news.2xclick.ru Open in urlscan Pro
93.95.100.117 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://news.2xclick.ru/
Effective URL:
https://news.2xclick.ru/
Submission: On March 08 via manual (March 8th 2021, 1:53:15 pm UTC) from IL

Summary HTTP 145 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 41 IPs in 7 countries across 31 domains to perform 145 HTTP transactions. The main IP is 93.95.100.117, located in Podolsk, Russian Federation and belongs to MTW-AS, RU. The main domain is news.2xclick.ru.
TLS certificate: Issued by R3 on February 28th 2021. Valid for: 3 months.

This is the only time news.2xclick.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 5	93.95.100.117 93.95.100.117	48347 (MTW-AS) (MTW-AS)
24	93.95.99.151 93.95.99.151	48347 (MTW-AS) (MTW-AS)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	91.210.107.38 91.210.107.38	50867 (HOSTKEY-R...) (HOSTKEY-RU-AS)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:1b:... 2a04:4e42:1b::621	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
5	93.184.221.133 93.184.221.133	15133 (EDGECAST) (EDGECAST)
6	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
2 5	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
1	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
1 2	195.54.48.26 195.54.48.26	12516 (WEBORAMA ...) (WEBORAMA Weborama provides Internet Services)
2 4	35.201.80.102 35.201.80.102	15169 (GOOGLE) (GOOGLE)
6 6	35.190.16.14 35.190.16.14	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	185.148.37.79 185.148.37.79	48347 (MTW-AS) (MTW-AS)
1 2	154.47.36.46 154.47.36.46	174 (COGENT-174) (COGENT-174)
1 2	91.216.195.7 91.216.195.7	12516 (WEBORAMA ...) (WEBORAMA Weborama provides Internet Services)
1 31	35.227.208.19 35.227.208.19	15169 (GOOGLE) (GOOGLE)
1	91.216.195.18 91.216.195.18	12516 (WEBORAMA ...) (WEBORAMA Weborama provides Internet Services)
1 8	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	35.201.81.244 35.201.81.244	15169 (GOOGLE) (GOOGLE)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1 2	88.99.149.88 88.99.149.88	24940 (HETZNER-AS) (HETZNER-AS)
6	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
4	145.239.211.22 145.239.211.22	16276 (OVH) (OVH)
1 2	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
2 2	185.33.220.243 185.33.220.243	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	185.86.138.144 185.86.138.144	201081 (SMARTADSE...) (SMARTADSERVER)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
1 1	3.120.24.152 3.120.24.152	16509 (AMAZON-02) (AMAZON-02)
2 2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	23.218.208.246 23.218.208.246	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	79.137.69.120 79.137.69.120	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
145	41

5 93.95.100.117 (Podolsk, Russian Federation) 1 redirects

ASN48347 (MTW-AS, RU)

news.2xclick.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
news.gnezdo.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 93.95.99.151 (Russian Federation)

ASN48347 (MTW-AS, RU)

zn2.gnezdo.news	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zn2.gnezdo.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.210.107.38 (Moscow, Russian Federation)

ASN50867 (HOSTKEY-RU-AS, NL)

backforward.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::621 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 93.184.221.133 (London, United Kingdom)

ASN15133 (EDGECAST, US)

cstatic.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:6b8::1:119 (Moscow, Russian Federation) 2 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.54.48.26 (France) 1 redirects

ASN12516 (WEBORAMA Weborama provides Internet Services, FR)

gnezdoruanalytics.solution.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.201.80.102 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

dx.frontend.weborama.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.190.16.14 (Kansas City, United States) 6 redirects

ASN15169 (GOOGLE, US)

rd.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.148.37.79 (Russian Federation)

ASN48347 (MTW-AS, RU)

fcgi5.gnezdo.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 154.47.36.46 (United States) 1 redirects

ASN174 (COGENT-174, US)

mc.webvisor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.216.195.7 (France) 1 redirects

ASN12516 (WEBORAMA Weborama provides Internet Services, FR)

aimfar.solution.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wam-google.solution.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 35.227.208.19 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

cr.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.216.195.18 (France)

ASN12516 (WEBORAMA Weborama provides Internet Services, FR)

wam.solution.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.186.34 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.81.244 (Kansas City, United States)

ASN15169 (GOOGLE, US)

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.99.149.88 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

sync.1dmp.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 145.239.211.22 (Valence, France)

ASN16276 (OVH, FR)

p.crm4d.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.220.243 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.138.144 (France) 2 redirects

ASN201081 (SMARTADSERVER, FR)

sync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:f916:5049:f87f:108e (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.120.24.152 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-24-152.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.218.208.246 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-246.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 79.137.69.120 (France) 1 redirects

ASN16276 (OVH, FR)

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	weborama.fr 9 redirects cstatic.weborama.fr gnezdoruanalytics.solution.weborama.fr rd.frontend.weborama.fr aimfar.solution.weborama.fr cr.frontend.weborama.fr wam.solution.weborama.fr wam-google.solution.weborama.fr idsync.frontend.weborama.fr	20 KB
22	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	277 KB
19	gnezdo.ru news.gnezdo.ru zn2.gnezdo.ru fcgi5.gnezdo.ru	204 KB
17	doubleclick.net 1 redirects googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	55 KB
10	gnezdo.news zn2.gnezdo.news	44 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	87 KB
5	google.com 1 redirects www.google.com adservice.google.com	1 KB
5	yandex.ru 2 redirects mc.yandex.ru	2 KB
4	crm4d.com p.crm4d.com	3 KB
4	weborama.com 2 redirects dx.frontend.weborama.com	825 B
3	googletagservices.com www.googletagservices.com	95 KB
3	google.de www.google.de adservice.google.de	1 KB
2	casalemedia.com 2 redirects ssum-sec.casalemedia.com	2 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	2 KB
2	openx.net 2 redirects rtb.openx.net	760 B
2	smartadserver.com 2 redirects sync.smartadserver.com	1 KB
2	adnxs.com 2 redirects ib.adnxs.com	2 KB
2	1dmp.io 1 redirects sync.1dmp.io	810 B
2	tapad.com 1 redirects pixel.tapad.com	893 B
2	webvisor.org 1 redirects mc.webvisor.org	715 B
2	google-analytics.com www.google-analytics.com	19 KB
2	googleapis.com fonts.googleapis.com	2 KB
2	2xclick.ru 1 redirects news.2xclick.ru	7 KB
1	gemius.pl 1 redirects googlecm.hit.gemius.pl	306 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	461 B
1	agkn.com 1 redirects d.agkn.com	665 B
1	quantserve.com cms.quantserve.com	462 B
1	rlcdn.com idsync.rlcdn.com	416 B
1	googleadservices.com partner.googleadservices.com	639 B
1	jsdelivr.net cdn.jsdelivr.net	49 KB
1	backforward.bid backforward.bid	6 KB
145	31

	Domain	Requested by
31	cr.frontend.weborama.fr	1 redirects cstatic.weborama.fr
14	zn2.gnezdo.ru	news.2xclick.ru zn2.gnezdo.news
12	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
10	pagead2.googlesyndication.com	news.2xclick.ru pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
10	zn2.gnezdo.news	news.2xclick.ru zn2.gnezdo.news
8	cm.g.doubleclick.net	1 redirects news.2xclick.ru googleads.g.doubleclick.net
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
6	rd.frontend.weborama.fr	6 redirects
6	fonts.gstatic.com	fonts.googleapis.com
5	mc.yandex.ru	2 redirects news.2xclick.ru cdn.jsdelivr.net
5	cstatic.weborama.fr	news.2xclick.ru cstatic.weborama.fr
4	p.crm4d.com	rd.frontend.weborama.fr cstatic.weborama.fr
4	dx.frontend.weborama.com	2 redirects news.2xclick.ru cstatic.weborama.fr
3	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
3	www.google.com	1 redirects news.2xclick.ru googleads.g.doubleclick.net
3	news.gnezdo.ru	news.2xclick.ru
2	ssum-sec.casalemedia.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	sync.smartadserver.com	2 redirects
2	ib.adnxs.com	2 redirects
2	sync.1dmp.io	1 redirects news.2xclick.ru
2	pixel.tapad.com	1 redirects cstatic.weborama.fr
2	mc.webvisor.org	1 redirects news.2xclick.ru
2	fcgi5.gnezdo.ru	news.gnezdo.ru news.2xclick.ru
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	gnezdoruanalytics.solution.weborama.fr	1 redirects news.2xclick.ru
2	www.google-analytics.com	news.2xclick.ru www.google-analytics.com
2	fonts.googleapis.com	zn2.gnezdo.news googleads.g.doubleclick.net
2	news.2xclick.ru	1 redirects
1	googlecm.hit.gemius.pl	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	d.agkn.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	www.gstatic.com	googleads.g.doubleclick.net
1	idsync.rlcdn.com	cstatic.weborama.fr
1	idsync.frontend.weborama.fr	cstatic.weborama.fr
1	wam-google.solution.weborama.fr	1 redirects
1	wam.solution.weborama.fr	cstatic.weborama.fr
1	aimfar.solution.weborama.fr	cstatic.weborama.fr
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.google.de	news.2xclick.ru
1	stats.g.doubleclick.net	www.google-analytics.com
1	cdn.jsdelivr.net	news.2xclick.ru
1	backforward.bid	news.2xclick.ru
145	46

This site contains links to these domains. Also see Links.

Domain
gnezdo.online
lk-gnezdo.com
www.rambler.ru
news.gnezdo.ru

Subject Issuer	Validity	Valid
news.2xclick.ru R3	`2021-02-28` - `2021-05-29`	3 months	crt.sh
zn2.2xclick.ru R3	`2021-02-17` - `2021-05-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
news.gnezdo.ru R3	`2021-02-28` - `2021-05-29`	3 months	crt.sh
backforward.bid R3	`2021-03-07` - `2021-06-05`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-26` - `2021-04-17`	6 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
edgecastcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2020-11-19` - `2021-11-17`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
mc.yandex.ru Yandex CA	`2021-02-27` - `2021-08-09`	5 months	crt.sh
*.solution.weborama.fr Go Daddy Secure Certificate Authority - G2	`2020-01-11` - `2022-03-11`	2 years	crt.sh
*.frontend.weborama.com Go Daddy Secure Certificate Authority - G2	`2019-08-29` - `2021-10-27`	2 years	crt.sh
www.google.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
fcgi5.gnezdo.ru R3	`2021-02-25` - `2021-05-26`	3 months	crt.sh
mc.webvisor.com Yandex CA	`2020-09-29` - `2021-03-23`	6 months	crt.sh
*.frontend.weborama.fr Go Daddy Secure Certificate Authority - G2	`2019-02-20` - `2021-04-21`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2020-10-05` - `2021-11-06`	a year	crt.sh
sync.1dmp.io R3	`2021-01-21` - `2021-04-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
crm4d.com R3	`2021-02-25` - `2021-05-26`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh

This page contains 13 frames:

Primary Page: https://news.2xclick.ru/
Frame ID: 7B3DB1C44D0505769F7DC7B750638AFA
Requests: 59 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210303/r20190131/zrt_lookup.html
Frame ID: 3F5EEF6F9527FAEE9C9D76A20DDBE77C
Requests: 1 HTTP requests in this frame

Frame: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Frame ID: 8CE69FB8D3DE7907E0DC04114268BBCE
Requests: 42 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
Frame ID: EF51E665DCF5A5C204D29EB4F1F518EC
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&adk=1812271804&adf=3025194257&lmt=1615211571&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fnews.2xclick.ru%2F&ea=0&flash=0&pra=7&wgl=1&dt=1615211571279&bpp=3&bdt=329&idt=141&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=500x280&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=2&uci=a!2&fsb=1&dtd=149
Frame ID: FE0E54D72DCDB485F385D50608CC1544
Requests: 1 HTTP requests in this frame

Frame: https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r=%27499495
Frame ID: B802AA0AE9994059B1FEE0487212F521
Requests: 1 HTTP requests in this frame

Frame: https://cr.frontend.weborama.fr/cr?key=nielsen&url=https%3A%2F%2Floadus.exelator.com%2Fload%2F%3Fp%3D204%26g%3D1020%26j%3Dw
Frame ID: 6114DB332F377DC58D6DA2995860FA1B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 4D3694A9A3BD512C82455D4B1324291E
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js
Frame ID: 6BBEAA6692AE9DA863863471B25D7766
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Frame ID: C4D253A8B5011F0E219D92D7044A5E03
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3C18CF0A7DB7E39C4F7979151B5B17C4
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js
Frame ID: 24CEE13644D5ECF2AB1A87D6428265CD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 281F5DE36D0A1805884E1F801FA7B4B9
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Gnezdo.ru.

Page URL History Show full URLs

http://news.2xclick.ru/ HTTP 301
https://news.2xclick.ru/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

145
Requests

100 %
HTTPS

45 %
IPv6

31
Domains

46
Subdomains

41
IPs

7
Countries

870 kB
Transfer

1795 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://gnezdo.online/
Title:

Search URL Search Domain Scan URL

URL: https://lk-gnezdo.com/cgi-bin/admin/login.cgi
Title: Вход

Search URL Search Domain Scan URL

URL: https://gnezdo.online/vakansii/
Title: Заработай с нами

Search URL Search Domain Scan URL

URL: https://gnezdo.online/pokupka-trafika/
Title: Рекламодателям

Search URL Search Domain Scan URL

URL: https://gnezdo.online/monetizatsiya-trafika/
Title: Вебмастерам

Search URL Search Domain Scan URL

URL: https://www.rambler.ru/?clid=43007595&utm_source=gnezdo_horo&utm_campaign=head&utm_medium=exchange&utm_term=0&utm_content=932240&es=gnezdo_news&_openstat=gnezdo_horo;exchange;head;
Title: Этот знак Зодиака стареет быстрее других

Search URL Search Domain Scan URL

URL: https://news.gnezdo.ru/tests/health/
Title: ТЕСТ Наносит ли выпивка ущерб вашему здоровью?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://news.2xclick.ru/ HTTP 301
https://news.2xclick.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A2%3Adp%3A0%3Als%3A269869058032%3Ahid%3A696317235%3Az%3A60%3Ai%3A20210308145251%3Aet%3A1615211571%3Ac%3A1%3Arn%3A308078489%3Au%3A1615211571448562942%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615211570513%3Ads%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C329%2C8%2C%2C%2C%2C766%3Adsn%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C330%2C8%2C%2C%2C%2C766%3Ati%3A2%3Ast%3A1615211571 HTTP 302
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A2%3Adp%3A0%3Als%3A269869058032%3Ahid%3A696317235%3Az%3A60%3Ai%3A20210308145251%3Aet%3A1615211571%3Ac%3A1%3Arn%3A308078489%3Au%3A1615211571448562942%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615211570513%3Ads%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C329%2C8%2C%2C%2C%2C766%3Adsn%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C330%2C8%2C%2C%2C%2C766%3Ati%3A2%3Ast%3A1615211571

Request Chain 42

https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615215171&ta=1600x1200&co=24&ref= HTTP 302
https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615215171&ta=1600x1200&co=24&ref=&BOUNCE=OK

Request Chain 43

https://dx.frontend.weborama.com/collect?touchpoint=0&url=https%3A//news.2xclick.ru/ HTTP 302
https://dx.frontend.weborama.com/collect?touchpoint=0&url=https%3A%2F%2Fnews.2xclick.ru%2F&bounce=1&random=1413784783 HTTP 302
https://rd.frontend.weborama.fr/rd?key=wamsync&url=https%3A%2F%2Fdx.frontend.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D HTTP 302
https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h

Request Chain 54

https://mc.webvisor.org/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=9206.86JSP64E5lRZjZyowZ75W4hOOd5zL2vIJZUwkfm5IjWjkPAyPTRuIOX8LrRtSVVV.2UYgzPwv6bqM1aiwnr0wafnt_uQ%2C HTTP 302
https://mc.webvisor.org/sync_cookie_image_decide?token=9206.yFdRSMBaZF2fNK9wy1GaGDqlbsk63O3sSKQOiRpyK1tsPzmgOfnyE00rtXEvXUegYmK6m9pfuAaxzMoG1_uluB9-QH3pnpWFv7SjK6b2cV4%2C.xb16uSVlcIHi1J3ShqV5eSIWTY4%2C

Request Chain 55

https://rd.frontend.weborama.fr/rd?key=synchro&url=https%3A%2F%2Fcstatic.weborama.fr%2Fiframe%2Fexternal_all.html%3Fsite%3D485736%26loop%3D1 HTTP 302
https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1

Request Chain 57

https://rd.frontend.weborama.fr/rd?key=idsync-prx&url=https%3A%2F%2Faimfar.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dprx%26g.r%3D%27499495 HTTP 302
https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r=%27499495

Request Chain 59

https://rd.frontend.weborama.fr/rd?key=idsync-cj&url=https%3A%2F%2Fwam.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dcj%26d.k%3Dgraphinium HTTP 302
https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cj&d.k=graphinium

Request Chain 60

https://cm.g.doubleclick.net/pixel?google_nid=weborama_dmp&google_cm HTTP 302
https://wam-google.solution.weborama.fr/pixel?google_gid=CAESENc1o4fZD-i6Hu9StGqExuE&google_cver=1 HTTP 301
https://idsync.frontend.weborama.fr/ids?key=ggl&value=CAESENc1o4fZD-i6Hu9StGqExuE&google_gid=CAESENc1o4fZD-i6Hu9StGqExuE&google_cver=1

Request Chain 66

https://cr.frontend.weborama.fr/cr?key=acxiom&url=https%3a%2f%2fidsync.rlcdn.com%2f401736.gif%3fpartner_uid%3d%7bWEBO_CID%7d HTTP 302
https://idsync.rlcdn.com/401736.gif?partner_uid=Cn1cZQNnWLah2a6qycY9cu

Request Chain 67

https://rd.frontend.weborama.fr/rd?key=bigsea&url=https%3A%2F%2Fdx.frontend.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D HTTP 302
https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h

Request Chain 69

https://rd.frontend.weborama.fr/rd?key=tapad&url=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3D2964%26partner_device_id%3D%7BWEBO_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=2964&partner_device_id=IYJb7z0RWv8h HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2964&partner_device_id=IYJb7z0RWv8h

Request Chain 93

https://sync.1dmp.io/pixel.gif?cid=4619280f-7aee-412b-991e-5007b05519a2&brid=1b89b071-72bc-4c19-b96c-2ee973304856&pid=w&uid=XV9kdWBGLDM7aiDpBGtjAg== HTTP 302
https://sync.1dmp.io/pixel.gif?cid=4619280f-7aee-412b-991e-5007b05519a2&brid=1b89b071-72bc-4c19-b96c-2ee973304856&pid=w&uid=XV9kdWBGLDM7aiDpBGtjAg==&cs=1

Request Chain 106

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 109

https://ib.adnxs.com/getuid?https%3A%2F%2Fp.crm4d.com%2Fsync%2Fappnexus%2Fs.gif%3Fbounce%3D1%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fp.crm4d.com%252Fsync%252Fappnexus%252Fs.gif%253Fbounce%253D1%2526uid%253D%2524UID HTTP 302
https://p.crm4d.com/sync/appnexus/s.gif?bounce=1&uid=1792241714239790060

Request Chain 110

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D HTTP 302
https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D&cklb=1 HTTP 302
https://p.crm4d.com/sync/sas/s.gif?bounce=1&uid=3054413842940510375

Request Chain 127

https://d.agkn.com/pixel/2175/?google_gid=CAESEJRqdYZcOhaiBBRubsebFl4&google_cver=1&google_push=AQvitUJM3CMsG-nqN37veRUkGmks-ZwWObiAyl57-RlThmyEfIPyc8I1YHu4set_rSuLgNdGnDKwaJxssgjiG8BvE5Po6rpEAD-U HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VKUnFkWVpjT2hhaUJCUnVic2ViRmw0

Request Chain 128

https://rtb.openx.net/sync/dds?google_gid=CAESEDe52FZqri6F1S7gSpu04Sk&google_cver=1&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEDe52FZqri6F1S7gSpu04Sk&google_cver=1&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET&google_hm=ruKnt9bhyq4yHtoEhmzZrA==

Request Chain 129

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEM0VOjZzN_LN-5Qcx4ci5yE&google_cver=1&google_push=AQvitUKDXo98dN3cmDvjIEIq9tbmNiCabiaiB3fAiu2wgbB-qqi8n4pWe3TktYP3t1o2il97f3FoPgxibg0UN5jz8YWXqLOGhcw HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEM0VOjZzN_LN-5Qcx4ci5yE&google_cver=1&google_push=AQvitUKDXo98dN3cmDvjIEIq9tbmNiCabiaiB3fAiu2wgbB-qqi8n4pWe3TktYP3t1o2il97f3FoPgxibg0UN5jz8YWXqLOGhcw&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=2wzcwqw4R_6L4FafT4bpYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKDXo98dN3cmDvjIEIq9tbmNiCabiaiB3fAiu2wgbB-qqi8n4pWe3TktYP3t1o2il97f3FoPgxibg0UN5jz8YWXqLOGhcw

Request Chain 130

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDrNZQAcilko0_sUF8QmRZU&google_cver=1&google_push=AQvitULYguSTcGja-DdaHX5QTkKLxVRhvyBL40_WocoPfiMVGaqOgQWw_wzYJf7BFYevmGIpysko9hxc1bGL8MQsA-_E9rZj6W7j HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S00wTjlMV1ktMjMtRVBTVQ==&google_push=AQvitULYguSTcGja-DdaHX5QTkKLxVRhvyBL40_WocoPfiMVGaqOgQWw_wzYJf7BFYevmGIpysko9hxc1bGL8MQsA-_E9rZj6W7j

Request Chain 131

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk&google_cver=1&google_push=AQvitUI2D_jYeJB2uSEo__ldFxc62qHHajnQmjYCVXrppN_zIyfXT4aJqwqFgr331QYFRmyYk3QtkUseHoD2BAq9dnsL2gG96Di7 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk&google_cver=1&google_push=AQvitUI2D_jYeJB2uSEo__ldFxc62qHHajnQmjYCVXrppN_zIyfXT4aJqwqFgr331QYFRmyYk3QtkUseHoD2BAq9dnsL2gG96Di7&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YEYsNCmKsemMpelDKfzgwwAABLwAAAAB&google_push=AQvitUI2D_jYeJB2uSEo__ldFxc62qHHajnQmjYCVXrppN_zIyfXT4aJqwqFgr331QYFRmyYk3QtkUseHoD2BAq9dnsL2gG96Di7&google_cver=1&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk

Request Chain 132

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEDhYS18MJg_DGM63WJWmMwc&google_cver=1&google_push=AQvitUIf6VUctgT4XTgLBVsSgIbb_-XGQhJSJI1qTMwMLGnLnBCGNprQr9ONGGgV6G69giLWCOfUikd5cp9ukOPeg_SybOpnchb_HQ HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUIf6VUctgT4XTgLBVsSgIbb_-XGQhJSJI1qTMwMLGnLnBCGNprQr9ONGGgV6G69giLWCOfUikd5cp9ukOPeg_SybOpnchb_HQ&google_hm=

145 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
news.2xclick.ru/
Redirect Chain

http://news.2xclick.ru/
https://news.2xclick.ru/

16 KB
6 KB

286ms
115ms

Document
text/html

93.95.100.117
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://news.2xclick.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.100.117 Podolsk, Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: 30de18a45b7d212cfe98ee09d37f4e795a77965d71d797ab503f448fab5763b7

Request headers

Host: news.2xclick.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx/1.10.3
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 08 Mar 2021 13:52:51 GMT
Date: Mon, 08 Mar 2021 13:52:50 GMT
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Set-Cookie: uid=XV9kdWBGLDI4yCDhBh44Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/; secure; SameSite=none
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Content-Encoding: gzip

Redirect headers

Server: nginx/1.10.3
Date: Mon, 08 Mar 2021 13:52:50 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://news.2xclick.ru/
Set-Cookie: uid=XV9kdWBGLDI3JCDdBDlzAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"

GET
H2 200 style15.css
zn2.gnezdo.news/new-lenta/ 8 KB
2 KB 225ms
71ms Stylesheet
text/css 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 95f9f7d5fc896cddb14ac87de2c177488da4249aa25c977a620cf99463d615d4

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
last-modified: Wed, 30 Sep 2020 04:23:26 GMT
server: nginx
etag: "5f74083e-848"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
content-length: 2120
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 health.css
zn2.gnezdo.news/new-lenta/ 2 KB
2 KB 225ms
72ms Stylesheet
text/css 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zn2.gnezdo.news/new-lenta/health.css?1
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 01266b002c3a5fd944f5d5a6c9a7bcedf1274ea6c9baef3d2f14457d364014da

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Tue, 29 Sep 2020 05:06:28 GMT
server: nginx
etag: "5f72c0d4-8f1"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 2289
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 white-logo.png
zn2.gnezdo.news/new-lenta/img/ 4 KB
4 KB 282ms
132ms Image
image/png 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.news/new-lenta/img/white-logo.png
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: f3d3d5e79c6c3971916ebb40d8f16c3d584efe53669023273eeca33928178bfe

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Fri, 12 Jul 2019 13:56:19 GMT
server: nginx
etag: "5d289183-1100"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 4352
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 enter_ad.png
zn2.gnezdo.news/src/ 693 B
891 B 104ms
104ms Image
image/png 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.news/src/enter_ad.png
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 679c798fd4e7e8b2e875df662470ae6a0e01f5d8490a8d22bca5d419b30987cd

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Tue, 25 Apr 2017 08:51:56 GMT
server: nginx
etag: "58ff0e2c-2b5"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 693
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 140 KB
49 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b9b5737c8859fa4566da81b0d34c3084f0d83ee7dc2ac8afab3c4ed45685d9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50479
x-xss-protection: 0
server: cafe
etag: 13215137272821469477
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 08 Mar 2021 13:52:50 GMT

GET
H/1.1 200
OK health.jpg
news.gnezdo.ru/tests/health/ 4 KB
5 KB 217ms
71ms Image
image/jpeg 93.95.100.117
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news.gnezdo.ru/tests/health/health.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.100.117 Podolsk, Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: 1c38153acac347bda02a24b09e16db230167f0a51d6d1974ff1e505c1282bdd6

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Mar 2021 13:52:51 GMT
Last-Modified: Thu, 08 Nov 2018 10:09:56 GMT
Server: nginx/1.10.3
ETag: "5be40b74-110b"
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 4363
Expires: Tue, 08 Mar 2022 13:52:51 GMT

GET
H/1.1 200
OK loader.js Show response
news.gnezdo.ru/ 85 KB
17 KB 296ms
135ms Script
application/javascript 93.95.100.117
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://news.gnezdo.ru/loader.js
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.100.117 Podolsk, Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: ec5f165087df17f3e42b3dd772feaa4cb90a47a130f0e6000a29aad4aadfb666

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Mar 2021 13:52:51 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Mar 2021 11:25:45 GMT
Server: nginx/1.10.3
ETag: "603f7239-428c"
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Cache-Control: max-age=86400
Connection: keep-alive
Content-Type: application/javascript
Content-Length: 17036
Expires: Tue, 09 Mar 2021 13:52:51 GMT

GET
H2 200 jquery-2.2.4.min.js Show response
zn2.gnezdo.news/js/ 84 KB
29 KB 276ms
125ms Script
application/javascript 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zn2.gnezdo.news/js/jquery-2.2.4.min.js
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
last-modified: Fri, 20 Apr 2018 12:54:54 GMT
server: nginx
etag: "5ad9e31e-7429"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
content-length: 29737
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 modernizr.js Show response
zn2.gnezdo.news/new-lenta/ 3 KB
2 KB 283ms
132ms Script
application/javascript 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zn2.gnezdo.news/new-lenta/modernizr.js
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 840f575220d6b42197251483e8b3b486bce6f7c4c4bddfff022580d3bb39ce4b

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
last-modified: Thu, 28 Jun 2018 11:03:22 GMT
server: nginx
etag: "5b34c07a-53e"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
content-length: 1342
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 new_lenta_colors13.js Show response
zn2.gnezdo.news/js/ 5 KB
2 KB 223ms
72ms Script
application/javascript 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 288f12fba91b5cb98bbceee4d2affe465da49ec64528bba1f3525826c771846c

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
last-modified: Thu, 18 Feb 2021 07:58:16 GMT
server: nginx
etag: "602e1e18-6eb"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
content-length: 1771
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 QUiaUaxw.js Show response
backforward.bid/pushJs/ 24 KB
6 KB 251ms
84ms Script
application/javascript 91.210.107.38
HOSTKEY-RU-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://backforward.bid/pushJs/QUiaUaxw.js
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.210.107.38 Moscow, Russian Federation, ASN50867 (HOSTKEY-RU-AS, NL),
Reverse DNS
Software: cloudflare-nginx /
Resource Hash: d36426977c5c9a2f7e81196df9ac0198158c4d641fd6c7e445b7204051c11395

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: br
last-modified: Thu, 17 Dec 2020 10:15:50 GMT
server: cloudflare-nginx
etag: W/"5fdb2fd6-5ed7"
content-type: application/javascript
cache-control: max-age=259200, public, must_revalidate
expires: Mon, 25 Jan 2021 05:45:09 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
668 B 23ms
22ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed

Requested by

Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f51c09f7389cdc5cfdbd249cc66f95f51480041e42da46e5adf088e7bea9a686

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://zn2.gnezdo.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 08 Mar 2021 13:24:01 GMT
server: ESF
date: Mon, 08 Mar 2021 13:52:51 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 08 Mar 2021 13:52:51 GMT

GET
H2 200 watch.js Show response
cdn.jsdelivr.net/npm/yandex-metrica-watch/ 123 KB
49 KB 10ms
6ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

13b5305d3842a4989f440c5590607a3c30b20276e6945f48c9061be4469ec449

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 41597
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 49961
etag: W/"1ed5d-z5nC/r3r16ufr3F0zB9RZLtc/ME"
x-served-by: cache-fra19182-FRA, cache-hhn4029-HHN
date: Mon, 08 Mar 2021 13:52:51 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 6615
date: Mon, 08 Mar 2021 12:02:36 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Mon, 08 Mar 2021 14:02:36 GMT

GET
H2 200 products.js Show response
cstatic.weborama.fr/js/ 25 KB
7 KB 114ms
28ms Script
text/javascript 93.184.221.133
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cstatic.weborama.fr/js/products.js
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6C9A) /
Resource Hash: 0c2e51ff8d93d23a47ac9696ba28911ef3bd596e40a8d456a238219ff1607a42

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
last-modified: Tue, 24 Nov 2020 13:24:27 GMT
server: ECAcc (mil/6C9A)
age: 519791
etag: "3608441127"
vary: Accept-Encoding
x-cache: HIT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-type: text/javascript
content-length: 7235
expires: Mon, 15 Mar 2021 13:52:51 GMT

GET
H2 200 pink-top.png
zn2.gnezdo.news/new-lenta/img/ 143 B
341 B 70ms
68ms Image
image/png 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.news/new-lenta/img/pink-top.png
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 91a23159638a846a426eb990ec53821e49518e78924d10f45ee5178ba44de83b

Request headers

Referer: https://zn2.gnezdo.news/new-lenta/style15.css?1234
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Tue, 20 Aug 2019 12:24:30 GMT
server: nginx
etag: "5d5be67e-8f"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 143
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK u1275_favicon__a4440b35c2.jpg
news.gnezdo.ru/img/original/ 418 B
786 B 69ms
67ms Image
image/jpeg 93.95.100.117
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news.gnezdo.ru/img/original/u1275_favicon__a4440b35c2.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.100.117 Podolsk, Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: e57a5e9c483b7b5fc03a86cd27b51d0524385d8323378d586a854d16b1844816

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Mar 2021 13:52:51 GMT
Last-Modified: Fri, 25 May 2018 14:14:43 GMT
Server: nginx/1.10.3
ETag: "5b081a53-1a2"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 418
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1067300_181dc2481e.jpg
zn2.gnezdo.ru/img/300x300/300/ 16 KB
16 KB 79ms
76ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/300x300/300/1067300_181dc2481e.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 2c47d0f235ec7716df9225cfa5343612118acf59be4d8ff658147d8aaca85db7

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Mon, 08 Feb 2021 09:31:16 GMT
server: nginx
etag: "602104e4-3f3c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 16188
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 like.png
zn2.gnezdo.news/new-lenta/img/ 684 B
882 B 70ms
68ms Image
image/png 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.news/new-lenta/img/like.png
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: b59d5d931ece7fab4c2378e6e3979c793f6e52e8a1bc6e7c1fa569e03d96f49f

Request headers

Referer: https://zn2.gnezdo.news/new-lenta/style15.css?1234
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Thu, 28 Jun 2018 10:56:50 GMT
server: nginx
etag: "5b34bef2-2ac"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 684
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 close.png
zn2.gnezdo.news/new-lenta/img/ 276 B
474 B 70ms
68ms Image
image/png 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.news/new-lenta/img/close.png
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/new-lenta/style15.css?1234
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 9b6b5e0c551bac6ccde502c3bf5c75d1efe6b1da975c0d251a4a17b8adcc74a5

Request headers

Referer: https://zn2.gnezdo.news/new-lenta/style15.css?1234
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Thu, 28 Jun 2018 10:56:50 GMT
server: nginx
etag: "5b34bef2-114"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 276
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1084402_f5493e6a58.jpg
zn2.gnezdo.ru/img/200x200/402/ 10 KB
10 KB 73ms
70ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/402/1084402_f5493e6a58.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: cf168895b75473e4deef6e9a37d5ded455e419df68393abf1a598cc753e632d1

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Sun, 07 Mar 2021 13:27:21 GMT
server: nginx
etag: "6044d4b9-26a8"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 9896
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1081819_d6f76c759b.jpg
zn2.gnezdo.ru/img/200x200/819/ 12 KB
12 KB 74ms
71ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/819/1081819_d6f76c759b.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: c13a975196eba31a7bedd7eefd67e28d0b692dbfeecdceab71a2389ef4f840f2

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Wed, 03 Mar 2021 10:52:17 GMT
server: nginx
etag: "603f6a61-3042"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 12354
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1055700_745195a483.jpg
zn2.gnezdo.ru/img/300x300/700/ 20 KB
21 KB 108ms
108ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/300x300/700/1055700_745195a483.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 774a5433618525ab5bfee92b4291b762331c83123c3492a0c2eef948bf3cfec8

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Tue, 19 Jan 2021 19:19:25 GMT
server: nginx
etag: "600730bd-518c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 20876
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1076771_f6d7e52de9.jpg
zn2.gnezdo.ru/img/200x200/771/ 8 KB
8 KB 100ms
99ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/771/1076771_f6d7e52de9.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: b4564c488105877b36227160aea0e748dea88465ef3ac31de3f534bb8888dbfa

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Tue, 23 Feb 2021 13:27:10 GMT
server: nginx
etag: "603502ae-1f7c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 8060
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1003567_f9e72dc443.jpg
zn2.gnezdo.ru/img/200x200/567/ 12 KB
12 KB 99ms
99ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/567/1003567_f9e72dc443.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: a0596eb3022fd302233ff74da6ecd8eb4c511abf9112d8a8e09cfe356616193a

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Sat, 24 Oct 2020 13:03:09 GMT
server: nginx
etag: "5f94260d-2e46"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 11846
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1059145_ff4dc2a58a.jpg
zn2.gnezdo.ru/img/200x200/145/ 8 KB
9 KB 99ms
99ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/145/1059145_ff4dc2a58a.jpg
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 78130fb1304df552cb3519b8c1cfd9dcfdbb9dd736c69ed917e13e8cf368220c

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Mon, 25 Jan 2021 14:09:38 GMT
server: nginx
etag: "600ed122-21c7"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 8647
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19a7DRs5.woff2
fonts.gstatic.com/s/robotocondensed/v19/ 10 KB
10 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19a7DRs5.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a665b3ad14cb2075a396c2c542ea83c928fbcfb08160330bdec73177c63cc97e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://news.2xclick.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 19:41:26 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:08:53 GMT
server: sffe
age: 324685
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9908
x-xss-protection: 0
expires: Fri, 04 Mar 2022 19:41:26 GMT

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v19/ 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://news.2xclick.ru
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 18:30:34 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:08:56 GMT
server: sffe
age: 588137
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15720
x-xss-protection: 0
expires: Tue, 01 Mar 2022 18:30:34 GMT

GET
H3-Q050 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/ 227 KB
86 KB 80ms
65ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1f6f1027092d281d624e67f9f83460ed291ae367b558c16cd6afad7af5eba1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87278
x-xss-protection: 0
server: cafe
etag: 4389487008424739880
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Mar 2021 13:52:51 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210303/r20190131/ Frame 3F5E 11 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210303/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e78c14aeb9435fd03f67ad2ee4c45e18bfcfc100a4c62c8bd886324ce6296f77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210303/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://news.2xclick.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://news.2xclick.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 07 Mar 2021 20:37:42 GMT
expires: Sun, 21 Mar 2021 20:37:42 GMT
content-type: text/html; charset=UTF-8
etag: 14371272352318978350
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 5136
x-xss-protection: 0
age: 62109
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 1067300_181dc2481e.jpg
zn2.gnezdo.ru/img/300x300/300/ 16 KB
16 KB 292ms
138ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/300x300/300/1067300_181dc2481e.jpg
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 2c47d0f235ec7716df9225cfa5343612118acf59be4d8ff658147d8aaca85db7

Request headers

Origin: https://news.2xclick.ru
Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Mon, 08 Feb 2021 09:31:16 GMT
server: nginx
etag: "602104e4-3f3c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 16188
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1084402_f5493e6a58.jpg
zn2.gnezdo.ru/img/200x200/402/ 10 KB
10 KB 296ms
145ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/402/1084402_f5493e6a58.jpg
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: cf168895b75473e4deef6e9a37d5ded455e419df68393abf1a598cc753e632d1

Request headers

Origin: https://news.2xclick.ru
Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Sun, 07 Mar 2021 13:27:21 GMT
server: nginx
etag: "6044d4b9-26a8"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 9896
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1081819_d6f76c759b.jpg
zn2.gnezdo.ru/img/200x200/819/ 12 KB
12 KB 256ms
146ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/819/1081819_d6f76c759b.jpg
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: c13a975196eba31a7bedd7eefd67e28d0b692dbfeecdceab71a2389ef4f840f2

Request headers

Origin: https://news.2xclick.ru
Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Wed, 03 Mar 2021 10:52:17 GMT
server: nginx
etag: "603f6a61-3042"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 12354
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1055700_745195a483.jpg
zn2.gnezdo.ru/img/300x300/700/ 20 KB
21 KB 252ms
146ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/300x300/700/1055700_745195a483.jpg
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 774a5433618525ab5bfee92b4291b762331c83123c3492a0c2eef948bf3cfec8

Request headers

Origin: https://news.2xclick.ru
Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Tue, 19 Jan 2021 19:19:25 GMT
server: nginx
etag: "600730bd-518c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 20876
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1076771_f6d7e52de9.jpg
zn2.gnezdo.ru/img/200x200/771/ 8 KB
8 KB 253ms
146ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/771/1076771_f6d7e52de9.jpg
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: b4564c488105877b36227160aea0e748dea88465ef3ac31de3f534bb8888dbfa

Request headers

Origin: https://news.2xclick.ru
Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Tue, 23 Feb 2021 13:27:10 GMT
server: nginx
etag: "603502ae-1f7c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 8060
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1003567_f9e72dc443.jpg
zn2.gnezdo.ru/img/200x200/567/ 12 KB
12 KB 249ms
143ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/567/1003567_f9e72dc443.jpg
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: a0596eb3022fd302233ff74da6ecd8eb4c511abf9112d8a8e09cfe356616193a

Request headers

Origin: https://news.2xclick.ru
Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Sat, 24 Oct 2020 13:03:09 GMT
server: nginx
etag: "5f94260d-2e46"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 11846
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1059145_ff4dc2a58a.jpg
zn2.gnezdo.ru/img/200x200/145/ 8 KB
9 KB 137ms
137ms Image
image/jpeg 93.95.99.151
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zn2.gnezdo.ru/img/200x200/145/1059145_ff4dc2a58a.jpg
Requested by: Host: zn2.gnezdo.news
URL: https://zn2.gnezdo.news/js/new_lenta_colors13.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.99.151 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 78130fb1304df552cb3519b8c1cfd9dcfdbb9dd736c69ed917e13e8cf368220c

Request headers

Origin: https://news.2xclick.ru
Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Mon, 25 Jan 2021 14:09:38 GMT
server: nginx
etag: "600ed122-21c7"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 8647
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 4 B
68 B 13ms
13ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=810653130&t=pageview&_s=1&dl=https%3A%2F%2Fnews.2xclick.ru%2F&ul=en-us&de=UTF-8&dt=Gnezdo.ru.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1213974873&gjid=1140625271&cid=205560568.1615211571&tid=UA-5044672-6&_gid=1495975381.1615211571&_r=1&_slc=1&z=1319035267

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://news.2xclick.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

1 Show response
mc.yandex.ru/watch/3/
Redirect Chain

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%3...
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%...

35 B
69 B

45ms
45ms

XHR
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A2%3Adp%3A0%3Als%3A269869058032%3Ahid%3A696317235%3Az%3A60%3Ai%3A20210308145251%3Aet%3A1615211571%3Ac%3A1%3Arn%3A308078489%3Au%3A1615211571448562942%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615211570513%3Ads%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C329%2C8%2C%2C%2C%2C766%3Adsn%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C330%2C8%2C%2C%2C%2C766%3Ati%3A2%3Ast%3A1615211571

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

efbdf9cab6b6cf2bf7207ae4e0456c9462b2c0d4c2de76d65442de2af7253f2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
x-content-type-options: nosniff
last-modified: Mon, 08-Mar-2021 13:52:51 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://news.2xclick.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 35
x-xss-protection: 1; mode=block
expires: Mon, 08-Mar-2021 13:52:51 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Mon, 08-Mar-2021 13:52:51 GMT
location: /watch/3/1?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A2%3Adp%3A0%3Als%3A269869058032%3Ahid%3A696317235%3Az%3A60%3Ai%3A20210308145251%3Aet%3A1615211571%3Ac%3A1%3Arn%3A308078489%3Au%3A1615211571448562942%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615211570513%3Ads%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C329%2C8%2C%2C%2C%2C766%3Adsn%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C330%2C8%2C%2C%2C%2C766%3Ati%3A2%3Ast%3A1615211571
strict-transport-security: max-age=31536000
access-control-allow-origin: https://news.2xclick.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0
x-xss-protection: 1; mode=block
expires: Mon, 08-Mar-2021 13:52:51 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
88 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j88&tid=UA-5044672-6&cid=205560568.1615211571&jid=1213974873&gjid=1140625271&_gid=1495975381.1615211571&_u=IEBAAEAAAAAAAC~&z=25719060

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 08 Mar 2021 13:52:51 GMT
content-type: text/plain
access-control-allow-origin: https://news.2xclick.ru
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 advert.gif
mc.yandex.ru/metrika/ 43 B
177 B 45ms
44ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
last-modified: Thu, 04 Mar 2021 17:30:33 GMT
etag: "603efc40-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Mon, 08 Mar 2021 14:52:51 GMT

GET
H2 200 external_all.html Show response
cstatic.weborama.fr/iframe/ Frame 8CE6 6 KB
2 KB 29ms
28ms Document
text/html 93.184.221.133
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/js/products.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6C14) /
Resource Hash: dd06964bce4d3d30c47a19c923bae3589dcbf82614938d4ff8fd1772cdf20249

Request headers

:method: GET
:authority: cstatic.weborama.fr
:scheme: https
:path: /iframe/external_all.html?site=485736
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://news.2xclick.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://news.2xclick.ru/

Response headers

content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 521179
cache-control: max-age=604800
content-type: text/html
date: Mon, 08 Mar 2021 13:52:51 GMT
etag: "1973320744"
expires: Mon, 15 Mar 2021 13:52:51 GMT
last-modified: Tue, 02 Mar 2021 12:57:24 GMT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server: ECAcc (mil/6C14)
vary: Accept-Encoding
x-cache: HIT
content-length: 1697

GET
H/1.1

200
OK

comptage_wreport.fcgi
gnezdoruanalytics.solution.weborama.fr/fcgi-bin/
Redirect Chain

https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615215171&ta=1600x1200&co=24&ref=
https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615215171&ta=1600x1200&co=24&ref=&BOUNCE=OK

67 B
721 B

33ms
33ms

Image
image/gif

195.54.48.26
WEBORAMA Weborama...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615215171&ta=1600x1200&co=24&ref=&BOUNCE=OK
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.54.48.26 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
Software: Apache /
Resource Hash: 09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
cache-control: no-cache
server: Apache
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
transfer-encoding: chunked
content-type: image/gif

Redirect headers

location: https://gnezdoruanalytics.solution.weborama.fr/fcgi-bin/comptage_wreport.fcgi?WRP_ID=485736&WRP_SECTION=Home&WRP_SUBSECTION=Home&ver=2&da2=1615215171&ta=1600x1200&co=24&ref=&BOUNCE=OK
date: Mon, 08 Mar 2021 13:52:51 GMT
server: Apache
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
content-length: 399
content-type: text/html; charset=iso-8859-1

GET
H2

204

collect
dx.frontend.weborama.com/
Redirect Chain

https://dx.frontend.weborama.com/collect?touchpoint=0&url=https%3A//news.2xclick.ru/
https://dx.frontend.weborama.com/collect?touchpoint=0&url=https%3A%2F%2Fnews.2xclick.ru%2F&bounce=1&random=1413784783
https://rd.frontend.weborama.fr/rd?key=wamsync&url=https%3A%2F%2Fdx.frontend.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D
https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h

0
123 B

33ms
33ms

Image
text/plain

35.201.80.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.80.102 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
location: https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
118 B 31ms
31ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-5044672-6&cid=205560568.1615211571&jid=1213974873&_u=IEBAAEAAAAAAAC~&z=1292343838

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
30ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-5044672-6&cid=205560568.1615211571&jid=1213974873&_u=IEBAAEAAAAAAAC~&z=1292343838

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 200 B
639 B 118ms
59ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=news.2xclick.ru&callback=_gfp_s_&client=ca-pub-5828883634660773

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210303/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5828883634660773&plah=news.2xclick.ru&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

79d3da19d3afba5d03555e93708223c10dc83c0073b32fc7bb6b6c90a9d9e8ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 191
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 16ms
16ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=news.2xclick.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=news.2xclick.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EF51 60 KB
22 KB 373ms
367ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3e4b85486d70f1abded316e6a990d906182b3f9761c432a00ad86c4d29dc0bb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://news.2xclick.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://news.2xclick.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 08 Mar 2021 13:52:51 GMT
server: cafe
content-length: 22112
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 08-Mar-2021 14:07:51 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 08 Mar 2021 13:52:51 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2b04100564fd9141d7acbd40482d40a3c5b4af2cf25b2cf8726b5608841d61a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774803212306"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28399
x-xss-protection: 0
expires: Mon, 08 Mar 2021 13:52:51 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FE0E 0
270 B 25ms
24ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&adk=1812271804&adf=3025194257&lmt=1615211571&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fnews.2xclick.ru%2F&ea=0&flash=0&pra=7&wgl=1&dt=1615211571279&bpp=3&bdt=329&idt=141&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=500x280&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=2&uci=a!2&fsb=1&dtd=149

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5828883634660773&output=html&adk=1812271804&adf=3025194257&lmt=1615211571&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fnews.2xclick.ru%2F&ea=0&flash=0&pra=7&wgl=1&dt=1615211571279&bpp=3&bdt=329&idt=141&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=500x280&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=2&uci=a!2&fsb=1&dtd=149
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://news.2xclick.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://news.2xclick.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 08 Mar 2021 13:52:51 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 08-Mar-2021 14:07:51 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 08 Mar 2021 13:52:51 GMT
cache-control: private

GET
H2 200 tzr.fcgi Show response
fcgi5.gnezdo.ru/cgi-bin/ 7 KB
7 KB 259ms
96ms XHR
application/json 185.148.37.79
MTW-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fcgi5.gnezdo.ru/cgi-bin/tzr.fcgi?id=18081&f=2&ref=https%3A//news.2xclick.ru/&gw=801&gh=0&gaid=0&gtvm=&ids=0
Requested by: Host: news.gnezdo.ru
URL: https://news.gnezdo.ru/loader.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.148.37.79 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 6084dbc9ba1c3508eb1c5a44194140376dcde207aff89ab34f6cd1ea4cfcd5dd

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx
access-control-allow-methods: GET, POST, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: https://news.2xclick.ru
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With

GET
H2 200 external_libs.js Show response
cstatic.weborama.fr/iframe/ Frame 8CE6 5 KB
2 KB 28ms
28ms Script
text/javascript 93.184.221.133
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cstatic.weborama.fr/iframe/external_libs.js
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6C8D) /
Resource Hash: 05380d354053cfd0e7a2f0f6abd805fbfb303e487bbe67ef78ea91a278d56a96

Request headers

Referer: https://cstatic.weborama.fr/iframe/external_all.html?site=485736
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
last-modified: Tue, 08 Sep 2020 08:07:23 GMT
server: ECAcc (mil/6C8D)
age: 20919
etag: "3469217132"
vary: Accept-Encoding
x-cache: HIT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-type: text/javascript
content-length: 1997
expires: Mon, 15 Mar 2021 13:52:51 GMT

GET
H2

200

sync_cookie_image_decide
mc.webvisor.org/
Redirect Chain

https://mc.webvisor.org/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=9206.86JSP64E5lRZjZyowZ75W4hOOd5zL2vIJZUwkfm5IjWjkPAyPTRuIOX8LrRtSVVV.2UYgzPwv6bqM1aiwnr0wafnt_uQ%2C
https://mc.webvisor.org/sync_cookie_image_decide?token=9206.yFdRSMBaZF2fNK9wy1GaGDqlbsk63O3sSKQOiRpyK1tsPzmgOfnyE00rtXEvXUegYmK6m9pfuAaxzMoG1_uluB9-QH3pnpWFv7SjK6b2cV4%2C.xb16uSVlcIHi1J3ShqV5eSIWTY...

43 B
358 B

85ms
84ms

Image
image/gif

154.47.36.46
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.webvisor.org/sync_cookie_image_decide?token=9206.yFdRSMBaZF2fNK9wy1GaGDqlbsk63O3sSKQOiRpyK1tsPzmgOfnyE00rtXEvXUegYmK6m9pfuAaxzMoG1_uluB9-QH3pnpWFv7SjK6b2cV4%2C.xb16uSVlcIHi1J3ShqV5eSIWTY4%2C

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

154.47.36.46 , United States, ASN174 (COGENT-174, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.webvisor.org/sync_cookie_image_decide?token=9206.yFdRSMBaZF2fNK9wy1GaGDqlbsk63O3sSKQOiRpyK1tsPzmgOfnyE00rtXEvXUegYmK6m9pfuAaxzMoG1_uluB9-QH3pnpWFv7SjK6b2cV4%2C.xb16uSVlcIHi1J3ShqV5eSIWTY4%2C
date: Mon, 08 Mar 2021 13:52:51 GMT
strict-transport-security: max-age=31536000
content-length: 0
x-xss-protection: 1; mode=block

GET
H2

200

external_all.html Show response
cstatic.weborama.fr/iframe/ Frame 8CE6
Redirect Chain

https://rd.frontend.weborama.fr/rd?key=synchro&url=https%3A%2F%2Fcstatic.weborama.fr%2Fiframe%2Fexternal_all.html%3Fsite%3D485736%26loop%3D1
https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1

6 KB
2 KB

28ms
28ms

Document
text/html

93.184.221.133
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_libs.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6C14) /
Resource Hash: dd06964bce4d3d30c47a19c923bae3589dcbf82614938d4ff8fd1772cdf20249

Request headers

:method: GET
:authority: cstatic.weborama.fr
:scheme: https
:path: /iframe/external_all.html?site=485736&loop=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cstatic.weborama.fr/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: wbo_temps_reel=NDg1NzM2; AFFICHE_W=IYJb7z0RWv8h55
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cstatic.weborama.fr/iframe/external_all.html?site=485736

Response headers

content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 521179
cache-control: max-age=604800
content-type: text/html
date: Mon, 08 Mar 2021 13:52:51 GMT
etag: "1973320744"
expires: Mon, 15 Mar 2021 13:52:51 GMT
last-modified: Tue, 02 Mar 2021 12:57:24 GMT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server: ECAcc (mil/6C14)
vary: Accept-Encoding
x-cache: HIT
content-length: 1697

Redirect headers

server: nginx/1.12.0
date: Mon, 08 Mar 2021 13:52:51 GMT
content-length: 0
location: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
alt-svc: clear

GET
H2 200 external_libs.js Show response
cstatic.weborama.fr/iframe/ Frame 8CE6 5 KB
2 KB 28ms
28ms Script
text/javascript 93.184.221.133
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cstatic.weborama.fr/iframe/external_libs.js
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6C8D) /
Resource Hash: 05380d354053cfd0e7a2f0f6abd805fbfb303e487bbe67ef78ea91a278d56a96

Request headers

Referer: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
last-modified: Tue, 08 Sep 2020 08:07:23 GMT
server: ECAcc (mil/6C8D)
age: 20919
etag: "3469217132"
vary: Accept-Encoding
x-cache: HIT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-type: text/javascript
content-length: 1997
expires: Mon, 15 Mar 2021 13:52:51 GMT

GET
H/1.1

200
OK

dispatch.fcgi Show response
aimfar.solution.weborama.fr/fcgi-bin/ Frame B802
Redirect Chain

https://rd.frontend.weborama.fr/rd?key=idsync-prx&url=https%3A%2F%2Faimfar.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dprx%26g.r%3D%27499495
https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r=%27499495

41 B
524 B

176ms
47ms

Document
text/html

91.216.195.7
WEBORAMA Weborama...

General

Check archive.org

Show headers Download Go to

Full URL: https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r=%27499495
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_libs.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.216.195.7 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
Software: Apache /
Resource Hash: f752c9d78517ca9e04bd89d00ad15e914800aad0f8471c18b9114c620b74463b

Request headers

Host: aimfar.solution.weborama.fr
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://cstatic.weborama.fr/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: wbo_temps_reel=NDg1NzM2; AFFICHE_W=IYJb7z0RWv8h55
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cstatic.weborama.fr/

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
server: Apache
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
vary: Accept-Encoding
content-encoding: gzip
transfer-encoding: chunked
content-type: text/html

Redirect headers

server: nginx/1.12.0
date: Mon, 08 Mar 2021 13:52:51 GMT
content-length: 0
location: https://aimfar.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=prx&g.r='499495
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
alt-svc: clear

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 6114 0
0 74ms
32ms Document
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cr.frontend.weborama.fr/cr?key=nielsen&url=https%3A%2F%2Floadus.exelator.com%2Fload%2F%3Fp%3D204%26g%3D1020%26j%3Dw
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_libs.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash

Request headers

:method: GET
:authority: cr.frontend.weborama.fr
:scheme: https
:path: /cr?key=nielsen&url=https%3A%2F%2Floadus.exelator.com%2Fload%2F%3Fp%3D204%26g%3D1020%26j%3Dw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cstatic.weborama.fr/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: wbo_temps_reel=NDg1NzM2; AFFICHE_W=IYJb7z0RWv8h55
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cstatic.weborama.fr/

Response headers

server: nginx/1.12.0
date: Mon, 08 Mar 2021 13:52:51 GMT
access-control-allow-origin: *
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
alt-svc: clear

GET
H/1.1

200
OK

dispatch.fcgi Show response
wam.solution.weborama.fr/fcgi-bin/ Frame 8CE6
Redirect Chain

https://rd.frontend.weborama.fr/rd?key=idsync-cj&url=https%3A%2F%2Fwam.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dcj%26d.k%3Dgraphinium
https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cj&d.k=graphinium

334 B
753 B

194ms
66ms

Script
application/x-javascript

91.216.195.18
WEBORAMA Weborama...

General

Check archive.org

Show headers Download Go to

Full URL: https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cj&d.k=graphinium
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.216.195.18 , France, ASN12516 (WEBORAMA Weborama provides Internet Services, FR),
Reverse DNS
Software: Apache /
Resource Hash: 9e47dfa75560387fd54011506724a6eb70b1747318105937e89150dadca2ed26

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: Apache
vary: Accept-Encoding
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
transfer-encoding: chunked
content-type: application/x-javascript
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
location: https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=cj&d.k=graphinium
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2

204

ids
idsync.frontend.weborama.fr/ Frame 8CE6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=weborama_dmp&google_cm
https://wam-google.solution.weborama.fr/pixel?google_gid=CAESENc1o4fZD-i6Hu9StGqExuE&google_cver=1
https://idsync.frontend.weborama.fr/ids?key=ggl&value=CAESENc1o4fZD-i6Hu9StGqExuE&google_gid=CAESENc1o4fZD-i6Hu9StGqExuE&google_cver=1

0
236 B

76ms
33ms

Image
text/plain

35.201.81.244
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.frontend.weborama.fr/ids?key=ggl&value=CAESENc1o4fZD-i6Hu9StGqExuE&google_gid=CAESENc1o4fZD-i6Hu9StGqExuE&google_cver=1
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.81.244 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:52 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:52 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

location: https://idsync.frontend.weborama.fr/ids?key=ggl&value=CAESENc1o4fZD-i6Hu9StGqExuE&google_gid=CAESENc1o4fZD-i6Hu9StGqExuE&google_cver=1
date: Mon, 08 Mar 2021 13:52:51 GMT
server: Apache
content-length: 354
content-type: text/html; charset=iso-8859-1

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 76ms
34ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=appnexus&url=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dappnexus_id%26value%3D%24UID
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 75ms
33ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=tubemogul&url=https%3A%2F%2Frtd-tm.everesttech.net%2Fupi%2Fpid%2FI4EAHwnE%3Fredir%3Dhttps%253A%252F%252Fidsync.frontend.weborama.fr%252Fids%253Fkey%253Dtubemogul_id%2526value%253D%2524%257BUSER_ID%257D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 74ms
32ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=criteov2&url=https%3A%2F%2Fgum.criteo.com%2Fsync%3Fc%3D13%26a%3D1%26r%3D1%26u%3Dhttps%253A%252F%252Fidsync.frontend.weborama.fr%252Fids%253Fkey%253Dcriteov2_id%2526value%253D%2540USERID%2540
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
236 B 73ms
31ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=mediamath&url=https%3A%2F%2Fpixel.mathtag.com%2Fsync%2Fimg%3Fmt_exid%3D10014%26redir%3Dhttps%253A%252F%252Fidsync.frontend.weborama.fr%252Fids%253Fkey%253Dmediamath_id%2526value%253D%255BMM_UUID%255D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 75ms
34ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=smartadserver&url=https%3A%2F%2Fsync.smartadserver.com%2Fgetuid%3Furl%3Dhttps%253A%252F%252Fidsync.frontend.weborama.fr%252Fids%253Fkey%253Dsmartadserver_id%2526value%253D%255Bsas_uid%255D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2

200

401736.gif
idsync.rlcdn.com/ Frame 8CE6
Redirect Chain

https://cr.frontend.weborama.fr/cr?key=acxiom&url=https%3a%2f%2fidsync.rlcdn.com%2f401736.gif%3fpartner_uid%3d%7bWEBO_CID%7d
https://idsync.rlcdn.com/401736.gif?partner_uid=Cn1cZQNnWLah2a6qycY9cu

42 B
416 B

87ms
32ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/401736.gif?partner_uid=Cn1cZQNnWLah2a6qycY9cu
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
location: https://idsync.rlcdn.com/401736.gif?partner_uid=Cn1cZQNnWLah2a6qycY9cu
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2

204

collect
dx.frontend.weborama.com/ Frame 8CE6
Redirect Chain

https://rd.frontend.weborama.fr/rd?key=bigsea&url=https%3A%2F%2Fdx.frontend.weborama.com%2Fcollect%3Fdsp_id%3D0%26eid%3D%7BWEBO_ID%7D
https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h

0
123 B

32ms
32ms

Image
text/plain

35.201.80.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.80.102 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
location: https://dx.frontend.weborama.com/collect?dsp_id=0&eid=IYJb7z0RWv8h
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 42ms
32ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=thetradedesk&url=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3D4n2tpwc%26ttd_tpi%3D1
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame 8CE6
Redirect Chain

https://rd.frontend.weborama.fr/rd?key=tapad&url=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3D2964%26partner_device_id%3D%7BWEBO_ID%7D
https://pixel.tapad.com/idsync/ex/receive?partner_id=2964&partner_device_id=IYJb7z0RWv8h
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2964&partner_device_id=IYJb7z0RWv8h

95 B
426 B

35ms
34ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2964&partner_device_id=IYJb7z0RWv8h

Requested by

Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

Redirect headers

date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2964&partner_device_id=IYJb7z0RWv8h
alt-svc: clear
content-length: 0

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 41ms
32ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=mailru&url=https%3A%2F%2Fad.mail.ru%2Fcm.gif%3Fp%3D68%26id%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 43ms
34ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=yandex&url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fdmpweborama%2F%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 42ms
33ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=getintent&url=https%3A%2F%2Fpx.adhigh.net%2Fp%2Fcm%2Fweborama%3Fu%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 42ms
33ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=seedr&url=https%3A%2F%2Fstats.seedr.com%2Fnr%2Fsync%3Fdsp_id%3Dwbrm%26external_uid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 42ms
33ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=rambler&url=https%3A%2F%2Fsync.rambler.ru%2Fset%3Fpartner_id%3Dab56d453-f95a-4cbc-97b3-1e30a8f95173%26id%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 42ms
33ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=yahoo&url=https%3A%2F%2Fcms.analytics.yahoo.com%2Fcms%3Fpartner_id%3DWEBMA%26gdpr%3Dfalse
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 43ms
34ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=tremelio&url=https%3A%2F%2Fsync-uid.leadplace.fr%2Fsync-uid.php%3Fpart%3Dweborama%26id%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 43ms
34ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=crm4d&url=https%3A%2F%2Fp.crm4d.com%2Femt%2Fsync%2Fweborama%3Fuid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 43ms
34ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=relap&url=https%3A%2F%2Frelap.io%2Fpartners%2Fwbrmcs%3Fuid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 55ms
46ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=zbo&url=https%3A%2F%2Fsync.zebestof.com%2Fsync%2Fweborama
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 56ms
48ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=vkcom&url=https%3A%2F%2Fvk.com%2Fwbrh%3Fr%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 57ms
49ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=adsniper&url=https%3A%2F%2Fsync.bumlam.com%2F%3Fsrc%3Dwbr_nr%26uid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 58ms
49ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=audrte&url=https%3A%2F%2Fa.audrte.com%2Fmatch%3Fuid%3D%7BWEBO_CID%7D%26p%3D1468142154
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 57ms
49ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=zemanta&url=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fweborama%2F%3Fwebouuid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 56ms
48ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=adcamp&url=https%3A%2F%2Fpixel.kost.tv%2Fweborama%2F%3Fweborama_id%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 56ms
48ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=avito&url=https%3A%2F%2Fwww.avito.ru%2Fadvertisement%2Fweborama.gif%3Fwebouuid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 56ms
48ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=otm&url=https%3A%2F%2Fsync.dmp.otm-r.com%2Fmatch%2Fweborama%3Fid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 56ms
49ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=soloway&url=https%3A%2F%2Fssp.adriver.ru%2Fcgi-bin%2Fsync.cgi%3Fssp_id%3D20323%26external_id%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 56ms
50ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=buzzoola&url=https%3A%2F%2Fexchange.buzzoola.com%2Fcookiesync%2Fdmp%2Fweborama%3Fuid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 66ms
60ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=adform&url=https%3A%2F%2Fc1.adform.net%2Fserving%2Fcookie%2Fmatch%3FCC%3D1%26party%3D1145%26cid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 71ms
65ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=mediatoday&url=https%3A%2F%2Fmediatoday.ru%2Fcore%2Fmatch.gif%3Fs%3D15%26id%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 70ms
64ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=mailruv2&url=https%3A%2F%2Ftop-fwz1.mail.ru%2Fcounter%3Fid%3D3201812%3Bpid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 cr
cr.frontend.weborama.fr/ Frame 8CE6 0
44 B 66ms
60ms Image
text/plain 35.227.208.19
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=beeline&url=https%3A%2F%2F%7BWEBO_CID%7D-wbr.ops.beeline.ru%2Fid%3D%7BWEBO_CID%7D
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.19 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.12.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
via: 1.1 google
last-modified: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2

200

pixel.gif
sync.1dmp.io/
Redirect Chain

https://sync.1dmp.io/pixel.gif?cid=4619280f-7aee-412b-991e-5007b05519a2&brid=1b89b071-72bc-4c19-b96c-2ee973304856&pid=w&uid=XV9kdWBGLDM7aiDpBGtjAg==
https://sync.1dmp.io/pixel.gif?cid=4619280f-7aee-412b-991e-5007b05519a2&brid=1b89b071-72bc-4c19-b96c-2ee973304856&pid=w&uid=XV9kdWBGLDM7aiDpBGtjAg==&cs=1

35 B
376 B

37ms
36ms

Image
image/gif

88.99.149.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.1dmp.io/pixel.gif?cid=4619280f-7aee-412b-991e-5007b05519a2&brid=1b89b071-72bc-4c19-b96c-2ee973304856&pid=w&uid=XV9kdWBGLDM7aiDpBGtjAg==&cs=1
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.149.88 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
server: nginx
content-type: image/gif
content-length: 35
expires: 0

Redirect headers

location: /pixel.gif?cid=4619280f-7aee-412b-991e-5007b05519a2&brid=1b89b071-72bc-4c19-b96c-2ee973304856&pid=w&uid=XV9kdWBGLDM7aiDpBGtjAg==&cs=1
date: Mon, 08 Mar 2021 13:52:51 GMT
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
server: nginx
content-length: 0
expires: 0

GET
H2 200 /
fcgi5.gnezdo.ru/e/ 43 B
116 B 77ms
77ms Image
image/gif 185.148.37.79
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fcgi5.gnezdo.ru/e/?dr=&du=https%3A//news.2xclick.ru/&tizer_id=18081&r=0.8856384675410427
Requested by: Host: news.2xclick.ru
URL: https://news.2xclick.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.148.37.79 , Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
server: nginx
content-type: image/gif; charset=windows-1251

GET
H2 200 7081411861158272307
tpc.googlesyndication.com/simgad/ Frame EF51 47 KB
47 KB 8ms
8ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7081411861158272307?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qny9Ednmw1VvkxuoSqSDwX5LjXLTg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5d2939212c29eb52c43dc9a2e0dea71599d920ec7f043e0256a0cca67e9aad5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 03 Mar 2021 03:22:40 GMT
x-content-type-options: nosniff
last-modified: Fri, 04 Dec 2020 06:26:21 GMT
server: sffe
age: 469811
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48174
x-xss-protection: 0
expires: Thu, 03 Mar 2022 03:22:40 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/ Frame EF51 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3b18cc0a385c6d5e81af3d1739aa9565f88e7d6b9a00d2e3b6d732e3b9ba3e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:51:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7378
x-xss-protection: 0
server: cafe
etag: 2412555088240638002
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Mar 2021 13:51:29 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/ Frame EF51 3 KB
2 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:44:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 524
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Mar 2021 13:44:07 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EF51 110 KB
34 KB 43ms
28ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774766775808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34192
x-xss-protection: 0
expires: Mon, 08 Mar 2021 13:52:51 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/ Frame EF51 14 KB
6 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

523f846901bad5ce921ac4ca7c5fb06d39658428a641c7ea496f8560b4cb517f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:48:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6140
x-xss-protection: 0
server: cafe
etag: 17031075750977984330
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Mar 2021 13:48:51 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/ Frame EF51 26 KB
11 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

758608abf5c456ea8cb5515828cabb68f082df67c04d350d0519241841cbf9d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2870
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10963
x-xss-protection: 0
server: cafe
etag: 5048180228173261443
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Mar 2021 13:05:01 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame EF51 0
0 43ms
43ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CEHP7MyxGYOvcGp2RmLAP2MmImAOE7ZDhYZmThsCVDa3N-MuRDhABIP2O9CVglYq4gsgHoAGHg7_3A8gBAqgDAcgDyQSqBL0BT9A7QY--ZNiRn9Ss_5XFfJXlHbd0AsAKKQx9s0ze_vtCUWKLnw8Pv6QDl8z2O8NuhpMeSgICNh58qvtpFdXz7jLoU6bO-rz2JT6rLW1owBl8xctl9DAnixpLKPutbPyh1IiSmSyLyAw_WEJWWyvs-1d4qu4eg0ipqRlBCrEVZ_69y2uuaebGlvDU3BDe0hfzA9rhorujRGGgGXI4_6fyOmWI53VmoVj1fI0CySy6TAR1q_d2zr8UinEuOUr0wATonoDZnQOSBQQIBBgBkgUECAUYBKAGAoAH5PSXiQGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQiuwa0ggJCIDhgBAQARgfgAoByAsB2BMMshcaChgIABIUcHViLTU4Mjg4ODM2MzQ2NjA3NzM&sigh=cO6kGOH4B2M&tpd=AGWhJmtXDiIX17XszhJnn-Q_ordWRjkwXZ09vbuRWohZoyMqQA

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 08 Mar 2021 13:52:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4D36 143 B
216 B 9ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlrx4F5_Ls0JPSu5AzbkToMPEG3RVqRTdCa5BEAjOF84p8Gj1mkYKUWKzPflEA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=280&slotname=7606796442&adk=1514590946&adf=896644619&pi=t.ma~as.7606796442&w=500&fwrn=4&fwrnh=100&lmt=1615211571&rafmt=1&psa=0&format=500x280&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1615211571249&bpp=7&bdt=299&idt=130&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=6082234100922&frm=20&pv=2&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1050&ady=219&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=OHS1s3iAso&p=https%3A//news.2xclick.ru&dtd=155

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 08 Mar 2021 13:23:20 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1771
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame EF51 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 66a454884459ae02c723b1da087913bafed6a414a6b08315ea72825be317382e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 11859022 Show response
mc.yandex.ru/watch/ 167 B
198 B 49ms
48ms XHR
application/json 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/11859022?wmode=7&page-url=https%3A%2F%2Fnews.2xclick.ru%2F&charset=utf-8&site-info=%7B%22gnezdoSourceId%22%3A0%2C%22gnezdoTagId%22%3A0%2C%22gnezdoTeaserId%22%3A0%2C%22gnezdoGroupId%22%3A%220%22%2C%22gnezdoSubId%22%3A0%2C%22gnezdoADGender%22%3A%22%22%2C%22gnezdoADAge%22%3A%22%22%2C%22gnezdoLentaId%22%3A%22def%22%7D&ut=noindex&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2z9ezw432efhv7h%3Afp%3A728%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A440%3Acn%3A1%3Adp%3A0%3Als%3A384991408094%3Ahid%3A696317235%3Az%3A60%3Ai%3A20210308145251%3Aet%3A1615211571%3Ac%3A1%3Arn%3A201865558%3Au%3A1615211571448562942%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1615211570513%3Ads%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C329%2C8%2C%2C%2C%2C766%3Adsn%3A0%2C170%2C115%2C1%2C149%2C0%2C%2C330%2C8%2C%2C%2C%2C766%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1615211572%3At%3AGnezdo.ru.

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

4800664e72d4b8e85f214add4f3c7baf0be0d07d535d1b7475cfbbf6be58bad5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
x-content-type-options: nosniff
last-modified: Mon, 08-Mar-2021 13:52:51 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://news.2xclick.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 167
x-xss-protection: 1; mode=block
expires: Mon, 08-Mar-2021 13:52:51 GMT

GET
H/1.1 200
OK weborama.js Show response
p.crm4d.com/sync/ Frame 8CE6 2 KB
2 KB 111ms
34ms Script
text/javascript 145.239.211.22
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://p.crm4d.com/sync/weborama.js?r=0.0981547308373707
Requested by: Host: rd.frontend.weborama.fr
URL: https://rd.frontend.weborama.fr/rd?key=idsync-cj&url=https%3A%2F%2Fwam.solution.weborama.fr%2Ffcgi-bin%2Fdispatch.fcgi%3Fd.A%3Dcj%26d.k%3Dgraphinium
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.211.22 Valence, France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 6f7c9c1828fc0b39e1f8943174430e13a6eafc5089325276c7027f19a9af447f

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Mar 2021 13:52:52 GMT
Content-Encoding: gzip
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4D36
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
156 B

40ms
40ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlrx4F5_Ls0JPSu5AzbkToMPEG3RVqRTdCa5BEAjOF84p8Gj1mkYKUWKzPflEA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 08 Mar 2021 13:52:52 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Mon, 08-Mar-2021 14:52:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 08 Mar 2021 13:52:52 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 08 Mar 2021 13:52:52 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js Show response
pagead2.googlesyndication.com/bg/ Frame 6BBE 14 KB
6 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 07:40:57 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Mar 2021 10:45:00 GMT
server: sffe
age: 22314
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5643
x-xss-protection: 0
expires: Tue, 08 Mar 2022 07:40:57 GMT

GET
H/1.1 200
OK match
p.crm4d.com/sync/weborama/ Frame 8CE6 42 B
545 B 35ms
34ms Image
image/gif 145.239.211.22
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.crm4d.com/sync/weborama/match?uid=Cn1cZQNnWLah2a6qycY9cu
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.211.22 Valence, France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Mar 2021 13:52:52 GMT
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"

GET
H/1.1

200
OK

s.gif
p.crm4d.com/sync/appnexus/ Frame 8CE6
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fp.crm4d.com%2Fsync%2Fappnexus%2Fs.gif%3Fbounce%3D1%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fp.crm4d.com%252Fsync%252Fappnexus%252Fs.gif%253Fbounce%253D1%2526uid%253D%2524UID
https://p.crm4d.com/sync/appnexus/s.gif?bounce=1&uid=1792241714239790060

42 B
221 B

38ms
37ms

Image
image/gif

145.239.211.22
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.crm4d.com/sync/appnexus/s.gif?bounce=1&uid=1792241714239790060
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.211.22 Valence, France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Mar 2021 13:52:56 GMT
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"

Redirect headers

Pragma: no-cache
Date: Mon, 08 Mar 2021 13:52:56 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 722.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.82:80
AN-X-Request-Uuid: 3e9f5ea3-fe21-4a50-ab62-ca59066d2455
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://p.crm4d.com/sync/appnexus/s.gif?bounce=1&uid=1792241714239790060
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

s.gif
p.crm4d.com/sync/sas/ Frame 8CE6
Redirect Chain

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D
https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fp.crm4d.com%2Fsync%2Fsas%2Fs.gif%3Fbounce%3D1%26uid%3D%5Bsas_uid%5D&cklb=1
https://p.crm4d.com/sync/sas/s.gif?bounce=1&uid=3054413842940510375

42 B
556 B

35ms
34ms

Image
image/gif

145.239.211.22
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.crm4d.com/sync/sas/s.gif?bounce=1&uid=3054413842940510375
Requested by: Host: cstatic.weborama.fr
URL: https://cstatic.weborama.fr/iframe/external_all.html?site=485736&loop=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.211.22 Valence, France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://cstatic.weborama.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Mar 2021 13:52:52 GMT
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"

Redirect headers

location: https://p.crm4d.com/sync/sas/s.gif?bounce=1&uid=3054413842940510375
pragma: no-cache
date: Mon, 08 Mar 2021 13:52:51 GMT
cache-control: no-cache,no-store
x-smrt-reason: 5
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
777 B 43ms
29ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=news.2xclick.ru

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 13:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
531 B 43ms
25ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=news.2xclick.ru

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 13:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C4D2 75 KB
25 KB 352ms
352ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4929854d618a97ed7d8fff1854d41a7f580b2876abf4f425be3417eec1d113b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://news.2xclick.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlrx4F5_Ls0JPSu5AzbkToMPEG3RVqRTdCa5BEAjOF84p8Gj1mkYKUWKzPflEA; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://news.2xclick.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 08 Mar 2021 13:52:52 GMT
server: cafe
content-length: 25690
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame C4D2 4 KB
1 KB 62ms
47ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d344632c01d1ca55dc380216de660c9b8a5a3174e7d7afa6784aff50c945e1cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 08 Mar 2021 13:24:38 GMT
server: ESF
date: Mon, 08 Mar 2021 13:52:52 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 08 Mar 2021 13:52:52 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/ Frame C4D2 2 KB
992 B 64ms
46ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e93f66cbe9b485135f0c8bbc9eaccf882ded6eb71daadde99a8426f6db7cb31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 377
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 896
x-xss-protection: 0
server: cafe
etag: 948078048762640732
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Mar 2021 13:46:35 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/ Frame C4D2 18 KB
7 KB 63ms
45ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3b18cc0a385c6d5e81af3d1739aa9565f88e7d6b9a00d2e3b6d732e3b9ba3e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7378
x-xss-protection: 0
server: cafe
etag: 2412555088240638002
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Mar 2021 13:52:33 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/ Frame C4D2 3 KB
2 KB 61ms
48ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Mar 2021 13:52:46 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C4D2 110 KB
33 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774766775808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34192
x-xss-protection: 0
expires: Mon, 08 Mar 2021 13:52:52 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/ Frame C4D2 14 KB
6 KB 57ms
44ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210303/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

523f846901bad5ce921ac4ca7c5fb06d39658428a641c7ea496f8560b4cb517f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:48:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 268
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6140
x-xss-protection: 0
server: cafe
etag: 17031075750977984330
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Mar 2021 13:48:24 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame C4D2 0
0 15ms
14ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTEeIPmfSaJmHCwlE8rFfyFRdQO3K3freV5PO75F6gQn5i-EFC9jNmjx3aCHBIJoramzDB3p_KoWCCgqY93ZMCNjq8Lrg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 1e8eaeef6431cb6de349a68674062a29.js Show response
www.gstatic.com/mysidia/ Frame C4D2 26 KB
11 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1e8eaeef6431cb6de349a68674062a29.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b0b572a90abb3fce27b9dc1f79145706c7bcc6cc3ac84c8f501d344132816d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 14:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Mar 2021 07:11:17 GMT
server: sffe
age: 256966
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10971
x-xss-protection: 0
expires: Thu, 03 Jun 2021 14:30:06 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14157471132680731757/ Frame C4D2 16 KB
16 KB 56ms
46ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14157471132680731757/downsize_200k_v1?w=400&h=209

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fabb86a56cc16d4bb21985ae64537a3aeb28cc07091167d408eeb76aae9097a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 05:36:02 GMT
x-content-type-options: nosniff
age: 289010
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16495
x-xss-protection: 0
last-modified: Thu, 24 Sep 2020 11:55:06 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Mar 2022 05:36:02 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame C4D2 0
0 43ms
42ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CKIKdNCxGYOvKDq-PmLAPtNOWiA6l4fPSYYLr6-fIDI-6iNGdHBABIP2O9CVglYq4gsgHoAGhlfLtAsgBBqkCa8wI3BDysz6oAwHIA8sEqgS7AU_Ql6hrszvpF2yXeBaNQO_G4FZzjGpNJb8BXfVHwFnSe3no_1kZ_KVud0wF5jFrNz6s7QF50syl3L4KJ1iy5zQu_5K1ZcIckfKtqg9JxsCmbfikbxebR14mexaOHDiE8iEp21JeZSGTJEJiLnW4b45PaR15o-hMKkwjqhSW9-wIowZOq3ySB0DAQqGjvy-6oFYbW64ppSyE3fOUN_JYIC14qTNmRgjdF039MOL8WoizLWgc9vBMX0nFOWLABNTq6cfVA5IFBAgEGAGSBQQIBRgEoAY3gAfH6o2SAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDXlhzSCAkIgOGAEBABGB-ACgHICwHYEw2YFgGyFxoKGAgAEhRwdWItNTgyODg4MzYzNDY2MDc3Mw&sigh=XyHTrXyvgXY&template_id=492&tpd=AGWhJmu2LHdgvKYz20KpX-KxcQDwGW2mdSKa6P5kgbMkWmriwA

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5828883634660773&output=html&h=200&slotname=6409491999&adk=3013329466&adf=3296512626&pi=t.ma~as.6409491999&w=801&fwrn=4&lmt=1615211572&rafmt=11&psa=0&format=801x200&url=https%3A%2F%2Fnews.2xclick.ru%2F&flash=0&wgl=1&dt=1615211572206&bpp=1&bdt=1256&idt=2&shv=r20210303&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd068e1d927a33ce-22f0cffdb4ba009b%3AT%3D1615211571%3ART%3D1615211571%3AS%3DALNI_MZO5NWHQfNJ7tZF0k-GJ18Idqo3dg&prev_fmts=500x280%2C0x0&nras=1&correlator=6082234100922&frm=20&pv=1&ga_vid=205560568.1615211571&ga_sid=1615211571&ga_hid=810653130&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1091&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060351&oid=3&psts=AGkb-H8GovK7ymd3T4rMiJScfHF53L5l-rV7U9M3g-8171CtyE1KMe80JF55l5J8GUA3scSaW6cVBd0T2j5BCA&pvsid=3379666263853317&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CleE%7Cp&abl=XS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pQJ1LlkSh0&p=https%3A//news.2xclick.ru&dtd=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 08 Mar 2021 13:52:52 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3C18 1 KB
835 B 6ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 07 Mar 2021 15:30:58 GMT
expires: Mon, 08 Mar 2021 15:30:58 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 80514
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame C4D2 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a56851c135b09bdcb67c013221b0b0556d125823e6c1d9d8f773255ea7f9e92

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 3C18 35 B
462 B 11ms
7ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEMqW2b22ddywG7P9gbxdC7A&google_cver=1&google_push=AQvitUL-ZhR9Ug_aTUD8eHpnI1e2XDNrosuQoZ367Jf2pF8osTjCwTuLWVHAtz43WFPNKm_czDktiS-J4wqXDvCDKrLA4FGbdmQJ

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:52 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 3C18
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEJRqdYZcOhaiBBRubsebFl4&google_cver=1&google_push=AQvitUJM3CMsG-nqN37veRUkGmks-ZwWObiAyl57-RlThmyEfIPyc8I1YHu4set_rSuLgNdGnDKwaJxssgjiG8BvE5Po6rpEAD-U
https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VKUnFkWVpjT2hhaUJCUnVic2ViRmw0

170 B
190 B

42ms
41ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VKUnFkWVpjT2hhaUJCUnVic2ViRmw0

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 08 Mar 2021 13:52:52 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VKUnFkWVpjT2hhaUJCUnVic2ViRmw0
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 3C18
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEDe52FZqri6F1S7gSpu04Sk&google_cver=1&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET
https://rtb.openx.net/sync/dds?google_gid=CAESEDe52FZqri6F1S7gSpu04Sk&google_cver=1&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET&google_hm=ruKnt9bhyq4yHtoEhmzZrA==

170 B
190 B

35ms
35ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET&google_hm=ruKnt9bhyq4yHtoEhmzZrA==

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:52 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULOAK6b8VSPFtCb4sRfVw36tUs_8g3pBQSRsni5E_dvLxZYOUcHRcrsJLTiPBhzqntdVGOVhKtN3uxg1bXPD86DKXF3reET&google_hm=ruKnt9bhyq4yHtoEhmzZrA==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: jh5rnkfch4r88roi1ntgjn05obnv8ltl

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 3C18
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=2wzcwqw4R_6L4FafT4bpYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
190 B

36ms
35ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=2wzcwqw4R_6L4FafT4bpYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKDXo98dN3cmDvjIEIq9tbmNiCabiaiB3fAiu2wgbB-qqi8n4pWe3TktYP3t1o2il97f3FoPgxibg0UN5jz8YWXqLOGhcw

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=2wzcwqw4R_6L4FafT4bpYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKDXo98dN3cmDvjIEIq9tbmNiCabiaiB3fAiu2wgbB-qqi8n4pWe3TktYP3t1o2il97f3FoPgxibg0UN5jz8YWXqLOGhcw
Date: Mon, 08 Mar 2021 13:52:51 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 3C18
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDrNZQAcilko0_sUF8QmRZU&google_cver=1&google_push=AQvitULYguSTcGja-DdaHX5QTkKLxVRhvyBL40_WocoPfiMVGaqOgQWw_wzYJf7BFYevmGIpysk...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S00wTjlMV1ktMjMtRVBTVQ==&google_push=AQvitULYguSTcGja-DdaHX5QTkKLxVRhvyBL40_WocoPfiMVGaqOgQWw_wzYJf7BFYevmGIpysko9hxc1bGL8MQsA-_E9rZj6W7j

170 B
287 B

34ms
34ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S00wTjlMV1ktMjMtRVBTVQ==&google_push=AQvitULYguSTcGja-DdaHX5QTkKLxVRhvyBL40_WocoPfiMVGaqOgQWw_wzYJf7BFYevmGIpysko9hxc1bGL8MQsA-_E9rZj6W7j

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S00wTjlMV1ktMjMtRVBTVQ==&google_push=AQvitULYguSTcGja-DdaHX5QTkKLxVRhvyBL40_WocoPfiMVGaqOgQWw_wzYJf7BFYevmGIpysko9hxc1bGL8MQsA-_E9rZj6W7j
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 3C18
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YEYsNCmKsemMpelDKfzgwwAABLwAAAAB&google_push=AQvitUI2D_jYeJB2uSEo__ldFxc62qHHajnQmjYCVXrppN_zIyfXT4aJqwqFgr331QYFRmyYk3QtkUseHoD2BAq9dn...

170 B
190 B

37ms
36ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YEYsNCmKsemMpelDKfzgwwAABLwAAAAB&google_push=AQvitUI2D_jYeJB2uSEo__ldFxc62qHHajnQmjYCVXrppN_zIyfXT4aJqwqFgr331QYFRmyYk3QtkUseHoD2BAq9dnsL2gG96Di7&google_cver=1&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 08 Mar 2021 13:52:52 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YEYsNCmKsemMpelDKfzgwwAABLwAAAAB&google_push=AQvitUI2D_jYeJB2uSEo__ldFxc62qHHajnQmjYCVXrppN_zIyfXT4aJqwqFgr331QYFRmyYk3QtkUseHoD2BAq9dnsL2gG96Di7&google_cver=1&google_gid=CAESEHBoPdQ9oq_uNV9y0Xbwavk
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 460
Expires: Mon, 08 Mar 2021 13:52:52 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 3C18
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEDhYS18MJg_DGM63WJWmMwc&google_cver=1&google_push=AQvitUIf6VUctgT4XTgLBVsS...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUIf6VUctgT4XTgLBVsSgIbb_-XGQhJSJI1qTMwMLGnLnBCGNprQr9ONGGgV6G69giLWCOfUikd5cp9ukOPeg_SybOpnchb_HQ&google_hm=

170 B
190 B

35ms
35ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUIf6VUctgT4XTgLBVsSgIbb_-XGQhJSJI1qTMwMLGnLnBCGNprQr9ONGGgV6G69giLWCOfUikd5cp9ukOPeg_SybOpnchb_HQ&google_hm=

Requested by

Host: news.2xclick.ru
URL: https://news.2xclick.ru/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:52 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUIf6VUctgT4XTgLBVsSgIbb_-XGQhJSJI1qTMwMLGnLnBCGNprQr9ONGGgV6G69giLWCOfUikd5cp9ukOPeg_SybOpnchb_HQ&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
accept-ranges: none
content-length: 0
expires: Sun, 07 Mar 2021 13:52:52 GMT

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 3C18 0
223 B 80ms
46ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L3SUv6W90QjSkB16TcPATqb9vGOxNF4u-P5Ak60BStwOTtrcED7X2-zqR9ZNpZvGSoVm1mQg

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:52 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v20/ Frame C4D2 15 KB
16 KB 27ms
13ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 18:51:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
server: sffe
age: 586865
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15736
x-xss-protection: 0
expires: Tue, 01 Mar 2022 18:51:47 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v20/ Frame C4D2 10 KB
10 KB 28ms
15ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

491158614c16e4a767df0f1ddbb82a8462b6ba308b8774c698b82e850a425291

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 04:25:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:51 GMT
server: sffe
age: 293238
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9900
x-xss-protection: 0
expires: Sat, 05 Mar 2022 04:25:34 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ Frame C4D2 16 KB
16 KB 27ms
17ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 18:27:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:37 GMT
server: sffe
age: 588313
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15872
x-xss-protection: 0
expires: Tue, 01 Mar 2022 18:27:39 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v20/ Frame C4D2 10 KB
10 KB 24ms
14ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6bbcc62f3b6a3ada1215006f0f6c04dbcc035efe815caf60e6a26eafc335b7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 05 Mar 2021 03:54:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
server: sffe
age: 295117
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10048
x-xss-protection: 0
expires: Sat, 05 Mar 2022 03:54:15 GMT

GET
H3-Q050 200 Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js Show response
pagead2.googlesyndication.com/bg/ Frame 24CE 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 07:40:57 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Mar 2021 10:45:00 GMT
server: sffe
age: 22315
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5643
x-xss-protection: 0
expires: Tue, 08 Mar 2022 07:40:57 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EF51 42 B
479 B 91ms
77ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstXwypYkq3Cw8o5DVM19bVcgJUSJJP-yGXO8D0XCed9XSn-kOJ9cUTb9ckiWNru1mVjlj4bKKDNH9mLecXz_6GcjKac_kvi1wtbLhzheD-iD0MqYoJf9b3xTSTAQg&sai=AMfl-YQGlVFRaJxqriA6BAmLZGpKPBJKLrXH_2RR6AcUFkKb_2S0EoRdH-igGXUFYphcxAf4WYgEeZ1GrYJb&sig=Cg0ArKJSzNNmg9R_ePyxEAE&id=osdim&mcvt=1000&p=219,1132,499,1468&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210303&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=1514590946&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1615211571412&dlt=380&rpt=76&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C4D2 42 B
108 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuEwDTPFlrfx_es8p87QiHKZ49O4vFODmQ6TyfNHJ46wAsCM9boGXlqe0NC9aoTBkRyBdF7zJEdhtfes4D25UwXTM3XAwtNXjKw_G99A6o8vIEAHCxqpLAA90_rXw&sai=AMfl-YRVOt5rgyWSGKbq9v95kpT6F_sf5nfDogG-ll1axBJ15MuPKqxAys00Mf8_WawizbofYUiWUf6BwoJJlEPuEOiQPtKV4MonAVnqTOUQFWFOCdzappaMCMrOlboB&sig=Cg0ArKJSzNZSCxYJ3k3gEAE&cid=CAASF-RoqGG4yNHun7HSuz6Jkp8Osdt1Kiy5&id=osdim&mcvt=1000&p=1091,238,1291,1039&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20210303&bin=7&avms=nio&bs=0,0&mc=0.54&if=1&app=0&itpl=22&adk=3013329466&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1615211572214&dlt=355&rpt=2&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 18ms
17ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210303&st=env

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7caf25fd3c990a4afc5f23245194b02cf62e8f7a86b16024c7f8036e71bdeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 08 Mar 2021 13:52:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6450
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 13:52:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Mon, 08 Mar 2021 13:52:56 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 281F 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://news.2xclick.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://news.2xclick.ru/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Mon, 08 Mar 2021 10:54:50 GMT
expires: Tue, 08 Mar 2022 10:54:50 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 10686
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js Show response
pagead2.googlesyndication.com/bg/ Frame 281F 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Q9MKgAIr8xj9wBMLW1buCS1LNKSoLAVOfjIlinQ2UMU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 08 Mar 2021 07:40:57 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Mar 2021 10:45:00 GMT
server: sffe
age: 22319
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5643
x-xss-protection: 0
expires: Tue, 08 Mar 2022 07:40:57 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
109 B 42ms
42ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gda_r20210303&jk=3379666263853317&bg=!HR6lHl3NAAWsVXnBrDsAKQB2-Dxasucc2t834YjXg9dUiQbKwKvtgwx-MPzoShhHGWtljScKnxdHAgAAAGdSAAAAC2gBBwoBaUEuKNW8csquzsqzjqdrigo52UpemXSTED8u-frhamS3jT8GT1Lbz7fiT9yDYE1tMQu1-IMtUILFJGqiErgl0Rzbnx9R5_HfkVkmJfzksiJZHNxegqId9gfNGzftuoxMTwSt2JqJKqrlGO5Te0S_Iysqz_08WB1PQVGAQJEhrcEmmaqzoYl9GGM6I4o0o9am8VaDPYauSS3VIE7JEsbI6OIULmWArQjABpeeanjeUV1mg0JTyU8Bp4yB65-4FHGjnVQ4VbQWrULCBBXdutWuYyOeoAKfr_iEktC_RHKOc-ol5b8P9KJYXzjxn49DvMLck0FknHs4nkYV4lcO8XHlUEwBK23zXYDHfiN01609VPcrBSWx4kRNS-8zJZUd80TVa4gzYE4PuHExnTd6khFQyw6CAIEuRlmVBG5PioPBQ-1-hXA9csaPOE8mwmNnZj4J4RsvSgM0IxGkUyZaLwA8oYIGs4g2Dr00upaZAhW5wCVdwbIOMYuSWqPjoq_VwkRJFpE8Y6QC0h3Lw8yXs_ULKGWpBA-OLhlPE0XYT9-aabkG-KHUiXZOLM8RnKjU6olN_XjerzL2i-A35p_nwl-EPAxDL_X4R_fBhms8NwTWRc3QWSCbJCN2i5fNSXWntnAP6nxYvWDABVPorpc0B8gjJDuWMzu__MI8Q-9fy4TPzv82NzfNwnsL1Qa4kkgeKMUoSOuY54NQ-P-1DX3IVC4LUcJg7roqUCgLJ2UKQobmUVNue7uFPHXj2L4Qq4sV6lY7TDUUMQKeF9tQl-HoSNZcsfp8NHyp8t-MlHWX_BFHZLsLFExWjztnWjfQ70Fw7bl2YjkwcTnt04lrNtj4xg9xRj_3hPt1DaNbTKCAlxsvb5VJ7fIafyKDZAeV0qB9Pin7_TmxvMtqWRTtY0GU99Bekyap8MG9reOO9a8Rjkoafl4-9mGe8fCgyHjnju3y8xG2gwkGtUEDpdAFDkk5BiPtDKONEa6-XyFmzEEGQtXxerYRRWCV0DxocWc_vSILh3g-qd9hwAl64vhjKL-_1ldXGyxPVRxncp_VjIW6x3fOFq4grAJmMklN-Ux4BM8WZtmzKJO8LmS-I9bzgAFKybgvnseqQOSuzKyqTbTbUlov7CIuSY84VvTH5yucSonUfCjGBAJHb37FTna_M3T7u-zqVMDgTaxVFzAW_21M_fT8_pJNtQ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.2xclick.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Mar 2021 13:52:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

115 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
aimfar.solution.weborama.fr
backforward.bid
cdn.jsdelivr.net
cm.g.doubleclick.net
cms.quantserve.com
cr.frontend.weborama.fr
cstatic.weborama.fr
d.agkn.com
dx.frontend.weborama.com
fcgi5.gnezdo.ru
fonts.googleapis.com
fonts.gstatic.com
gnezdoruanalytics.solution.weborama.fr
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
ib.adnxs.com
idsync.frontend.weborama.fr
idsync.rlcdn.com
image6.pubmatic.com
mc.webvisor.org
mc.yandex.ru
news.2xclick.ru
news.gnezdo.ru
p.crm4d.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
pixel.tapad.com
rd.frontend.weborama.fr
rtb.openx.net
ssum-sec.casalemedia.com
stats.g.doubleclick.net
sync.1dmp.io
sync.smartadserver.com
tpc.googlesyndication.com
wam-google.solution.weborama.fr
wam.solution.weborama.fr
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.gstatic.com
zn2.gnezdo.news
zn2.gnezdo.ru
142.250.185.226
142.250.186.34
145.239.211.22
154.47.36.46
185.148.37.79
185.33.220.243
185.64.190.78
185.86.138.144
195.54.48.26
23.218.208.246
2620:116:800d:21:f916:5049:f87f:108e
2a00:1450:4001:800::2003
2a00:1450:4001:800::200e
2a00:1450:4001:808::2002
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2002
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2004
2a00:1450:400c:c0c::9c
2a02:6b8::1:119
2a04:4e42:1b::621
3.120.24.152
35.190.16.14
35.201.80.102
35.201.81.244
35.227.208.19
35.227.248.159
35.227.252.103
35.244.174.68
69.173.144.165
79.137.69.120
88.99.149.88
91.210.107.38
91.216.195.18
91.216.195.7
93.184.221.133
93.95.100.117
93.95.99.151
01266b002c3a5fd944f5d5a6c9a7bcedf1274ea6c9baef3d2f14457d364014da
05380d354053cfd0e7a2f0f6abd805fbfb303e487bbe67ef78ea91a278d56a96
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c2e51ff8d93d23a47ac9696ba28911ef3bd596e40a8d456a238219ff1607a42
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
13b5305d3842a4989f440c5590607a3c30b20276e6945f48c9061be4469ec449
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c38153acac347bda02a24b09e16db230167f0a51d6d1974ff1e505c1282bdd6
1e93f66cbe9b485135f0c8bbc9eaccf882ded6eb71daadde99a8426f6db7cb31
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf
288f12fba91b5cb98bbceee4d2affe465da49ec64528bba1f3525826c771846c
2c47d0f235ec7716df9225cfa5343612118acf59be4d8ff658147d8aaca85db7
30de18a45b7d212cfe98ee09d37f4e795a77965d71d797ab503f448fab5763b7
3e4b85486d70f1abded316e6a990d906182b3f9761c432a00ad86c4d29dc0bb1
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fabb86a56cc16d4bb21985ae64537a3aeb28cc07091167d408eeb76aae9097a
43d30a80022bf318fdc0130b5b56ee092d4b34a4a82c054e7e32258a743650c5
4800664e72d4b8e85f214add4f3c7baf0be0d07d535d1b7475cfbbf6be58bad5
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
491158614c16e4a767df0f1ddbb82a8462b6ba308b8774c698b82e850a425291
4929854d618a97ed7d8fff1854d41a7f580b2876abf4f425be3417eec1d113b7
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4b9b5737c8859fa4566da81b0d34c3084f0d83ee7dc2ac8afab3c4ed45685d9a
523f846901bad5ce921ac4ca7c5fb06d39658428a641c7ea496f8560b4cb517f
53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
6084dbc9ba1c3508eb1c5a44194140376dcde207aff89ab34f6cd1ea4cfcd5dd
66a454884459ae02c723b1da087913bafed6a414a6b08315ea72825be317382e
679c798fd4e7e8b2e875df662470ae6a0e01f5d8490a8d22bca5d419b30987cd
6a56851c135b09bdcb67c013221b0b0556d125823e6c1d9d8f773255ea7f9e92
6f7c9c1828fc0b39e1f8943174430e13a6eafc5089325276c7027f19a9af447f
758608abf5c456ea8cb5515828cabb68f082df67c04d350d0519241841cbf9d4
774a5433618525ab5bfee92b4291b762331c83123c3492a0c2eef948bf3cfec8
78130fb1304df552cb3519b8c1cfd9dcfdbb9dd736c69ed917e13e8cf368220c
79d3da19d3afba5d03555e93708223c10dc83c0073b32fc7bb6b6c90a9d9e8ac
7b0b572a90abb3fce27b9dc1f79145706c7bcc6cc3ac84c8f501d344132816d8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
840f575220d6b42197251483e8b3b486bce6f7c4c4bddfff022580d3bb39ce4b
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745
91a23159638a846a426eb990ec53821e49518e78924d10f45ee5178ba44de83b
95f9f7d5fc896cddb14ac87de2c177488da4249aa25c977a620cf99463d615d4
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b6b5e0c551bac6ccde502c3bf5c75d1efe6b1da975c0d251a4a17b8adcc74a5
9e47dfa75560387fd54011506724a6eb70b1747318105937e89150dadca2ed26
a0596eb3022fd302233ff74da6ecd8eb4c511abf9112d8a8e09cfe356616193a
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a665b3ad14cb2075a396c2c542ea83c928fbcfb08160330bdec73177c63cc97e
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b4564c488105877b36227160aea0e748dea88465ef3ac31de3f534bb8888dbfa
b59d5d931ece7fab4c2378e6e3979c793f6e52e8a1bc6e7c1fa569e03d96f49f
c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113
c13a975196eba31a7bedd7eefd67e28d0b692dbfeecdceab71a2389ef4f840f2
c1f6f1027092d281d624e67f9f83460ed291ae367b558c16cd6afad7af5eba1e
c3b18cc0a385c6d5e81af3d1739aa9565f88e7d6b9a00d2e3b6d732e3b9ba3e9
c5d2939212c29eb52c43dc9a2e0dea71599d920ec7f043e0256a0cca67e9aad5
cf168895b75473e4deef6e9a37d5ded455e419df68393abf1a598cc753e632d1
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d344632c01d1ca55dc380216de660c9b8a5a3174e7d7afa6784aff50c945e1cc
d36426977c5c9a2f7e81196df9ac0198158c4d641fd6c7e445b7204051c11395
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
dd06964bce4d3d30c47a19c923bae3589dcbf82614938d4ff8fd1772cdf20249
e2b04100564fd9141d7acbd40482d40a3c5b4af2cf25b2cf8726b5608841d61a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e57a5e9c483b7b5fc03a86cd27b51d0524385d8323378d586a854d16b1844816
e6bbcc62f3b6a3ada1215006f0f6c04dbcc035efe815caf60e6a26eafc335b7f
e78c14aeb9435fd03f67ad2ee4c45e18bfcfc100a4c62c8bd886324ce6296f77
eb7caf25fd3c990a4afc5f23245194b02cf62e8f7a86b16024c7f8036e71bdeb
ec5f165087df17f3e42b3dd772feaa4cb90a47a130f0e6000a29aad4aadfb666
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efbdf9cab6b6cf2bf7207ae4e0456c9462b2c0d4c2de76d65442de2af7253f2b
f3d3d5e79c6c3971916ebb40d8f16c3d584efe53669023273eeca33928178bfe
f51c09f7389cdc5cfdbd249cc66f95f51480041e42da46e5adf088e7bea9a686
f752c9d78517ca9e04bd89d00ad15e914800aad0f8471c18b9114c620b74463b

news.2xclick.ru Open in urlscan Pro 93.95.100.117 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

145 Requests

100 %HTTPS

45 %IPv6

31 Domains

46 Subdomains

41 IPs

7 Countries

870 kBTransfer

1795 kBSize

0 Cookies

7 Outgoing links

Page URL History

Redirected requests

145 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

news.2xclick.ru Open in urlscan Pro
93.95.100.117 Public Scan

Screenshot
Live screenshot

Full Image

145
Requests

100 %
HTTPS

45 %
IPv6

31
Domains

46
Subdomains

41
IPs

7
Countries

870 kB
Transfer

1795 kB
Size

0
Cookies

145 HTTP transactions
2 data transactions