last-modified
Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
10686
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js
pagead2.googlesyndication.com/bg/ Frame 281F
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Mar 2021 07:40:57 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Mar 2021 10:45:00 GMT
server
sffe
age
22319
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5643
x-xss-protection
0
expires
Tue, 08 Mar 2022 07:40:57 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
109 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gda_r20210303&jk=3379666263853317&bg=!HR6lHl3NAAWsVXnBrDsAKQB2-Dxasucc2t834YjXg9dUiQbKwKvtgwx-MPzoShhHGWtljScKnxdHAgAAAGdSAAAAC2gBBwoBaUEuKNW8csquzsqzjqdrigo52UpemXSTED8u-frhamS3jT8GT1Lbz7fiT9yDYE1tMQu1-IMtUILFJGqiErgl0Rzbnx9R5_HfkVkmJfzksiJZHNxegqId9gfNGzftuoxMTwSt2JqJKqrlGO5Te0S_Iysqz_08WB1PQVGAQJEhrcEmmaqzoYl9GGM6I4o0o9am8VaDPYauSS3VIE7JEsbI6OIULmWArQjABpeeanjeUV1mg0JTyU8Bp4yB65-4FHGjnVQ4VbQWrULCBBXdutWuYyOeoAKfr_iEktC_RHKOc-ol5b8P9KJYXzjxn49DvMLck0FknHs4nkYV4lcO8XHlUEwBK23zXYDHfiN01609VPcrBSWx4kRNS-8zJZUd80TVa4gzYE4PuHExnTd6khFQyw6CAIEuRlmVBG5PioPBQ-1-hXA9csaPOE8mwmNnZj4J4RsvSgM0IxGkUyZaLwA8oYIGs4g2Dr00upaZAhW5wCVdwbIOMYuSWqPjoq_VwkRJFpE8Y6QC0h3Lw8yXs_ULKGWpBA-OLhlPE0XYT9-aabkG-KHUiXZOLM8RnKjU6olN_XjerzL2i-A35p_nwl-EPAxDL_X4R_fBhms8NwTWRc3QWSCbJCN2i5fNSXWntnAP6nxYvWDABVPorpc0B8gjJDuWMzu__MI8Q-9fy4TPzv82NzfNwnsL1Qa4kkgeKMUoSOuY54NQ-P-1DX3IVC4LUcJg7roqUCgLJ2UKQobmUVNue7uFPHXj2L4Qq4sV6lY7TDUUMQKeF9tQl-HoSNZcsfp8NHyp8t-MlHWX_BFHZLsLFExWjztnWjfQ70Fw7bl2YjkwcTnt04lrNtj4xg9xRj_3hPt1DaNbTKCAlxsvb5VJ7fIafyKDZAeV0qB9Pin7_TmxvMtqWRTtY0GU99Bekyap8MG9reOO9a8Rjkoafl4-9mGe8fCgyHjnju3y8xG2gwkGtUEDpdAFDkk5BiPtDKONEa6-XyFmzEEGQtXxerYRRWCV0DxocWc_vSILh3g-qd9hwAl64vhjKL-_1ldXGyxPVRxncp_VjIW6x3fOFq4grAJmMklN-Ux4BM8WZtmzKJO8LmS-I9bzgAFKybgvnseqQOSuzKyqTbTbUlov7CIuSY84VvTH5yucSonUfCjGBAJHb37FTna_M3T7u-zqVMDgTaxVFzAW_21M_fT8_pJNtQ
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://news.2xclick.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Mar 2021 13:52:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

115 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated string| frame function| lp2 string| GoogleAnalyticsObject function| ga string| WRP_HOST number| WRP_ID string| WRP_SECTION string| WRP_SUBSECTION object| google_js_reporting_queue number| google_srt object| google_ad_modifications object| google_logging_queue object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| adsbygoogle object| google_sa_queue object| google_sl_win function| google_process_slots boolean| google_apltlad function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map object| gnezdoAsyncCallbacks function| $ function| jQuery object| Modernizr function| getAverageRGB function| tizerProc function| fillGradient function| jx_lenta_load boolean| was_click boolean| was_scroll object| google_tag_data object| gaplugins object| gaGlobal object| gaData number| QUiaUaxwrhXbfrCiva2QVB2310NJnZ object| Ya object| yaCounter11859022 object| gnezdo function| _send_after_cmp_check function| _create_element_of_given_type function| _create_image_for function| _create_iframe_for function| _ap_defined function| wis_defined function| getCookieVal function| GetCookie function| SetCookie function| encode_en_lettre function| traite_chaine function| convertir function| traduction function| unicite_espace function| wf_uaO number| _NB_MAX_EXTEND_PARAMETERS number| _TAILLE_MAX_EXTEND_PARAMETER_ object| _ap_an function| create_ifrtrk object| acc_list function| wr_aff_pub object| _ap_ad string| wr_solutions string| ref string| _ap_script boolean| _ap_first string| k string| key number| _NB_MAX_CONTENU_ number| _TAILLE_MAX_CONTENU_ number| _TAILLE_MAX_CHAINE_ number| _TAILLE_MAX_ALPHANUM_ string| _COOKIE_SEGMENTATION object| _ap_adlist function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_persistent_state_async object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken object| google_prev_clients object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| GoogleGcLKhOms object| google_image_requests

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
aimfar.solution.weborama.fr
backforward.bid
cdn.jsdelivr.net
cm.g.doubleclick.net
cms.quantserve.com
cr.frontend.weborama.fr
cstatic.weborama.fr
d.agkn.com
dx.frontend.weborama.com
fcgi5.gnezdo.ru
fonts.googleapis.com
fonts.gstatic.com
gnezdoruanalytics.solution.weborama.fr
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
ib.adnxs.com
idsync.frontend.weborama.fr
idsync.rlcdn.com
image6.pubmatic.com
mc.webvisor.org
mc.yandex.ru
news.2xclick.ru
news.gnezdo.ru
p.crm4d.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
pixel.tapad.com
rd.frontend.weborama.fr
rtb.openx.net
ssum-sec.casalemedia.com
stats.g.doubleclick.net
sync.1dmp.io
sync.smartadserver.com
tpc.googlesyndication.com
wam-google.solution.weborama.fr
wam.solution.weborama.fr
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.gstatic.com
zn2.gnezdo.news
zn2.gnezdo.ru
142.250.185.226
142.250.186.34
145.239.211.22
154.47.36.46
185.148.37.79
185.33.220.243
185.64.190.78
185.86.138.144
195.54.48.26
23.218.208.246
2620:116:800d:21:f916:5049:f87f:108e
2a00:1450:4001:800::2003
2a00:1450:4001:800::200e
2a00:1450:4001:808::2002
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2002
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2004
2a00:1450:400c:c0c::9c
2a02:6b8::1:119
2a04:4e42:1b::621
3.120.24.152
35.190.16.14
35.201.80.102
35.201.81.244
35.227.208.19
35.227.248.159
35.227.252.103
35.244.174.68
69.173.144.165
79.137.69.120
88.99.149.88
91.210.107.38
91.216.195.18
91.216.195.7
93.184.221.133
93.95.100.117
93.95.99.151
01266b002c3a5fd944f5d5a6c9a7bcedf1274ea6c9baef3d2f14457d364014da
05380d354053cfd0e7a2f0f6abd805fbfb303e487bbe67ef78ea91a278d56a96
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c2e51ff8d93d23a47ac9696ba28911ef3bd596e40a8d456a238219ff1607a42
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
13b5305d3842a4989f440c5590607a3c30b20276e6945f48c9061be4469ec449
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c38153acac347bda02a24b09e16db230167f0a51d6d1974ff1e505c1282bdd6
1e93f66cbe9b485135f0c8bbc9eaccf882ded6eb71daadde99a8426f6db7cb31
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf
288f12fba91b5cb98bbceee4d2affe465da49ec64528bba1f3525826c771846c
2c47d0f235ec7716df9225cfa5343612118acf59be4d8ff658147d8aaca85db7
30de18a45b7d212cfe98ee09d37f4e795a77965d71d797ab503f448fab5763b7
3e4b85486d70f1abded316e6a990d906182b3f9761c432a00ad86c4d29dc0bb1
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fabb86a56cc16d4bb21985ae64537a3aeb28cc07091167d408eeb76aae9097a
43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5
4800664e72d4b8e85f214add4f3c7baf0be0d07d535d1b7475cfbbf6be58bad5
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
491158614c16e4a767df0f1ddbb82a8462b6ba308b8774c698b82e850a425291
4929854d618a97ed7d8fff1854d41a7f580b2876abf4f425be3417eec1d113b7
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4b9b5737c8859fa4566da81b0d34c3084f0d83ee7dc2ac8afab3c4ed45685d9a
523f846901bad5ce921ac4ca7c5fb06d39658428a641c7ea496f8560b4cb517f
53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
6084dbc9ba1c3508eb1c5a44194140376dcde207aff89ab34f6cd1ea4cfcd5dd
66a454884459ae02c723b1da087913bafed6a414a6b08315ea72825be317382e
679c798fd4e7e8b2e875df662470ae6a0e01f5d8490a8d22bca5d419b30987cd
6a56851c135b09bdcb67c013221b0b0556d125823e6c1d9d8f773255ea7f9e92
6f7c9c1828fc0b39e1f8943174430e13a6eafc5089325276c7027f19a9af447f
758608abf5c456ea8cb5515828cabb68f082df67c04d350d0519241841cbf9d4
774a5433618525ab5bfee92b4291b762331c83123c3492a0c2eef948bf3cfec8
78130fb1304df552cb3519b8c1cfd9dcfdbb9dd736c69ed917e13e8cf368220c
79d3da19d3afba5d03555e93708223c10dc83c0073b32fc7bb6b6c90a9d9e8ac
7b0b572a90abb3fce27b9dc1f79145706c7bcc6cc3ac84c8f501d344132816d8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
840f575220d6b42197251483e8b3b486bce6f7c4c4bddfff022580d3bb39ce4b
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745
91a23159638a846a426eb990ec53821e49518e78924d10f45ee5178ba44de83b
95f9f7d5fc896cddb14ac87de2c177488da4249aa25c977a620cf99463d615d4
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b6b5e0c551bac6ccde502c3bf5c75d1efe6b1da975c0d251a4a17b8adcc74a5
9e47dfa75560387fd54011506724a6eb70b1747318105937e89150dadca2ed26
a0596eb3022fd302233ff74da6ecd8eb4c511abf9112d8a8e09cfe356616193a
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a665b3ad14cb2075a396c2c542ea83c928fbcfb08160330bdec73177c63cc97e
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b4564c488105877b36227160aea0e748dea88465ef3ac31de3f534bb8888dbfa
b59d5d931ece7fab4c2378e6e3979c793f6e52e8a1bc6e7c1fa569e03d96f49f
c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113
c13a975196eba31a7bedd7eefd67e28d0b692dbfeecdceab71a2389ef4f840f2
c1f6f1027092d281d624e67f9f83460ed291ae367b558c16cd6afad7af5eba1e
c3b18cc0a385c6d5e81af3d1739aa9565f88e7d6b9a00d2e3b6d732e3b9ba3e9
c5d2939212c29eb52c43dc9a2e0dea71599d920ec7f043e0256a0cca67e9aad5
cf168895b75473e4deef6e9a37d5ded455e419df68393abf1a598cc753e632d1
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d344632c01d1ca55dc380216de660c9b8a5a3174e7d7afa6784aff50c945e1cc
d36426977c5c9a2f7e81196df9ac0198158c4d641fd6c7e445b7204051c11395
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
dd06964bce4d3d30c47a19c923bae3589dcbf82614938d4ff8fd1772cdf20249
e2b04100564fd9141d7acbd40482d40a3c5b4af2cf25b2cf8726b5608841d61a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e57a5e9c483b7b5fc03a86cd27b51d0524385d8323378d586a854d16b1844816
e6bbcc62f3b6a3ada1215006f0f6c04dbcc035efe815caf60e6a26eafc335b7f
e78c14aeb9435fd03f67ad2ee4c45e18bfcfc100a4c62c8bd886324ce6296f77
eb7caf25fd3c990a4afc5f23245194b02cf62e8f7a86b16024c7f8036e71bdeb
ec5f165087df17f3e42b3dd772feaa4cb90a47a130f0e6000a29aad4aadfb666
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efbdf9cab6b6cf2bf7207ae4e0456c9462b2c0d4c2de76d65442de2af7253f2b
f3d3d5e79c6c3971916ebb40d8f16c3d584efe53669023273eeca33928178bfe
f51c09f7389cdc5cfdbd249cc66f95f51480041e42da46e5adf088e7bea9a686
f752c9d78517ca9e04bd89d00ad15e914800aad0f8471c18b9114c620b74463b