vsim.ua Open in urlscan Pro
31.41.220.94 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://vsim.ua/
Effective URL:
https://vsim.ua/
Submission: On May 19 via api (May 19th 2022, 8:44:46 am UTC) from GB — Scanned from GB

Summary HTTP 314 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 47 IPs in 9 countries across 38 domains to perform 314 HTTP transactions. The main IP is 31.41.220.94, located in Ukraine and belongs to BESTHOSTING-AS, UA. The main domain is vsim.ua.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 4th 2021. Valid for: a year.

This is the only time vsim.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 48	31.41.220.94 31.41.220.94	42655 (BESTHOSTI...) (BESTHOSTING-AS)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
12	45.133.44.3 45.133.44.3	7018 (ATT-INTER...) (ATT-INTERNET4)
3	2a00:1450:400... 2a00:1450:4001:802::200d	15169 (GOOGLE) (GOOGLE)
6	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2 3	2606:4700::68... 2606:4700::6810:7eaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	79.171.117.17 79.171.117.17	64494 (VARITI-AS) (VARITI-AS)
5	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	2a02:6ea0:c70... 2a02:6ea0:c700::16	60068 (CDN77 ^_^) (CDN77 ^_^)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
5	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	52.174.47.89 52.174.47.89	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2a0c:5c81:514... 2a0c:5c81:5142::2	55081 (24SHELLS) (24SHELLS)
2	31.41.216.82 31.41.216.82	42655 (BESTHOSTI...) (BESTHOSTING-AS)
2	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
2	104.36.115.111 104.36.115.111	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
4 10	37.252.173.38 37.252.173.38	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	5.178.65.245 5.178.65.245	50673 (SERVERIUS-AS) (SERVERIUS-AS)
1	23.32.59.34 23.32.59.34	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	51.83.220.94 51.83.220.94	16276 (OVH) (OVH)
1	62.149.0.72 62.149.0.72	15497 (COLOCALL ...) (COLOCALL Internet Data Center ColoCALL)
9	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
43	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
12 39	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
9 17	23.35.236.247 23.35.236.247	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	54.171.106.179 54.171.106.179	16509 (AMAZON-02) (AMAZON-02)
49	2a00:1450:400... 2a00:1450:4001:80f::2006	15169 (GOOGLE) (GOOGLE)
3	2600:9000:214... 2600:9000:214f:2600:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:11::215:14dc	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	52.11.84.32 52.11.84.32	16509 (AMAZON-02) (AMAZON-02)
1 1	52.214.225.206 52.214.225.206	16509 (AMAZON-02) (AMAZON-02)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 2	69.192.160.219 69.192.160.219	16625 (AKAMAI-AS) (AKAMAI-AS)
3	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
6 6	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	141.95.98.70 141.95.98.70	16276 (OVH) (OVH)
314	47

48 31.41.220.94 (Ukraine) 1 redirects

ASN42655 (BESTHOSTING-AS, UA)
PTR: dedic.dc.besthosting.ua

vsim.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 45.133.44.3 (Philadelphia, United States)

ASN7018 (ATT-INTERNET4, US)

cdn.gravitec.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
player.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.gravitec.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7eaf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 79.171.117.17 (Russian Federation)

ASN64494 (VARITI-AS, RU)

leokross.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::16 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

id.gravitec.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.174.47.89 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

api.gravitec.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a0c:5c81:5142::2 (London, United Kingdom)

ASN55081 (24SHELLS, US)

ghb.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.41.216.82 (Ukraine)

ASN42655 (BESTHOSTING-AS, UA)
PTR: dedic.dc.besthosting.ua

tracker_beam.20minut.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.36.115.111 (United States)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

adtelligent-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 37.252.173.38 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.178.65.245 (Amsterdam, Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

pbjs.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.32.59.34 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-59-34.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.83.220.94 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: app-ngx-pl-03.adpartner.pro

a4p.adpartner.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.149.0.72 (Ukraine)

ASN15497 (COLOCALL Internet Data Center ColoCALL, UA)
PTR: 0-72.cc86365-03-tmp.cc.colocall.com

sync.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 142.250.185.226 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 23.35.236.247 (Frankfurt am Main, Germany) 9 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.171.106.179 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-106-179.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 2a00:1450:4001:80f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:214f:2600:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:11::215:14dc (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 52.11.84.32 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-11-84-32.us-west-2.compute.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.214.225.206 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-225-206.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.192.160.219 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 198.47.127.19 (United States) 6 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.138 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.70 (France)

ASN16276 (OVH, FR)
PTR: ns3216620.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
68	googlesyndication.com 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 95 tpc.googlesyndication.com — Cisco Umbrella Rank: 130	412 KB
54	doubleclick.net 12 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 187 stats.g.doubleclick.net — Cisco Umbrella Rank: 92 googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 cm.g.doubleclick.net — Cisco Umbrella Rank: 212 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 284	324 KB
49	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 264	2 MB
48	vsim.ua 1 redirects vsim.ua	1 MB
18	casalemedia.com 9 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 477 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 557 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 530	16 KB
14	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 805 static.adsafeprotected.com — Cisco Umbrella Rank: 552 dt.adsafeprotected.com — Cisco Umbrella Rank: 504	97 KB
12	google.com accounts.google.com — Cisco Umbrella Rank: 82 ampcid.google.com — Cisco Umbrella Rank: 1833 analytics.google.com — Cisco Umbrella Rank: 685 adservice.google.com — Cisco Umbrella Rank: 74 www.google.com — Cisco Umbrella Rank: 7	79 KB
10	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 240	10 KB
10	adtelligent.com player.adtelligent.com — Cisco Umbrella Rank: 5115 ghb.adtelligent.com — Cisco Umbrella Rank: 6102 sync.adtelligent.com — Cisco Umbrella Rank: 4112	155 KB
8	pubmatic.com 6 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 446 image6.pubmatic.com — Cisco Umbrella Rank: 612	3 KB
8	gravitec.net cdn.gravitec.net — Cisco Umbrella Rank: 27389 id.gravitec.net — Cisco Umbrella Rank: 119927	58 KB
5	facebook.com www.facebook.com — Cisco Umbrella Rank: 102	13 KB
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 393 mug.criteo.com — Cisco Umbrella Rank: 2669	1 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 175	166 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	199 KB
3	rubiconproject.com 3 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 354	1 KB
3	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 947	571 B
3	openx.net adtelligent-d.openx.net — Cisco Umbrella Rank: 18143 rtb.openx.net — Cisco Umbrella Rank: 1524	861 B
3	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 3062 adservice.google.co.uk — Cisco Umbrella Rank: 4630	1 KB
3	unpkg.com 2 redirects unpkg.com — Cisco Umbrella Rank: 910	38 KB
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 599	139 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	2 KB
2	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 1128	929 B
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1755	1 KB
2	rlcdn.com 2 redirects id.rlcdn.com — Cisco Umbrella Rank: 598	575 B
2	e-planning.net 1 redirects pbjs.e-planning.net — Cisco Umbrella Rank: 4049	1 KB
2	20minut.ua tracker_beam.20minut.ua	136 B
2	gravitec.media cdn.gravitec.media — Cisco Umbrella Rank: 49720 api.gravitec.media — Cisco Umbrella Rank: 39276	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	113 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 663	614 B
1	everesttech.net 1 redirects pixel.everesttech.net — Cisco Umbrella Rank: 3409	376 B
1	createjs.com code.createjs.com — Cisco Umbrella Rank: 1429	63 KB
1	adpartner.pro 1 redirects a4p.adpartner.pro — Cisco Umbrella Rank: 8026	259 B
1	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 5990	169 B
1	leokross.com leokross.com — Cisco Umbrella Rank: 522538
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1364	38 KB
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
314	38

	Domain	Requested by
49	s0.2mdn.net	vsim.ua s0.2mdn.net 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
48	vsim.ua	1 redirects vsim.ua
39	pagead2.googlesyndication.com	9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com s0.2mdn.net securepubads.g.doubleclick.net
31	cm.g.doubleclick.net	12 redirects googleads.g.doubleclick.net 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com vsim.ua
24	tpc.googlesyndication.com	9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com tpc.googlesyndication.com s0.2mdn.net securepubads.g.doubleclick.net
14	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
10	ib.adnxs.com	4 redirects player.adtelligent.com googleads.g.doubleclick.net
9	dt.adsafeprotected.com	9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com vsim.ua
8	googleads4.g.doubleclick.net	vsim.ua
8	googleads.g.doubleclick.net	9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com vsim.ua
7	cdn.gravitec.net	vsim.ua cdn.gravitec.net
6	image6.pubmatic.com	6 redirects
5	www.google.com	9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com tpc.googlesyndication.com
5	9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	ghb.adtelligent.com	player.adtelligent.com
5	www.facebook.com	vsim.ua connect.facebook.net
5	securepubads.g.doubleclick.net	vsim.ua securepubads.g.doubleclick.net
4	www.googletagservices.com	9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
4	player.adtelligent.com	vsim.ua player.adtelligent.com
4	connect.facebook.net	vsim.ua connect.facebook.net
3	ssum-sec.casalemedia.com	3 redirects
3	pixel.rubiconproject.com	3 redirects
3	odr.mookie1.com	9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
3	static.adsafeprotected.com	fw.adsafeprotected.com 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
3	unpkg.com	2 redirects vsim.ua
3	accounts.google.com	vsim.ua accounts.google.com
2	static.xx.fbcdn.net	www.facebook.com
2	mug.criteo.com	vsim.ua
2	gum.criteo.com	1 redirects
2	fonts.googleapis.com	s0.2mdn.net
2	rtb.openx.net	9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
2	cms.quantserve.com	9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
2	e.dlx.addthis.com	2 redirects
2	id.rlcdn.com	2 redirects
2	fw.adsafeprotected.com	1 redirects vsim.ua
2	pbjs.e-planning.net	1 redirects vsim.ua
2	hbopenbid.pubmatic.com	player.adtelligent.com
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.co.uk	securepubads.g.doubleclick.net
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	tracker_beam.20minut.ua	vsim.ua
2	www.googletagmanager.com	vsim.ua www.googletagmanager.com
2	www.google-analytics.com	vsim.ua www.google-analytics.com
1	id5-sync.com	player.adtelligent.com
1	pixel.everesttech.net	1 redirects
1	code.createjs.com	s0.2mdn.net
1	sync.adtelligent.com	vsim.ua
1	a4p.adpartner.pro	1 redirects
1	htlb.casalemedia.com	player.adtelligent.com
1	adtelligent-d.openx.net	player.adtelligent.com
1	prebid-eu.creativecdn.com	player.adtelligent.com
1	www.google.co.uk	vsim.ua
1	analytics.google.com	www.googletagmanager.com
1	api.gravitec.media	cdn.gravitec.media
1	ampcid.google.com	www.google-analytics.com
1	cdn.gravitec.media	cdn.gravitec.net
1	id.gravitec.net	cdn.gravitec.net
1	leokross.com	vsim.ua
1	www.googleoptimize.com	vsim.ua
0	googlecm.hit.gemius.pl Failed	9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
314	60

This site contains links to these domains. Also see Links.

Domain
vn.20minut.ua
zt.20minut.ua
te.20minut.ua
kazatin.com
invite.viber.com
t.me
www.facebook.com
news.google.com
www.instagram.com
www.besthosting.ua
ua.depositphotos.com
www.eeas.europa.eu
www.irf.ua

Subject Issuer	Validity	Valid
vsim.ua Sectigo RSA Domain Validation Secure Server CA	`2021-10-04` - `2022-10-04`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
*.gravitec.net AlphaSSL CA - SHA256 - G2	`2022-03-22` - `2023-04-23`	a year	crt.sh
accounts.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-02-25` - `2022-05-26`	3 months	crt.sh
leokross.com R3	`2021-12-20` - `2022-03-20`	3 months	crt.sh
player.adtelligent.com R3	`2022-03-21` - `2022-06-19`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
cdn.gravitec.media R3	`2022-03-24` - `2022-06-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
api.gravitec.media R3	`2022-04-16` - `2022-07-15`	3 months	crt.sh
ghb.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2022-04-07` - `2022-07-06`	3 months	crt.sh
*.20minut.ua Sectigo RSA Domain Validation Secure Server CA	`2021-10-18` - `2022-10-18`	a year	crt.sh
www.google.co.uk GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
*.google.co.uk GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2022-04-28` - `2023-05-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
tls.adobe.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-29` - `2023-05-30`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2021-11-19` - `2022-12-18`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-11` - `2022-07-07`	3 months	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh

This page contains 33 frames:

Primary Page: https://vsim.ua/
Frame ID: 8F929A70C3C2ED5D7B796A6400C10772
Requests: 108 HTTP requests in this frame

Frame: https://vsim.ua/site_login/iframe
Frame ID: C5064989CE3F9B518ADC1B21ECB87579
Requests: 3 HTTP requests in this frame

Frame: https://id.gravitec.net/
Frame ID: 027594AB1D01A37BB8A2EE6617216843
Requests: 1 HTTP requests in this frame

Frame: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: FCC0C560B0C51F81B96F83AC0233ECF0
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 03A53B2F0D5C944CEC603417D8FDA051
Requests: 1 HTTP requests in this frame

Frame: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2F7820D43B8A5A8D3661B717F63E95A8
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNqH3pMDEJGuvpoDGNyOpMgBMAE&v=APEucNWrh7HNOTkw-wOZI8yTRBSoUpEVio9Rl2cY2o7aGKkHqlZXzR_WnBZbJ8kvh52x30rRsmJtIaZ5p5KAZ_kJ3-qDV72asBHrrLiJVuy5Wrmi5J-Oh4M0wq0V9J0hdbjaTpMo5iIgVP_p94alI-NlVa88KmmxW4qRHU8XyBobtbN4Vq65Ylo
Frame ID: 759310165CDB9A4C7071F410FB315FA1
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/11581991/1649936156235/310403289_AerLingus_TA_Manchester_OrlandoNY_300x250.html
Frame ID: 0BA928954C87DA063E2744148BA7719D
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D84D3555FB004C3D19EEC8EA49CA6F1E
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 7C5ED3D732857132FACC8AC5DE0CE69C
Requests: 1 HTTP requests in this frame

Frame: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3F4193F3C22D9CEC6EB2C4BF409CE350
Requests: 15 HTTP requests in this frame

Frame: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 91C1278CE26AA80D6C7C1C8BA047DF4D
Requests: 16 HTTP requests in this frame

Frame: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6024697D421643E1D57D6AC7733A162A
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCj-8KCAhjhuenKATAB&v=APEucNWCbxiUQqMCPq2XvDlHG6DNvqLT6F-UtS-03JEsOjuazkdWuaKpE5_Mlu7nDUDiZ7otc2YPjjsHsVAm8uosKzl1soaokvZE2EIDQbmG9mEkXmvnoOZU8zL2dZiXkz7SqnFsxeRGu3W0nSqQnz2WHULt3YagWuEl0ngxEXTBNo97xhauxb4
Frame ID: EADF4D4B7352D00501744C4B06EBA187
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2M4wEQh7-_nwMY8K6myQEwAQ&v=APEucNXAW6-24zIl8QQuRwhL9RqJSd--Aa4KbyH6ZMMxgy53kgQKb0jDHNyKXIVyQHDGRdcI9r7aGehvkuSlT94GfRvHy4sgKk_IXZw7r0WQYtBMdZBdnqrt8vIQeecslzbnYAt2dJjyN9Z8e93893RGg0jjKRXlFxeeNF7A_iCfqFS3-mhbxAk
Frame ID: 64DC7CB1A50FE187709D38D9F0E508D6
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2M4wEQh7-_nwMY8K6myQEwAQ&v=APEucNUNY3jjsyOWbGvYZN3gV_nAuDQnEpkVtAMt7pdY6Kh1eTeMJu_vsRGTB24Vi64tdijh8_qXDgd3aoO6TmISIT7lrUX-mmMpAkvheuQs2XIsGtHYnogF43w-B3UjVxJgmg2DXTrEmwpyiptubQrYAk54G5KDaRirmLK278SuAfTajGIAdGA
Frame ID: 2ECDFB644F29B2B4667B1087C795FC8F
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 6696FB264F800EEE3553ECE4F2A4168B
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A8333F57397DCF202E3DE2957706855B
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 6D50BF8CE470D9A8EA2A989FDAC9A793
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 50E9976A33C3C98D567ACECC6D7712EF
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A048B44F8B1FB5993A1B430441F00A2C
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 50B8A1AE8100A4321438CA8BC9F16CBD
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=NehQoaFRPd&t=1&renderingType=2&ev=01_247
Frame ID: 4FB47AE61F979EB88DEBC6CAA58839AD
Requests: 12 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
Frame ID: 5CBD584968E1C35C5910338C7870C5FB
Requests: 24 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247
Frame ID: F15587B1EDCE8D62D62C11D601F7D1B4
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js
Frame ID: E9CC04CB1363C95F057A88D0D7A6ABCD
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js
Frame ID: D9FE2DACA3FC763D468C1069E611B10A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js
Frame ID: 9D4837C54EA32FF5623B69BEF4E8AA07
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js
Frame ID: EF4B31EB9E47A1D0B10FA85A55559D4A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js
Frame ID: 2120B9DB787292E945B239894A46BD2C
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v12.0/plugins/login_button.php?app_id=178301089580185&auto_logout_link=false&button_type=continue_with&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfafd6a3c34bd34%26domain%3Dvsim.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fvsim.ua%252Ff14c5b442050c44%26relation%3Dparent.parent&container_width=0&layout=rounded&locale=uk_UA&login_text=&sdk=joey&size=medium&use_continue_as=true&width=250
Frame ID: E1E737345239BAF546EFE72DB3AA3F0F
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4F1DDFD0DCB609092DB4B678DB70A35D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8BD6DB8C205ECE8159F5A78117E09795
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Всім - Новини Хмельницького

Page URL History Show full URLs

http://vsim.ua/ HTTP 301
https://vsim.ua/ Page URL

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

accounts\.google\.com/gsi/client

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Page Statistics

314
Requests

88 %
HTTPS

48 %
IPv6

38
Domains

60
Subdomains

47
IPs

9
Countries

5161 kB
Transfer

11974 kB
Size

47
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://vn.20minut.ua/
Title: Вінниця

Search URL Search Domain Scan URL

URL: https://zt.20minut.ua/
Title: Житомир

Search URL Search Domain Scan URL

URL: https://te.20minut.ua/
Title: Тернопіль

Search URL Search Domain Scan URL

URL: https://kazatin.com/
Title: Козятин

Search URL Search Domain Scan URL

URL: https://invite.viber.com/?g2=AQAlCG5A7vvn5UlcXTVOPYYe8%2BNbbSdYNqt%2FAkWqrcA8b94WcKGEqaRwpKqWVh9M

Search URL Search Domain Scan URL

URL: https://t.me/vsimnews

Search URL Search Domain Scan URL

URL: https://www.facebook.com/vsim.ua/

Search URL Search Domain Scan URL

URL: https://news.google.com/publications/CAAqBwgKMOzqjwswxLKjAw?hl=uk&gl=UA&ceid=UA%3Auk

Search URL Search Domain Scan URL

URL: https://www.instagram.com/vsim_ka/

Search URL Search Domain Scan URL

URL: http://www.besthosting.ua/

Search URL Search Domain Scan URL

URL: https://ua.depositphotos.com/

Search URL Search Domain Scan URL

URL: https://www.eeas.europa.eu/delegations/ukraine_en

Search URL Search Domain Scan URL

URL: https://www.irf.ua/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://vsim.ua/ HTTP 301
https://vsim.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

https://unpkg.com/imask HTTP 302
https://unpkg.com/imask@6.4.2 HTTP 302
https://unpkg.com/imask@6.4.2/dist/imask.js

Request Chain 78

https://pbjs.e-planning.net/pbjs/1/2e43c/1/vsim.ua/ROS?rnd=0.9361004784805287&e=1200x250_0%3A1200x250%2C1200x400%2B1200x250_1%3A1200x250%2C1200x400%2B1200x250_2%3A1200x250%2C1200x400&ur=https%3A%2F%2Fvsim.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fvsim.ua%2F&e_pubcid=b510f659-ef44-4219-a70f-c36b2409c207 HTTP 302
https://pbjs.e-planning.net/hb/1/2e43c/1/vsim.ua/ROS?ct=1&r=pbjs&rnd=0.9361004784805287&e=1200x250_0%3A1200x250%2C1200x400%2B1200x250_1%3A1200x250%2C1200x400%2B1200x250_2%3A1200x250%2C1200x400&ur=https%3A%2F%2Fvsim.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fvsim.ua%2F&e_pubcid=b510f659-ef44-4219-a70f-c36b2409c207

Request Chain 83

https://a4p.adpartner.pro/ssp/match?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307558%26extuid%3D%7Buser_id%7D HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=5a33ee0d-75be-4bbc-aaaa-b155c60e1b76

Request Chain 96

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHf2ZOmmg2uYfPrdH3E_ok&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHf2ZOmmg2uYfPrdH3E_ok&google_cver=1&C=1

Request Chain 97

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YoYDcxqPrMDw1RIyk5IoYAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAsm4sFs3Mzrn5zXYxQnEB8&google_cver=1

Request Chain 98

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEN-5-WGsFl6fxwieejyw2xY&google_cver=1

Request Chain 99

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D

Request Chain 114

https://fw.adsafeprotected.com/rfw/st/1019383/62538988/skeleton.js?adsafe_url=https%3A%2F%2Fvsim.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:728c4d7a-4233-30fb-95e4-923cb0857c83,c:d32Bgj,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-58499bf7cc-bm2j5,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:260,fm:t6gFdXZ+11%7C12%7C13%7C14*.1019383-62538988%7C141%7C142%7C1431,idMap:14*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:276,oid:e90b1b79-d74f-11ec-b2da-3693c5f68e3d,v:19.8.309,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 149

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1

Request Chain 150

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YoYDc5Iw7O0z-PH3ey.YOQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1&google_hm=2

Request Chain 151

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDoscW04Rkml8bwyEA1aD1k&google_cver=1

Request Chain 152

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D

Request Chain 153

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1

Request Chain 154

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YoYDc5Iw7O0z-PH3ey.YOQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1&google_hm=2

Request Chain 155

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDoscW04Rkml8bwyEA1aD1k&google_cver=1

Request Chain 156

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D

Request Chain 157

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1

Request Chain 158

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YoYDc5Iw7O0z-PH3ey.YOQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1&google_hm=2

Request Chain 159

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDoscW04Rkml8bwyEA1aD1k&google_cver=1

Request Chain 160

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D

Request Chain 184

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKnNd57JMJEZrSadJoaETtd8YNDysvHAwQjoaTA_krICe_vO1g6On1nWEmRKbfpBx7iUXJwQDAdB_PSbo555dJoWKHue8I4&google_gid=CAESED-Um9D6YoOQ1N-9bGWGWYM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WW9ZRGRBQUFCRWFSTmo5TQ&google_push=AYg5qPKnNd57JMJEZrSadJoaETtd8YNDysvHAwQjoaTA_krICe_vO1g6On1nWEmRKbfpBx7iUXJwQDAdB_PSbo555dJoWKHue8I4

Request Chain 185

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPILlANI-15KTGJPO82XDxg1C7CCfxGUrffQSXacXbzgdh_qVLExtmrR0caNMNsF0A-duCNse7zv79JxnRNTzjYG6MlsFAqL&google_gid=CAESEJ1WaE-iAJp411bCPQU5Rss&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCPSGmJQGEgUI6AcQAEIASnBnb29nbGVfcHVzaD1BWWc1cVBJTGxBTkktMTVLVEdKUE84MlhEeGcxQzdDQ2Z4R1VyZmZRU1hhY1hiemdkaF9xVkxFeHRtclIwY2FOTU5zRjBBLWR1Q05zZTd6djc5SnhuUk5UempZRzZNbHNGQXFM HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwdGpGWkNBN0hrcFZ5WHJRZHF5REVieDdrdkgxLW9HU3NaVUx4T3ktZUxaTQ==&google_push

Request Chain 186

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKaf4Z6CMLjzgkS5ri5ei9Y85TXqscn0X9G9MCyptrTIrkhd6CNSLluNaymK31tO32YQHPaU8dSEHeD1bF1omskzi7L8PE62A&google_gid=CAESEGKSzOgCpzRL12cNZvryGpI&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKaf4Z6CMLjzgkS5ri5ei9Y85TXqscn0X9G9MCyptrTIrkhd6CNSLluNaymK31tO32YQHPaU8dSEHeD1bF1omskzi7L8PE62A&google_gid=CAESEGKSzOgCpzRL12cNZvryGpI&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA1MTkwODQ0MzYwMDA3NjMxNDc2Mzk1MQ%3D%3D&google_push=AYg5qPKaf4Z6CMLjzgkS5ri5ei9Y85TXqscn0X9G9MCyptrTIrkhd6CNSLluNaymK31tO32YQHPaU8dSEHeD1bF1omskzi7L8PE62A

Request Chain 188

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPrA2nRnar-jpUt9JO8KTns&google_cver=1&google_push=AYg5qPJGisriE20g8gZ-OpW6xuPkE0_HD3Xe_oHU7_fp3tdETlaxUXaLkpi1DCizC-SPyUnXytpNr47W9tI7oeiJtDUuR_ypNOta6A HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPrA2nRnar-jpUt9JO8KTns&google_cver=1&google_push=AYg5qPJGisriE20g8gZ-OpW6xuPkE0_HD3Xe_oHU7_fp3tdETlaxUXaLkpi1DCizC-SPyUnXytpNr47W9tI7oeiJtDUuR_ypNOta6A&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=SZGwOTN2TlGRPy24IAFpSg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJGisriE20g8gZ-OpW6xuPkE0_HD3Xe_oHU7_fp3tdETlaxUXaLkpi1DCizC-SPyUnXytpNr47W9tI7oeiJtDUuR_ypNOta6A

Request Chain 189

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENf8oWa7s7RHSQVVZAYfqMU&google_cver=1&google_push=AYg5qPLK5fWJehzj9oSVoyEJiyO2jabPJ8wFdocUa02SXH4TaSXnKf2rRIY4nllaZ4gvT6wEODkax7ywgw-L9O2YPEQfRYmBISla HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNDUk9GQlgtMUItNUdZSQ==&google_push=AYg5qPLK5fWJehzj9oSVoyEJiyO2jabPJ8wFdocUa02SXH4TaSXnKf2rRIY4nllaZ4gvT6wEODkax7ywgw-L9O2YPEQfRYmBISla

Request Chain 190

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw&google_cver=1&google_push=AYg5qPJIBcv6kraV8_ngf4yEcXrT1uFl_TsAzhtIb438ymHpRpCcDUrxfQiDuK_xbtoTwzn0a4oLQYo-8685zZ3J48BbiHxRqjw48w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoYDc5Iw7O0z_PH3ey-YOQAAAR8AAAAB&google_cver=1&google_push=AYg5qPJIBcv6kraV8_ngf4yEcXrT1uFl_TsAzhtIb438ymHpRpCcDUrxfQiDuK_xbtoTwzn0a4oLQYo-8685zZ3J48BbiHxRqjw48w&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw

Request Chain 196

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPrA2nRnar-jpUt9JO8KTns&google_cver=1&google_push=AYg5qPLywly5_WABJKccPJ1LqoB2SIQJoHRdnkd5-XNix6l3tGDwrDhga4tFKSoOevknqFjf0bcw5RYIjrew-8QLHi_6vyKNXF3qxA HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPrA2nRnar-jpUt9JO8KTns&google_cver=1&google_push=AYg5qPLywly5_WABJKccPJ1LqoB2SIQJoHRdnkd5-XNix6l3tGDwrDhga4tFKSoOevknqFjf0bcw5RYIjrew-8QLHi_6vyKNXF3qxA&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=N0l8v9vjQxSWwA4hCb5Q6w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLywly5_WABJKccPJ1LqoB2SIQJoHRdnkd5-XNix6l3tGDwrDhga4tFKSoOevknqFjf0bcw5RYIjrew-8QLHi_6vyKNXF3qxA

Request Chain 197

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENf8oWa7s7RHSQVVZAYfqMU&google_cver=1&google_push=AYg5qPJ7ZNfOMCEorp-JTO5-JtlRFIDNh6np8jpd0KLLoEzvBBrH_O0DfQk70h8Z81i0rgcQiBN_FDGN37RBnPvpyJ_9FP48942KrA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNDUk9GQlotQy1QT1E=&google_push=AYg5qPJ7ZNfOMCEorp-JTO5-JtlRFIDNh6np8jpd0KLLoEzvBBrH_O0DfQk70h8Z81i0rgcQiBN_FDGN37RBnPvpyJ_9FP48942KrA

Request Chain 198

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw&google_cver=1&google_push=AYg5qPIq7Zknq6VNImkX8s_yZuAIaJxPH85fegmnMqEWq5o2B-d2S_XfRGZiqbJZtLOZU5wjf1rm-j91p_Y7PxIEJST4dONWLEUEew HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoYDc5Iw7O0z_PH3ey-YOQAAAR8AAAAB&google_cver=1&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw&google_push=AYg5qPIq7Zknq6VNImkX8s_yZuAIaJxPH85fegmnMqEWq5o2B-d2S_XfRGZiqbJZtLOZU5wjf1rm-j91p_Y7PxIEJST4dONWLEUEew

Request Chain 204

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPrA2nRnar-jpUt9JO8KTns&google_cver=1&google_push=AYg5qPI41uvybrHC4GnJpUWORY66M3m-Caabo8uqt2WtjnlUk29Hq13vuQyt5s5SGjtyhW4x78OakUqtDNLojQA0Dtey7hX1gjwe HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPrA2nRnar-jpUt9JO8KTns&google_cver=1&google_push=AYg5qPI41uvybrHC4GnJpUWORY66M3m-Caabo8uqt2WtjnlUk29Hq13vuQyt5s5SGjtyhW4x78OakUqtDNLojQA0Dtey7hX1gjwe&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8eQjSPmLSjeOZfwA6CS2EQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI41uvybrHC4GnJpUWORY66M3m-Caabo8uqt2WtjnlUk29Hq13vuQyt5s5SGjtyhW4x78OakUqtDNLojQA0Dtey7hX1gjwe

Request Chain 205

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENf8oWa7s7RHSQVVZAYfqMU&google_cver=1&google_push=AYg5qPLlA_gWrJeUAqTY7fDRjqau5k2c8nvGsL5vYQ9Xwz7vZk74Jae5hrDIj714hdCdZmbKhHZNg7byVuOyniKN_SWLF860GDg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNDUk9GQzEtMTEtOEFBVQ==&google_push=AYg5qPLlA_gWrJeUAqTY7fDRjqau5k2c8nvGsL5vYQ9Xwz7vZk74Jae5hrDIj714hdCdZmbKhHZNg7byVuOyniKN_SWLF860GDg

Request Chain 206

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw&google_cver=1&google_push=AYg5qPJ9zVPWTvEro6PEf-ZH9E94J0E5YkwGulP9HtvCgWFpe-7pLhDIQDk8HpOIFxiHPkC_zBqYHZkbN0AXEuLHm2MsmVFShjFQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoYDc5Iw7O0z_PH3ey-YOQAAAR8AAAAB&google_push=AYg5qPJ9zVPWTvEro6PEf-ZH9E94J0E5YkwGulP9HtvCgWFpe-7pLhDIQDk8HpOIFxiHPkC_zBqYHZkbN0AXEuLHm2MsmVFShjFQ&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw&google_cver=1

Request Chain 283

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fvsim.ua%2F&domain=vsim.ua&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=36TsEnxsWWVYbHFDY1E3K21JTllYNEpQdzlMWnJZeklqNWRVVDFQRCtrY0VKMkZma3o4b3BieWdnalozbHBUQWVpM3FiYlBhY3o5N2lHdGtSb1Y1VHZJTlg1NkNLaTE1bXFlSE5haW51R1R5eFp5bHl4b3h5M1JPL09DVFlvVEpEak1nL1V3VWdPNFhLUFFjdThPQlFzVE95Qk4vUUF4VkQvSmJmdTJrN3VlWm41bHIwTkVLWjAzN3dOZzdYaGNIMDYzL0NpUkt6aDVyMXZ0VmNldjRwZ1QyamtqaXJRNlhIK1puNHA0SSt5bzdNSWdvPXw&cppv=2

314 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
vsim.ua/
Redirect Chain

http://vsim.ua/
https://vsim.ua/

277 KB
41 KB

909ms
752ms

Document
text/html

31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 605ff3cbddb9a4113dea8cee7a27034a03dfd09a3cf7fb3cb3e338d6d4cdf580

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: public, s-maxage=30
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 19 May 2022 08:44:33 GMT
server: nginx
vary: Accept-Encoding
x-cache: BYPASS
x-dev: Desktop
x-stat: 1

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Thu, 19 May 2022 08:44:32 GMT
Location: https://vsim.ua/
Server: nginx

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 96 KB
38 KB 151ms
49ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-NWSHLFG

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6fd122f2f006c30c2cfdca346e270fc954a42458750fe0b6b28e96de4421da64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:33 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38304
x-xss-protection: 0
last-modified: Thu, 19 May 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 19 May 2022 08:44:33 GMT

GET
H2 200 client.js Show response
cdn.gravitec.net/storage/d9345397765ace7e36f5036f718db82e/ 64 KB
18 KB 128ms
55ms Script
application/javascript 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/storage/d9345397765ace7e36f5036f718db82e/client.js
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: ae45377af9d89238bdd28995edb79dc857c596ee256268874c5478e020807211

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:33 GMT
content-encoding: gzip
last-modified: Tue, 05 Apr 2022 09:11:37 GMT
server: nginx
etag: W/"624c07c9-100fb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Tue, 05 Apr 2022 09:14:07 GMT
cache-control: max-age=10
x-proxy-cache: REVALIDATED

GET
H2 200 ed8d0db.js Show response
vsim.ua/js/ 95 KB
33 KB 174ms
174ms Script
application/javascript 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/js/ed8d0db.js?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: bc9c2a692b2e51f7452889365de85134341d53f8d36539cdaef3a8277db2edd1

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:33 GMT
content-encoding: gzip
last-modified: Wed, 18 May 2022 11:22:57 GMT
server: nginx
etag: W/"6284d711-17b3b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 3831ad9.css
vsim.ua/css/ 631 KB
96 KB 87ms
87ms Stylesheet
text/css 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/css/3831ad9.css?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 87e36f6113145798fd0bef9811d421b555449f0f3a6499d70fec815c081afaa2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:33 GMT
content-encoding: gzip
last-modified: Wed, 18 May 2022 11:22:56 GMT
server: nginx
etag: W/"6284d710-9dc01"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 client Show response
accounts.google.com/gsi/ 191 KB
77 KB 237ms
142ms Script
application/javascript 2a00:1450:4001:802::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3bbbbfcf8b9551e755dee25db502c6b040bb60e8264a8213f572eea26889f423

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-udcZubMqq-5agwvpqWyUgA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-udcZubMqq-5agwvpqWyUgA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Thu, 19 May 2022 08:44:34 GMT

GET
H2 200 Logo_new_vsim_v8.png
vsim.ua/img/ 5 KB
5 KB 146ms
141ms Image
image/png 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/Logo_new_vsim_v8.png
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: b8b9e3e8e1276c694f2cb8c6957a36d9d8ec542a8fd8d2166ed58d6897aaaa30

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
etag: "5e4d36b2-126c"
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 4716
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 news_today.svg
vsim.ua/html/20min-page/web/img/icon-title/ 1 KB
1 KB 146ms
142ms Image
image/svg+xml 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/icon-title/news_today.svg
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: dd6bfabd983e40a92cd350180c9a98cd9e3f282335f73b2c2537ba3d4c9332d8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
accept-ranges: bytes
etag: "5e4d36b2-467"
content-length: 1127
content-type: image/svg+xml

GET
H2 200 8ffb14cb46cdb5fbc156e7ce18cb8c408f83e06e.jpeg
vsim.ua/img/cache/reference/panel_link/0026/31/ 4 KB
4 KB 146ms
142ms Image
image/jpeg 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/reference/panel_link/0026/31/8ffb14cb46cdb5fbc156e7ce18cb8c408f83e06e.jpeg?hash=2022-02-25-14-28-31
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: eaf2c9137e521e1f030246115b742374c4594cc7facea8f516f19f44ffe05571

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Fri, 25 Feb 2022 12:28:56 GMT
server: nginx
accept-ranges: bytes
etag: "6218cb88-e27"
content-length: 3623
content-type: image/jpeg

GET
H2 200 9024a147951615ce3d980390f5dcde4cb86f3de3.jpeg
vsim.ua/img/cache/reference/panel_link/0021/03/ 797 B
920 B 146ms
143ms Image
image/jpeg 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/reference/panel_link/0021/03/9024a147951615ce3d980390f5dcde4cb86f3de3.jpeg?hash=2020-11-16-13-57-22
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: b1f484070f3a01a04875ffb1e467f31eac8336a3456c807400b47f1c51f53a58

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Mon, 26 Apr 2021 13:52:21 GMT
server: nginx
accept-ranges: bytes
etag: "6086c595-31d"
content-length: 797
content-type: image/jpeg

GET
H2 200 bg_img.jpg
vsim.ua/html/20min-page/web/img/ 285 B
462 B 146ms
143ms Image
image/jpeg 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/bg_img.jpg
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 976781a6b69b836769e66569658da0331231de13c91eeb66948cb035b91f8971

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
etag: "5e4d36b2-11d"
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 285
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Often_comment.svg
vsim.ua/html/20min-page/web/img/icon-title/ 929 B
1 KB 146ms
143ms Image
image/svg+xml 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/icon-title/Often_comment.svg
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: e81753a8f9689cc6359d1219ef65e37e7827db414e82711378357de5377c18a7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
accept-ranges: bytes
etag: "5e4d36b2-3a1"
content-length: 929
content-type: image/svg+xml

GET
H2 200 bg_img.jpg
vsim.ua/html/20min-page/web/img/ 285 B
462 B 147ms
143ms Image
image/jpeg 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/bg_img.jpg?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 976781a6b69b836769e66569658da0331231de13c91eeb66948cb035b91f8971

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
etag: "5e4d36b2-11d"
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 285
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Newslater.svg
vsim.ua/bundles/twentyminutuamain/img/icon-title/ 766 B
946 B 147ms
144ms Image
image/svg+xml 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/bundles/twentyminutuamain/img/icon-title/Newslater.svg?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 3f7395272e337bd77d47ff9ba8f42f01348f039527171842d0cd2f802e322721

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: nginx
etag: "5e4d36b1-2fe"
content-type: image/svg+xml
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 766
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 04757c045656223f79bdfdb8cb09896f9b1eaf03.png
vsim.ua/img/cache/reference/rubric_partner/0021/76/ 8 KB
8 KB 147ms
144ms Image
image/png 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/reference/rubric_partner/0021/76/04757c045656223f79bdfdb8cb09896f9b1eaf03.png?hash=2021-01-22-11-59-23
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 1f0c2b0a2c352645b53399aff7d600aef3a1d49377280b4dbe6d6d8cc291a935

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Mon, 14 Feb 2022 16:26:41 GMT
server: nginx
accept-ranges: bytes
etag: "620a82c1-200e"
content-length: 8206
content-type: image/png

GET
H2 200 EU_hor.png
vsim.ua/html/20min-page/web/img/ 77 KB
77 KB 150ms
147ms Image
image/png 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/EU_hor.png
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: c0f3f63b8aa81276ab867ee8172db9e3f7a03df59f3c868670c35cd7c635c762

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 27 Apr 2022 07:07:05 GMT
server: nginx
etag: "6268eb99-1329e"
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 78494
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Vidrod%C5%BEennia-Logos-Horizontal-16-01.png
vsim.ua/html/20min-page/web/img/ 13 KB
14 KB 157ms
154ms Image
image/png 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/Vidrod%C5%BEennia-Logos-Horizontal-16-01.png
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 88b263a05e0fa2a8084852de8152c02ade2b1cb33a2d9bbb780a2d9561e48c63

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 27 Apr 2022 07:07:05 GMT
server: nginx
etag: "6268eb99-35a6"
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 13734
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/uk_UA/ 3 KB
2 KB 122ms
39ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/uk_UA/sdk.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2c52fea16ae623e19906e32d276be5f40a95f6ca014e31ce41d61268fc925c97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://vsim.ua/
Origin: https://vsim.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: e++mODY9eMZBzi1YO4+OMg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: DE+Soc/B2QGCJCIWLx/2xzdTuFX85UPqKphNWY4rfHv/T7fuqy5zaA5Bvmw7t4IHZD/w9WBsPaQO9AN3OtgAfg==
x-fb-trip-id: 2050670934
x-fb-content-md5: d8aa054c3627d32f5ea0b429e7c7fe04
x-frame-options: DENY
date: Thu, 19 May 2022 08:44:34 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "208838c69b972e6d75785772ca4ba02c"
timing-allow-origin: *
expires: Thu, 19 May 2022 08:52:15 GMT

GET
H2

200

imask.js Show response
unpkg.com/imask@6.4.2/dist/
Redirect Chain

https://unpkg.com/imask
https://unpkg.com/imask@6.4.2
https://unpkg.com/imask@6.4.2/dist/imask.js

166 KB
37 KB

59ms
59ms

Script
application/javascript

2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/imask@6.4.2/dist/imask.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8fad7ea6d56c85bc473f0091aa9870e4a7db6609c037eac826ed00c68ea3fb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8547179
fly-request-id: 01FVF0MEM9R82PJZRWV45JJY9Y
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"297db-B/zbN+2crPCo1IRXSpVqEqQx/1k"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 70db8d29cef623df-ZRH

Redirect headers

date: Thu, 19 May 2022 08:44:34 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01FVF0KPWPNHFDD5B1KYNJ3R38
server: cloudflare
age: 8547179
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /imask@6.4.2/dist/imask.js
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 70db8d294e3323df-ZRH
access-control-allow-origin: *

GET
H2 200 Push_notifacation.svg
vsim.ua/html/20min-page/web/img/sub_image/ 2 KB
2 KB 157ms
155ms Image
image/svg+xml 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/sub_image/Push_notifacation.svg?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: b50736d5ec0097525d6ff80d1b680bbbec44ada253b9f2c8171d76ec1350c28e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
accept-ranges: bytes
etag: "5e4d36b2-75a"
content-length: 1882
content-type: image/svg+xml

GET
H2 200 Instagram.svg
vsim.ua/html/20min-page/web/img/sub_image/ 2 KB
2 KB 158ms
155ms Image
image/svg+xml 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/sub_image/Instagram.svg?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 2f42c410eba2c4dc22b4c39f686000a1a7093a01b84551a19ffc30b26c72a86a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
accept-ranges: bytes
etag: "5e4d36b2-884"
content-length: 2180
content-type: image/svg+xml

GET
H2 200 Email.svg
vsim.ua/html/20min-page/web/img/sub_image/ 3 KB
3 KB 158ms
155ms Image
image/svg+xml 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/sub_image/Email.svg?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: eccd88565d076df2201301bafbec831407665672e90f547f4de6c0cf850be75a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
accept-ranges: bytes
etag: "5e4d36b2-aa0"
content-length: 2720
content-type: image/svg+xml

GET
H2 200 Telegram.svg
vsim.ua/html/20min-page/web/img/sub_image/ 2 KB
2 KB 158ms
156ms Image
image/svg+xml 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/sub_image/Telegram.svg?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 5f303a0de1cfe53713218d7f8b6d58cb3a85e0946f81cf0e4b79d1ce76e3a97b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
accept-ranges: bytes
etag: "5e4d36b2-7c3"
content-length: 1987
content-type: image/svg+xml

GET
H2 200 Viber.svg
vsim.ua/html/20min-page/web/img/sub_image/ 4 KB
4 KB 158ms
156ms Image
image/svg+xml 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/sub_image/Viber.svg?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 91c51f424031f6d025726982227527bc60cdc06c4bbe948cda46c66c54c2a695

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
accept-ranges: bytes
etag: "5e4d36b2-1132"
content-length: 4402
content-type: image/svg+xml

GET
H2 200 GN.svg
vsim.ua/html/20min-page/web/img/sub_image/ 5 KB
5 KB 158ms
156ms Image
image/svg+xml 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/sub_image/GN.svg?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 34b32035c62caeb6ba158476cdc55287421596f7db6cfc52ca84d7a7bede75aa

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
accept-ranges: bytes
etag: "5e4d36b2-145a"
content-length: 5210
content-type: image/svg+xml

GET
H2 200 0728b5d.js Show response
vsim.ua/js/ 879 KB
239 KB 86ms
86ms Script
application/javascript 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/js/0728b5d.js?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: e248ccf39aee781866abb6a97023d16144fb3394017395b0594174c9f1904a2b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:33 GMT
content-encoding: gzip
last-modified: Wed, 18 May 2022 11:22:53 GMT
server: nginx
etag: W/"6284d70d-dbba4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 504 aGeq.js
leokross.com/vAW/ 0
0 6508ms
6044ms Script
text/html 79.171.117.17
VARITI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://leokross.com/vAW/aGeq.js
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 79.171.117.17 , Russian Federation, ASN64494 (VARITI-AS, RU),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 hb_306660_6693.js Show response
player.adtelligent.com/prebidlink/459152/ 386 KB
118 KB 126ms
54ms Script
application/javascript 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/459152/hb_306660_6693.js
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: e2fa9f11d8500691a31d8d2c4edcdcce235325f668ec0540de3c7a988d44ca92

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
last-modified: Mon, 25 Apr 2022 05:33:36 GMT
server: nginx
etag: W/"626632b0-608ff"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 21 May 2022 08:44:34 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
29 KB 168ms
50ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

sffe /

Resource Hash

e7214401936859098670a5142026ce776d3565a9ba81eb2525c04b066044d322

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29050
x-xss-protection: 0
server: sffe
etag: "1219 / 333 of 1000 / last-modified: 1652911575"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 19 May 2022 08:44:34 GMT

GET
H2 200 wrapper_hb_306660_6693.js Show response
player.adtelligent.com/prebidlink/459152/ 786 B
745 B 168ms
96ms Script
application/javascript 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/459152/wrapper_hb_306660_6693.js
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: aef231caad9876f19aba7e2abc99353c2a2f45b4fee982fd2ca7edc59978a8f4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
last-modified: Wed, 18 May 2022 21:47:15 GMT
server: nginx
etag: W/"62856963-312"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 21 May 2022 08:44:34 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 128ms
39ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4188
date: Thu, 19 May 2022 07:34:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 19 May 2022 09:34:46 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 125 KB
45 KB 146ms
57ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TST74WS

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9ace55ef9b43ad6845d7106ee0e3a7d42207e5968e008511f9472e1c11ba3b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45499
x-xss-protection: 0
last-modified: Thu, 19 May 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 19 May 2022 08:44:34 GMT

GET
H2 200 remplib.js Show response
vsim.ua/bundles/twentyminutuapaywall/js/ 193 KB
36 KB 166ms
164ms Script
application/javascript 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/bundles/twentyminutuapaywall/js/remplib.js?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: fa790aa2667f45ccaceb5fdc2f784c856eb3d4ac5a3e8ba5b2aacec8c8b2722b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
last-modified: Fri, 10 Sep 2021 08:36:22 GMT
server: nginx
etag: W/"613b1906-30266"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 121ms
40ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26310
x-xss-protection: 0
pragma: public
x-fb-debug: UEX8wEDCgefQwd+Xx+xX4+lLHOx+0VoeOWpb802lV+t7Ygmy/oxkS71sPH2FvYz22HpKnQBPzK1VA0FakDsgbw==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 19 May 2022 08:44:34 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 fontawesome-webfont.woff2
vsim.ua/bundles/twentyminutuamain/fonts/ 70 KB
70 KB 162ms
161ms Font
font/woff2 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/bundles/twentyminutuamain/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by: Host: vsim.ua
URL: https://vsim.ua/css/3831ad9.css?73e4da98
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Request headers

Referer: https://vsim.ua/css/3831ad9.css?73e4da98
Origin: https://vsim.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: nginx
etag: "5e4d36b1-118d8"
content-type: font/woff2
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 71896
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 MaterialIcons-Regular.woff2
vsim.ua/bundles/twentyminutuamain/fonts/ 43 KB
43 KB 202ms
202ms Font
font/woff2 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/bundles/twentyminutuamain/fonts/MaterialIcons-Regular.woff2
Requested by: Host: vsim.ua
URL: https://vsim.ua/css/3831ad9.css?73e4da98
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726

Request headers

Referer: https://vsim.ua/css/3831ad9.css?73e4da98
Origin: https://vsim.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: nginx
etag: "5e4d36b1-ad0c"
content-type: font/woff2
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 44300
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 configs Show response
cdn.gravitec.net/sdk/web/ 5 KB
1 KB 95ms
39ms Fetch
application/json 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/sdk/web/configs?appKey=d9345397765ace7e36f5036f718db82e
Requested by: Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/d9345397765ace7e36f5036f718db82e/client.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: bb81a3f6452967a392101c3127a76d8b5f22cafd70f8baa1046cc753aa5a0824

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
x-correlation-id: 2cdd1c6eb222ec9b911ce2a082f83c34
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
content-encoding: gzip
x-proxy-cache: MISS

GET
H2 200 viber-f.svg
vsim.ua/bundles/twentyminutuamain/img/ 3 KB
3 KB 181ms
180ms Image
image/svg+xml 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/bundles/twentyminutuamain/img/viber-f.svg
Requested by: Host: vsim.ua
URL: https://vsim.ua/css/3831ad9.css?73e4da98
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: e51999eebc0b9e4ac7b5387bf86f7c05970eb7b77df960003955d399e232c5c1

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/css/3831ad9.css?73e4da98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: nginx
etag: "5e4d36b1-bff"
content-type: image/svg+xml
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 3071
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 g_n_icon.svg
vsim.ua/bundles/twentyminutuamain/img/ 1 KB
1 KB 181ms
181ms Image
image/svg+xml 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/bundles/twentyminutuamain/img/g_n_icon.svg
Requested by: Host: vsim.ua
URL: https://vsim.ua/css/3831ad9.css?73e4da98
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: e98501745c1500c02ede59eb329ac24f220509633741250b371199ecc9020ea8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/css/3831ad9.css?73e4da98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: nginx
etag: "5e4d36b1-478"
content-type: image/svg+xml
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 1144
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 telegram-f.png
vsim.ua/bundles/twentyminutuamain/img/ 548 B
724 B 182ms
181ms Image
image/png 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/bundles/twentyminutuamain/img/telegram-f.png
Requested by: Host: vsim.ua
URL: https://vsim.ua/css/3831ad9.css?73e4da98
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: fa058ce5fd598607573ff9194857267322682a83b3547840b211bce2ef4bd5c0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/css/3831ad9.css?73e4da98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: nginx
etag: "5e4d36b1-224"
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 548
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 iframe Show response
vsim.ua/site_login/ Frame C506 5 KB
1 KB 220ms
219ms Document
text/html 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/site_login/iframe
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 65807d3cd98d4d6ddb468c2c1be8e292aec87b9385bfb84598e303e6ee88988a

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-cache, private
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 19 May 2022 08:44:34 GMT
server: nginx
vary: Accept-Encoding
x-cache: BYPASS
x-dev: Desktop
x-stat: 1

GET
H2 200 / Show response
id.gravitec.net/ Frame 0275 621 B
699 B 274ms
39ms Document
text/html 2a02:6ea0:c700::16
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://id.gravitec.net/
Requested by: Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/d9345397765ace7e36f5036f718db82e/client.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::16 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9d1cb86ec27e86dfdefab39206fb510070d00b81d91f11ddc6720e3c62629d32

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=315360000 public
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 19 May 2022 08:44:34 GMT
etag: W/"5e9485b6-26d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 13 Apr 2020 15:31:02 GMT
pragma: public
server: CDN77-Turbo
x-77-cache: HIT
x-77-nzt: AcO1rw5B6Gf/ORIVAA
x-77-nzt-ray: kQw28JWU6a0
x-77-pop: frankfurtDE
x-accel-expires: @1966928953
x-age: 1380921
x-cache: HIT

GET
H2 200 sdk.js Show response
connect.facebook.net/uk_UA/ 292 KB
83 KB 41ms
40ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/uk_UA/sdk.js?hash=49185baa79f95883eff9d16fa18a326e

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/uk_UA/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e2b7b9272f1017729c3e558079374c7e3b8cee5e47d5115b0a52544e41fccf8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://vsim.ua/
Origin: https://vsim.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: GAq4H8+x+/Th89gpXdcioA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 85096
x-fb-rlafr: 0
x-fb-debug: bTgdk1LqN1w6+6DgnfW6t7HnGZRCKflhOMix3hSyCRfI/XcRJgIhQVHtyOCiJTBv8qFNEHol3C1qVMWBZRl6uA==
x-fb-trip-id: 2050670934
x-fb-content-md5: 7eac065f291e8b5b41275154335d2fe9
x-frame-options: DENY
date: Thu, 19 May 2022 08:44:34 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "45dfb5613f6e03a38ccffe6d2dd5708e"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 19 May 2023 04:59:33 GMT

GET
H2 200 506134916849111 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 41ms
40ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/506134916849111?v=2.9.60&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7379d47cbf147b3d98794cfc82cbe49bc0bff579e48af5de2c3370f7df1192fe

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 88867
x-xss-protection: 0
pragma: public
x-fb-debug: Sq1rI6QxpYYtzE0AuinM9uKQAtnPYD7bUKrYu95Avkv3h//wJzLw9RQhYoZuCtQwNvNy9GBppk2oWVmftAONRg==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Thu, 19 May 2022 08:44:34 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 track.min.js Show response
cdn.gravitec.media/ 4 KB
2 KB 102ms
28ms Script
application/javascript 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.media/track.min.js
Requested by: Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/d9345397765ace7e36f5036f718db82e/client.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 7d55d36ab7029a3ac11096692671cdfc36fa8446e8cf7584fc23de06074b0f85

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
last-modified: Wed, 27 Nov 2019 14:51:46 GMT
server: nginx/1.18.0
etag: W/"5dde8d82-11d5"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 17 Aug 2022 08:44:34 GMT
cache-control: max-age=7776000
x-proxy-cache: HIT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 3 B
456 B 163ms
48ms XHR
application/json 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://vsim.ua
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

GET
H2 200 hbw_master_306660_6693.js Show response
player.adtelligent.com/prebidlink/459152/ 190 KB
32 KB 31ms
31ms Script
application/javascript 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/459152/hbw_master_306660_6693.js
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/wrapper_hb_306660_6693.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 818bf842cf97d4f34b69c7713391a957dcd7d093b48b27c47ad286657e68c319

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
last-modified: Wed, 18 May 2022 21:47:15 GMT
server: nginx
etag: W/"62856963-2f67d"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 21 May 2022 08:44:34 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
68 KB 136ms
55ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0CS1NTGGLB&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TST74WS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3edf37b09fb42709603ac5c23b5377ad1ff8e4dc92cb71fb8004c883176fd803

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69727
x-xss-protection: 0
expires: Thu, 19 May 2022 08:44:34 GMT

GET
H3 200 pubads_impl_2022051601.js Show response
securepubads.g.doubleclick.net/gpt/ 369 KB
125 KB 123ms
41ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

sffe /

Resource Hash

65ac8994c1c17920b580a1d55d69bd021a3f35fba06c228f47733751a18d2a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:18:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1584
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127938
x-xss-protection: 0
last-modified: Mon, 16 May 2022 08:38:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 19 May 2023 08:18:10 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 104 B
115 B 132ms
50ms XHR
application/json 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=vsim.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

5ee58d63b466de0f67a216954ad930f8cfa99fcb23b97c3c27e9c714520d2fa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 90
x-xss-protection: 0
expires: Thu, 19 May 2022 08:44:34 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
413 B 122ms
41ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=506134916849111&ev=PageView&dl=https%3A%2F%2Fvsim.ua%2F&rl=&if=false&ts=1652949874237&sw=1600&sh=1200&v=2.9.60&r=stable&ec=0&o=30&fbp=fb.1.1652949874236.85221478&it=1652949874114&coo=false&rqm=GET

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 19 May 2022 08:44:34 GMT

GET
H2 201 track
api.gravitec.media/api/stats/ 0
0 129ms
36ms Fetch 52.174.47.89
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.gravitec.media/api/stats/track?app_key=d9345397765ace7e36f5036f718db82e&user_id=06ea298b-7ee1-415f-93f2-4b49eabaef98&utmb=b7cccfcc-7b14-42ba-9fc1-ce569da0432d&path=https%3A%2F%2Fvsim.ua%2F&referrer=

Requested by

Host: cdn.gravitec.media
URL: https://cdn.gravitec.media/track.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.174.47.89 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1 ; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:34 GMT
x-correlation-id: 1750af19970736c68c2a7edd55543017
x-content-type-options: nosniff
server: nginx
x-frame-options: DENY
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length: 0
x-xss-protection: 1 ; mode=block
referrer-policy: no-referrer
expires: 0

GET
H2 200 /
www.facebook.com/tr/ 44 B
214 B 107ms
42ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=178301089580185&ev=fb_page_view&dl=https%3A%2F%2Fvsim.ua%2F&rl=&if=false&ts=1652949874252&sw=1600&sh=1200&at=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 19 May 2022 08:44:34 GMT

GET
DATA 200
OK truncated
/ 185 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a62693b523955f6ddca2965c2e8be1a7bcb1d41e6e98f6834abf23f0090bed6

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK / Show response
ghb.adtelligent.com/geo/ 151 B
414 B 200ms
52ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/geo/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hbw_master_306660_6693.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: f38ce7391432873bb0c5fb3213b9778672e660d94aeb1ede0ba5b59d2625305c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 19 May 2022 08:44:33 GMT
Server: Adtelligent
Content-Type: application/json
Access-Control-Allow-Origin: https://vsim.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 151

GET
H/1.1 200
OK tracking Show response
ghb.adtelligent.com/adunit/ 43 B
424 B 204ms
55ms XHR
image/gif 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/tracking?event=11&type=0&client_id=306660&site_id=6693&full_page_url=https%3A%2F%2Fvsim.ua%2F&adid=crodot.i1&features=16416&vpbv=N060&lifecycle_tte=1661
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hbw_master_306660_6693.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 19 May 2022 08:44:33 GMT
Server: Adtelligent
Content-Type: image/gif
Access-Control-Allow-Origin: https://vsim.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 43

GET
H2 200 fc40332.css
vsim.ua/css/ Frame C506 177 KB
30 KB 88ms
88ms Stylesheet
text/css 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/css/fc40332.css?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/site_login/iframe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 270afa1b13087c609baef1d8a4f7652ac5be30b175ff7f78822f8a2d9be5dee1

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/site_login/iframe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
last-modified: Wed, 18 May 2022 11:21:55 GMT
server: nginx
etag: W/"6284d6d3-2c584"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 dba7e9c.js Show response
vsim.ua/js/ Frame C506 246 KB
71 KB 99ms
98ms Script
application/javascript 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/js/dba7e9c.js?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/site_login/iframe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 14e4699a9706867363ccdfcc60f64545b6529ff6eb4ce7b0072183b2acb20816

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/site_login/iframe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
last-modified: Wed, 18 May 2022 11:21:58 GMT
server: nginx
etag: W/"6284d6d6-3d641"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 128ms
47ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1915157272&t=pageview&_s=1&dl=https%3A%2F%2Fvsim.ua%2F&ul=en-us&de=UTF-8&dt=%D0%92%D1%81%D1%96%D0%BC%20-%20%D0%9D%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%A5%D0%BC%D0%B5%D0%BB%D1%8C%D0%BD%D0%B8%D1%86%D1%8C%D0%BA%D0%BE%D0%B3%D0%BE&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAQCAC~&jid=620579300&gjid=1926442567&cid=1381145664.1652949874&tid=UA-43975937-2&_gid=753912524.1652949874&_r=1&_slc=1&cd1=NotAuthorizedUser&z=1420426243

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 9295b7840c7ba522298fe84eb0702de2b3b5d488.webp
vsim.ua/img/cache/news_rtp_large/news/0027/45/ 27 KB
27 KB 89ms
89ms Image
image/webp 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_large/news/0027/45/9295b7840c7ba522298fe84eb0702de2b3b5d488.webp?hash=2022-05-19-10-26-08
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: bc3e663c04457b01b6c7e1b312f78d1ef65fa48c26263e42ecd4969820b95e54

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Thu, 19 May 2022 08:04:40 GMT
server: nginx
accept-ranges: bytes
etag: "6285fa18-6cfe"
content-length: 27902
content-type: image/webp

GET
H2 200 1849e6a0cf6bcdd57e14961e1d77acb6e9b3c941.webp
vsim.ua/img/cache/news_rtp_large/news/0027/43/ 44 KB
44 KB 90ms
89ms Image
image/webp 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_large/news/0027/43/1849e6a0cf6bcdd57e14961e1d77acb6e9b3c941.webp?hash=2022-05-17-18-25-05
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 3ad0f2e6c3d471a65e17b9a6a7ed1b86dd843096660baec11ce2ba27914e8a3d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Tue, 17 May 2022 16:21:20 GMT
server: nginx
accept-ranges: bytes
etag: "6283cb80-ae0c"
content-length: 44556
content-type: image/webp

GET
H2 200 2643371-viyna-zabirae-naykraschih-na-shodi-zaginuli-troe-biytsiv-z-hmelnichchini.jpeg
vsim.ua/img/cache/news_rtp_large/news/0027/44/ 22 KB
22 KB 91ms
90ms Image
image/jpeg 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_large/news/0027/44/2643371-viyna-zabirae-naykraschih-na-shodi-zaginuli-troe-biytsiv-z-hmelnichchini.jpeg?hash=2022-05-18-08-46-59
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 7674f053b59fb4b16609b643eb244e9be19901123383a7f41909c8bdae1fffb8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Wed, 18 May 2022 07:13:15 GMT
server: nginx
accept-ranges: bytes
etag: "62849c8b-5680"
content-length: 22144
content-type: image/jpeg

GET
H2 200 2642553-zaginuv-prikordonnik-z-hmelnichchini-denis-dmetretskiy.jpeg
vsim.ua/img/cache/news_rtp_large/news/0027/43/ 14 KB
14 KB 91ms
90ms Image
image/jpeg 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_large/news/0027/43/2642553-zaginuv-prikordonnik-z-hmelnichchini-denis-dmetretskiy.jpeg?hash=2022-05-17-13-46-10
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 76f10504ce520bf48b39afca88dc6ff8cc5c5cbe7dc08c6bf76ee9e31fd82d63

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
last-modified: Tue, 17 May 2022 11:06:26 GMT
server: nginx
accept-ranges: bytes
etag: "628381b2-368e"
content-length: 13966
content-type: image/jpeg

OPTIONS
H2 200 pageview
tracker_beam.20minut.ua/track/ Frame 0
0 246ms
78ms Preflight 31.41.216.82
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tracker_beam.20minut.ua/track/pageview
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.216.82 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://vsim.ua
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-origin: https://vsim.ua
access-control-max-age: 3600
content-length: 0
date: Thu, 19 May 2022 08:44:34 GMT
server: nginx/1.16.1

POST
H2 202 pageview Show response
tracker_beam.20minut.ua/track/ 0
136 B 79ms
78ms XHR
text/plain 31.41.216.82
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tracker_beam.20minut.ua/track/pageview
Requested by: Host: vsim.ua
URL: https://vsim.ua/bundles/twentyminutuapaywall/js/remplib.js?73e4da98
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.216.82 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://vsim.ua
date: Thu, 19 May 2022 08:44:34 GMT
access-control-allow-credentials: false
server: nginx/1.16.1
content-length: 0
access-control-max-age: 3600

POST
H2 204 collect
analytics.google.com/g/ 0
164 B 47ms
46ms Ping
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-0CS1NTGGLB&gtm=2oe5b0&_p=1915157272&_z=ccd.tbB&_gaz=1&cid=1381145664.1652949874&ul=en-us&sr=1600x1200&_s=1&sid=1652949874&sct=1&seg=0&dl=https%3A%2F%2Fvsim.ua%2F&dt=%D0%92%D1%81%D1%96%D0%BC%20-%20%D0%9D%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%A5%D0%BC%D0%B5%D0%BB%D1%8C%D0%BD%D0%B8%D1%86%D1%8C%D0%BA%D0%BE%D0%B3%D0%BE&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0CS1NTGGLB&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
57 B 107ms
36ms Ping
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-0CS1NTGGLB&cid=1381145664.1652949874&gtm=2oe5b0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0CS1NTGGLB&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
502 B 157ms
67ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-0CS1NTGGLB&cid=1381145664.1652949874&gtm=2oe5b0&aip=1&z=917054576

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 config.json Show response
player.adtelligent.com/exchange_rates/306633/ 2 KB
1 KB 83ms
27ms XHR
application/json 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/exchange_rates/306633/config.json?cb=https%3A%2F%2Fvsim.ua%2F
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hb_306660_6693.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 14bc39992af81455e79ae64d1f18aaf5e686a71abeb36a67c2ed8a0d72d237f4

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
last-modified: Wed, 18 May 2022 00:02:16 GMT
server: nginx
etag: W/"62843788-8f8"
content-type: application/json
access-control-allow-origin: https://vsim.ua
expires: Sat, 21 May 2022 08:44:34 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
434 B 65ms
35ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-43975937-2&cid=1381145664.1652949874&jid=620579300&gjid=1926442567&_gid=753912524.1652949874&_u=YEBAAEAAAAQCAC~&z=1456659713

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 19 May 2022 08:44:34 GMT
content-type: text/plain
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
793 B 138ms
50ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=vsim.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
550 B 139ms
50ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=vsim.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
8 KB 407ms
407ms XHR
text/plain 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=675877923270752&correlator=399501837421319&eid=31067627%2C31067636%2C31065401&output=ldjh&gdfp_req=1&vrg=2022051601&ptt=17&impl=fifs&iu_parts=45035109%2Cvsim_main_(300x250)&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x400&ifi=1&adks=978356717&sfv=1-0-38&ecs=20220519&fsapi=false&prev_scp=excl_cat%3DPREPOST&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1652949874490&lmt=1652949874&dlt=1652949873726&idt=728&biw=1600&bih=1200&adxs=1092&adys=228&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fvsim.ua%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&fws=4&ohw=300&ga_vid=1381145664.1652949874&ga_sid=1652949874&ga_hid=1915157272&ga_fc=true&btvi=0&topics=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

f6d1d4579c1f95c98b7d9a09e3fdc5b39489e01c57551640a15a3dc5517626c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8200
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FCC0 6 KB
4 KB 151ms
48ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:34 GMT
expires: Fri, 19 May 2023 08:44:34 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200
OK / Show response
ghb.adtelligent.com/v2/auction/ 2 KB
666 B 57ms
57ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/v2/auction/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hb_306660_6693.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 8977214b71e8dabd6c4fa6e5279934952253435fbed6e2f1c0c9bd1e5ebd2dee

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 19 May 2022 08:44:33 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://vsim.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 364

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
111 B 428ms
226ms XHR
text/plain 104.36.115.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hb_306660_6693.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://vsim.ua
date: Thu, 19 May 2022 08:44:33 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
169 B 190ms
69ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hb_306660_6693.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://vsim.ua
date: Thu, 19 May 2022 08:44:34 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 arj Show response
adtelligent-d.openx.net/w/1.0/ 73 B
374 B 106ms
42ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adtelligent-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fvsim.ua%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=9b5d3a03-3da0-41f2-b8ca-6357de8cf614%2Cf44b183f-9a09-483b-a19e-72dc58308587%2Cea8d45c0-6b50-420a-91b6-e389843aab59&nocache=1652949874539&pubcid=b510f659-ef44-4219-a70f-c36b2409c207&schain=1.0%2C1!adtelligent.com%2C306660%2C1%2C%2C%2C&aus=1200x250%2C1200x400%7C1200x250%2C1200x400%7C1200x250%2C1200x400&divids=div-gpt-ad-1632837984961-0%2Cdiv-gpt-ad-1632838225160-0%2Cdiv-gpt-ad-1632838267602-0&aucs=%252F45035109%252F20minut_news8(1200x250)%2523div-gpt-ad-1632837984961-0%2C%252F45035109%252F20minut_news9(1200x250)%2523div-gpt-ad-1632838225160-0%2C%252F45035109%252F20minut_news10(1200x250)%2523div-gpt-ad-1632838267602-0&auid=541177132%2C541177132%2C541177132
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hb_306660_6693.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 455899bd49233704c86395d399949322bc482fb0a71a390940b80a806914f7d5

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:34 GMT
content-encoding: gzip
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://vsim.ua
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 379 B
1 KB 252ms
163ms XHR
application/json 37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hb_306660_6693.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

47002fd3e92215dc6f0048d84786de980335e02e8074248194ed138e51ca3c56

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:34 GMT
X-Proxy-Origin: 217.138.196.105; 217.138.196.105; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: f643ae0f-e718-4863-8029-eb0493392a68
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://vsim.ua
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 379
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

ROS Show response
pbjs.e-planning.net/hb/1/2e43c/1/vsim.ua/
Redirect Chain

https://pbjs.e-planning.net/pbjs/1/2e43c/1/vsim.ua/ROS?rnd=0.9361004784805287&e=1200x250_0%3A1200x250%2C1200x400%2B1200x250_1%3A1200x250%2C1200x400%2B1200x250_2%3A1200x250%2C1200x400&ur=https%3A%2F...
https://pbjs.e-planning.net/hb/1/2e43c/1/vsim.ua/ROS?ct=1&r=pbjs&rnd=0.9361004784805287&e=1200x250_0%3A1200x250%2C1200x400%2B1200x250_1%3A1200x250%2C1200x400%2B1200x250_2%3A1200x250%2C1200x400&ur=h...

415 B
827 B

36ms
35ms

XHR
application/json

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pbjs.e-planning.net/hb/1/2e43c/1/vsim.ua/ROS?ct=1&r=pbjs&rnd=0.9361004784805287&e=1200x250_0%3A1200x250%2C1200x400%2B1200x250_1%3A1200x250%2C1200x400%2B1200x250_2%3A1200x250%2C1200x400&ur=https%3A%2F%2Fvsim.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fvsim.ua%2F&e_pubcid=b510f659-ef44-4219-a70f-c36b2409c207
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Server: 5.178.65.245 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 37593767f544317c9c3e032830d3ee92b32efb73404c3f6cee45c97690ec5acd

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:34 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://vsim.ua
expires: Thu, 19 May 2022 08:44:34 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 415
x-sid: AMS-602

Redirect headers

date: Thu, 19 May 2022 08:44:34 GMT
server: openresty
location: /hb/1/2e43c/1/vsim.ua/ROS?ct=1&r=pbjs&rnd=0.9361004784805287&e=1200x250_0%3A1200x250%2C1200x400%2B1200x250_1%3A1200x250%2C1200x400%2B1200x250_2%3A1200x250%2C1200x400&ur=https%3A%2F%2Fvsim.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fvsim.ua%2F&e_pubcid=b510f659-ef44-4219-a70f-c36b2409c207
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://vsim.ua
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-602

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
55 B 480ms
286ms XHR
text/plain 104.36.115.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hb_306660_6693.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://vsim.ua
date: Thu, 19 May 2022 08:44:34 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 377 B
1 KB 376ms
289ms XHR
application/json 37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hb_306660_6693.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

bb8633b051440ef4e2ff524c488cd4e4659c1e8fdf81afa3caa1808a7a2180b5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:34 GMT
X-Proxy-Origin: 217.138.196.105; 217.138.196.105; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: e6b72772-8b38-43fb-b9b2-99683b5bd0bc
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://vsim.ua
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 377
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
328 B 194ms
54ms XHR
application/json 23.32.59.34
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=356568&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2243e6de168ab5762%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fvsim.ua%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0-pre%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%224494b9a4091e8f3%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A1200%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%221200x250%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%22%2F45035109%2F20minut_news8(1200x250)%23div-gpt-ad-1632837984961-0%22%7D%7D%2C%7B%22id%22%3A%22451458e6cc7edab%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A1200%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%221200x250%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%22%2F45035109%2F20minut_news9(1200x250)%23div-gpt-ad-1632838225160-0%22%7D%7D%2C%7B%22id%22%3A%2246c9d5989269344%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A1200%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%221200x250%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%22%2F45035109%2F20minut_news10(1200x250)%23div-gpt-ad-1632838267602-0%22%7D%7D%5D%2C%22at%22%3A1%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22b510f659-ef44-4219-a70f-c36b2409c207%22%7D%5D%7D%5D%7D%7D
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hb_306660_6693.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-59-34.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a94d8c0bf7975d1691e8d89713ad936f9a18bb8f0f2b0a3bca3464ddc6e51b3c

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:34 GMT
x-ak-initial-geo: CC:[GB], RC:[EN], CN:[EU], CIP:[217.138.196.105], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://vsim.ua
x-cs-client-geo: 27
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 27
expires: Thu, 19 May 2022 08:44:34 GMT

GET
H/1.1 200
OK csyncs Show response
ghb.adtelligent.com/ 302 B
526 B 99ms
55ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/csyncs?aid1=517710&aid2=517711&aid3=undefined
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hbw_master_306660_6693.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 67656b202a63c834a0a072643bad67ecd2b25edf681a8ec7e762d734af2a14fb

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 19 May 2022 08:44:33 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://vsim.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 224

GET
H/1.1

200
OK

csync
sync.adtelligent.com/
Redirect Chain

https://a4p.adpartner.pro/ssp/match?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307558%26extuid%3D%7Buser_id%7D
https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=5a33ee0d-75be-4bbc-aaaa-b155c60e1b76

0
407 B

790ms
296ms

Image
text/plain

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=5a33ee0d-75be-4bbc-aaaa-b155c60e1b76
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: HTTP/1.1
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 19 May 2022 08:44:35 GMT
Server: VertaMedia 1.0
Etag: aadb9d2efc2c7440
Content-Length: 0

Redirect headers

location: https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=5a33ee0d-75be-4bbc-aaaa-b155c60e1b76
date: Thu, 19 May 2022 08:44:34 GMT
cache-control: no-store no-transform
server: nginx
content-length: 166
content-type: text/html; charset=utf-8

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 03A5 0
17 B 81ms
39ms Document
text/plain 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://vsim.ua
Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://vsim.ua
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:34 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 container.html Show response
9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2F78 6 KB
3 KB 124ms
41ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:34 GMT
expires: Fri, 19 May 2023 08:44:34 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
122 B 135ms
49ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=vsim.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 135ms
52ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=vsim.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 55 KB
20 KB 671ms
671ms XHR
text/plain 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=675877923270752&correlator=2177739105253018&eid=31067627%2C31067636%2C31065401&output=ldjh&gdfp_req=1&vrg=2022051601&ptt=17&impl=fifs&iu_parts=45035109%2C20minut_news8(1200x250)%2C20minut_news9(1200x250)%2C20minut_news10(1200x250)&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=1200x250%7C1200x400%2C1200x250%7C1200x400%2C1200x250%7C1200x400&ifi=2&adks=2483578089%2C4059114074%2C1842437250&sfv=1-0-38&ecs=20220519&fsapi=false&prev_scp=city_20minut%3Dkhmelnytskyi%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7Ccity_20minut%3Dkhmelnytskyi%26hb_rfBid%3D0%26excl_cat%3DPREPOST%7Ccity_20minut%3Dkhmelnytskyi%26hb_rfBid%3D0%26excl_cat%3DPREPOST&eri=1&sc=1&cookie=ID%3Dbdc06791f94c1f56-22acf71499cd00a9%3AT%3D1652949874%3AS%3DALNI_MZayslYvEA3OfusxLNSkHFILvfKwg&abxe=1&dt=1652949875034&lmt=1652949875&dlt=1652949873726&idt=728&biw=1600&bih=1200&adxs=204%2C204%2C204&adys=1056%2C3264%2C4265&ucis=2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fvsim.ua%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1192x250%7C1192x250%7C1192x250&msz=1200x250%7C1200x250%7C1200x250&fws=4%2C4%2C4&ohw=1192%2C1192%2C1192&ga_vid=1381145664.1652949874&ga_sid=1652949874&ga_hid=1915157272&ga_fc=true&btvi=0%7C1%7C2&topics=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

4da109652beb80164727827c8876b26b430623a344908162f4fbfd4133e589bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20534
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7593 624 B
977 B 142ms
52ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNqH3pMDEJGuvpoDGNyOpMgBMAE&v=APEucNWrh7HNOTkw-wOZI8yTRBSoUpEVio9Rl2cY2o7aGKkHqlZXzR_WnBZbJ8kvh52x30rRsmJtIaZ5p5KAZ_kJ3-qDV72asBHrrLiJVuy5Wrmi5J-Oh4M0wq0V9J0hdbjaTpMo5iIgVP_p94alI-NlVa88KmmxW4qRHU8XyBobtbN4Vq65Ylo

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:35 GMT
expires: Thu, 19 May 2022 08:44:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2F78 89 KB
35 KB 164ms
76ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DO2koYHJrLzsuQ1Ir5Si0bxkIBHAVT8dH60Rzf6HKZgAE4X3dAwnU_hcPYmaZRhETlTgxoG5jPMWyTNLqPaKKrQCIiWwP9CGaX9ohIGomdewWcMLkloEM5BLF7CoyixDGz28zKybbd-KyRWZRU2v5all0hHg&dbm_d=AKAmf-ADtCKd70puqPdx3h664EGJGeCYw9teX94LeZKv-KZ0_gwLIXuNtY-icfv6XAUU5P3uS3Wgc0c3PtYltzkzOMiqlPVebLGcDR1TEpf12WBsUBsh3gLt-xvU1SAVlLxbfiSVUw2q3rDZilLbTfVdxFZD13U2GppCPLeBTQA9gD0qtNOkkhBE6NM1Pbwwqx6_uFnFxnAHvrww7wRXaaKZWFFb4z4ijjzgPceQ04F_M26Y_MxFkCKNWbV0ILKA1pWJ1cGpOmGGXyAiPEeC0aBv1IUoe0ZGEAL6q2d7AS5_-HSCwliq6cNnl8by2aM_SlvbgZCGuneoQ76Ctu6BXJ9JI98L00ThhAm5gGnXID1T3OwnAtyGRyJEZbuVGMhVQWfJr0LBqz5U9I_WkukyPNH_p71Ogly9_DGW3KGEBSTs1Am1nUTyMYuOKaGG_c5nKrB_IOSy7mhNKxb_VK22-iM3PVnOAYq5R6zwXEywpNUv1cKLK-lPYaduFlgCJD59fllYPYMNiMQHl-oqFTJVXecX8KsOKINejrhyLRZp1AUEVk-__mw_QZRl4i7RB7nV140ytmpXxjhTbC7K1qSSaCos3A20yePEOSE2Ms6RJAqvkgkmWQKI_Z3_qBHfZ1x3bgMExWqQMyClw-uFm6v7lkfqDismrtkUdYpF6YX2v4osyV_et__C40BhmVHMT7UVVaWoNMnHPax47sarpdugUk_QQbfq6fDu_dc_3uFaubEZLFkIpQ4zIfYJk4tHxjAnwPClUTv4OsVe0StHMagdB3pZJT0t-DuiEAPM__PSxuXTcHuADdzR4TbfvpY1pVSbRwG3KVG6ORwzgT1LQC5WjF41LU44KACMLpT955zTRvvgk3htOUc5XKSo9JObzhNnEbHmIK_CIA5dz37lKfXXQC1ZMjUl5ncAWAGn0GxuyeA0o1t4zKnG6rnvQqEH-f72B52wFYzvlIKwXm8h5_TCA4e5hw5cKvKbjp2oa01ydss_zUE3nrEaMWJRmKbc3baG46b0IasnkqpenZ_kUFelC9GAMLUxeZYvHNPxfYeQJfvHFOEU3uY1CtTXMKhMOEz2FvK3Yi40Us_LV16f7FNoV-i6PMduwvbYntAwiasjXvxI5aL61bsOVkuWj0kPkJ43JDgXkH_DDMslF5AxN3Sqocn2eYzINkysntQbjjPLI_95pbw8JT_dGzhdt1bO2NiuvhmwdU6zHaoq0hyhv8bKJZUt-fOij6SFE4AIdcEUTd5STJixsmtVyXdDkiaigk68cpRFBJBzIX_sV0tklGdHg4Qy9TQzIyMLbTlHgUm81oyV4b3gTyZhQaqASPI9aKUUdyzmh6ftdBcZRHOoNkrUFRAu7tmdsKXHPypJv-RW9C_x-w2J3LpAKBdt1G6HUgjG3mauUmE3lHUrBbcVGsAlXztLJUzArTz8gknzzEQxdbNMSr3hZ69XfZhbg9KKuRYwYvKXgdPUCNyLYjx3Uk60y1_MSwOc-qPY9hwNzebtPQivXCPvtpZCpqGVcuOrWmpYfORO4GhgoNCC7uJFr_Kv5VkHAxXtF7JRvfeC7jyMB9uzCL7U7vVaaDI-lAbHCPblG_em9atXjRZ-3PppRKRT0zJ9wBUMmAXyAe7Gii0k02CD9LcQ3bC2-2UvlN2y0QMIgdxJyyBY5VxD6VNJ4hfaDeEgduFOZhHf36qMSoaNhiiffr3dzkDk6YVZr6aR41SjfMFrNqk6WuvymxHrq06GUb7lbn_GS09opix7ePbRspJGtjrz5NfrTXQ4dlnXBLKuUXVcIyblL7uVo0suv-y34yFOuJwfNwIdc_HcK4LFGrpX6OAG7Cnmi3NUJGIBdTnNK3FmXJo4xRdMdhvEhvt7zwE31lAgoVyLRf74l2GgAkjiQhHWKFS7A9Er09ALeEhjlRgz5XUlB1PVVNom8dEYclF0bi8go9R4_ZHrQrYZx5MHXhkN9AJR56XT0nPzaxSCEDbtoQID3LHEKiyuxPa2uzzPwPQxCRKeoJIDTrtE4UUPO7oeJnYAWuj7r3Mk4R9qEXwrSxK-uySlJQTidTNK1bGDsgEMsChSpHYd-TkEpRsCBJDZCl2v2hLh5xFcLGVW-R7HtKrpc-UwWhUbEx-apUVz0KpdgXO6RnGlsXtqMZHrTNWFWdbUEDVi4MH3W_k0kvxcFTOuqjjIv2V_deCZq9ixJbsUxdFbvTpi3VpABtDL2Rz--Pj4xXfx4sPg1jEHYjexCaze69JSiX9-lho_wgQ7KzI9MWaICXaYecFkRs1UO3tCoECD8TLrnJ4ZMZusl0ihdXJtfu_v6FdzDeZjQ1iDf8tgTX9semmz1eEKIN-UgNLrj8aEStKlSTQ_tkOaOeo7TeBBaXFMslV7aXMPGO5aUsejE1GKAiFu2F_4pmQ7TOl1sGJBH6MNjC0ktEobMbQI0dZhrWmPKkeP0g7R17P5QhVKPZotNmY4bv9e_uWj0foJw-Yb6rx41m0IU4HRpttBGz6F5IHI6iBIcC3RAwGppBx5SMvhA0UDvVIpPfVYfUXfmHqI9wYbefyeZjN7pYB1nzWEnMDPib_KGEdEhd9X942GmcegH_0ilmpnHdxGDJanRut7oNgDr5U8m7HxH9fMOJgZu6-RVcxJR6bWqkVk-WfYbXipCk-X83jiPGnBhgPMQk8VPrn5Nv8GWgUnPxfnBOoo4pCEarTqJaZ2NriJ4j787m5vAc0LA2E480vVVq78AeQub8HYvp-OYtTla32gIQowDg9Y-Ya6u6K25elf-hubIClNSlvuNM41mOkQtsXzuXg_GMsqBvVN0BglNdAxFyryBDtAJuofHu8hQVi93G7RFnCYIlVLUF9984NgH-Jitf2YJcI6E0M9T3z8UJl9xe3yT7smeNzKf_mYPTrKfco8YSOhXxZRxHxjH77S4DxOiZczgb-Qbsy9DE9HraYgjscIDwGdF6dConoOw9NZiqWafx0raoPWdfrzkpQXEAwvpMqJ1TOPmO4P8MTJ7NKHwCgkSEoBZsB-Qf7bPDbkNqUQqlGJb5Xmk-e4Xj_BW03l_ysPDwsTfNTWps1MASJpX4D4T14K1QIMcFYu42QYlYhmmNiKLfQOlPjOV68RDDsvUqpCRQjmfAYbb95MIIL2x2tOkp9SfIr22ZHmYDSqBABshUrXkCrWUyrtGOaErV0SYdWiThU-qasG_4Zz2_qIZmtkD5wp7gywtfFx2C6g5pSiK9pNmv_kHHWdevMQQfwIyPmOpnJHnHUAAcxRK0CljLC4r8GrCFhT_dQ7FM6DhZfY8cYgtPzQji11vPYCnf7YDtyiy4m7qnT_n-UMVcLXITxVY2Fev1UL9Sz-tF642n6ND-jSjJoGO4bkCkWh9pHXsoEvTkwEhZLvj5cWiCOHEv6KGe_NS3Sugqf55Q_AWDsg7HEbVDbcTJOThO4smuSTDFziL7jkO7ORw-QptfWWpUF70SYH&cid=CAASKORop39g3_v0y4tqIKS0XerAYMAOxYdC9Zd-3709TuAw1wXpFY09F5w&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a36bfd3fedc4de53ba1257df64af6651b37393ea12bc3311194de3182cd392c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35580
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2F78 42 B
495 B 167ms
74ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AsQYbaepYLW6gRDpFJ2VwTLYi4_ZuTOWH0XV2H2afdvc82rhWjmo32LJ7lMIhuZOYGiftUODuGBD1bQCS6GRsgmfFaUAUMpi776pdtCvExohOPq0M

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/ Frame 2F78 3 KB
1 KB 132ms
42ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/window_focus_fy2019.js

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 294
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:39:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2F78 135 KB
42 KB 216ms
125ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35d962f44b1208c783395315f2793914f30a7df4aed795e62885e30675532830

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42375
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652873336749811"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 19 May 2022 08:44:35 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/ Frame 2F78 16 KB
7 KB 128ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0351eef55e48244d3adae2b701dc82e6696074e872889aa2b4587448a2339671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:40:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
server: cafe
etag: 17289513661582941094
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:40:39 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2F78 0
0 140ms
48ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQRGcKoK-HmsTI7E3XhE92TqEVyT-kbZi5xTu3PwcSRpKv_-SLPneQYKUUHmVzicfYu7DCtdEAN02rCuwkHNr8uqHnA3Q
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7593
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHf2ZOmmg2uYfPrdH3E_ok&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHf2ZOmmg2uYfPrdH3E_ok&google_cver=1&C=1

43 B
1012 B

71ms
71ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHf2ZOmmg2uYfPrdH3E_ok&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNqH3pMDEJGuvpoDGNyOpMgBMAE&v=APEucNWrh7HNOTkw-wOZI8yTRBSoUpEVio9Rl2cY2o7aGKkHqlZXzR_WnBZbJ8kvh52x30rRsmJtIaZ5p5KAZ_kJ3-qDV72asBHrrLiJVuy5Wrmi5J-Oh4M0wq0V9J0hdbjaTpMo5iIgVP_p94alI-NlVa88KmmxW4qRHU8XyBobtbN4Vq65Ylo
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 19 May 2022 08:44:35 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:35 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHf2ZOmmg2uYfPrdH3E_ok&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Thu, 19 May 2022 08:44:35 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7593
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YoYDcxqPrMDw1RIyk5IoYAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAsm4sFs3Mzrn5zXYxQnEB8&google_cver=1

43 B
892 B

54ms
54ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAsm4sFs3Mzrn5zXYxQnEB8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNqH3pMDEJGuvpoDGNyOpMgBMAE&v=APEucNWrh7HNOTkw-wOZI8yTRBSoUpEVio9Rl2cY2o7aGKkHqlZXzR_WnBZbJ8kvh52x30rRsmJtIaZ5p5KAZ_kJ3-qDV72asBHrrLiJVuy5Wrmi5J-Oh4M0wq0V9J0hdbjaTpMo5iIgVP_p94alI-NlVa88KmmxW4qRHU8XyBobtbN4Vq65Ylo
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 19 May 2022 08:44:35 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAsm4sFs3Mzrn5zXYxQnEB8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 7593
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEN-5-WGsFl6fxwieejyw2xY&google_cver=1

43 B
1020 B

40ms
40ms

Image
image/gif

37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEN-5-WGsFl6fxwieejyw2xY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNqH3pMDEJGuvpoDGNyOpMgBMAE&v=APEucNWrh7HNOTkw-wOZI8yTRBSoUpEVio9Rl2cY2o7aGKkHqlZXzR_WnBZbJ8kvh52x30rRsmJtIaZ5p5KAZ_kJ3-qDV72asBHrrLiJVuy5Wrmi5J-Oh4M0wq0V9J0hdbjaTpMo5iIgVP_p94alI-NlVa88KmmxW4qRHU8XyBobtbN4Vq65Ylo

Protocol

HTTP/1.1

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:35 GMT
X-Proxy-Origin: 217.138.196.105; 217.138.196.105; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: ea1ed3f2-a31d-4770-887a-39b47a5b74dc
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEN-5-WGsFl6fxwieejyw2xY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 7593
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D

170 B
244 B

127ms
51ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:35 GMT
X-Proxy-Origin: 217.138.196.105; 217.138.196.105; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 859c1d78-5809-448b-967f-bb792bbaec16
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1019383/62538988/ Frame 2F78 46 KB
12 KB 139ms
42ms Script
application/javascript 54.171.106.179
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1019383/62538988/skeleton.js
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.106.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-106-179.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d354dc3c7f109d586d212e930038bc915348b2d46e7cd49ddf23cd14ccb11c2c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 2F78 106 KB
38 KB 143ms
40ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Origin: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75363
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 11:48:32 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/elements/html/ Frame 2F78 8 KB
3 KB 131ms
48ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DO2koYHJrLzsuQ1Ir5Si0bxkIBHAVT8dH60Rzf6HKZgAE4X3dAwnU_hcPYmaZRhETlTgxoG5jPMWyTNLqPaKKrQCIiWwP9CGaX9ohIGomdewWcMLkloEM5BLF7CoyixDGz28zKybbd-KyRWZRU2v5all0hHg&dbm_d=AKAmf-ADtCKd70puqPdx3h664EGJGeCYw9teX94LeZKv-KZ0_gwLIXuNtY-icfv6XAUU5P3uS3Wgc0c3PtYltzkzOMiqlPVebLGcDR1TEpf12WBsUBsh3gLt-xvU1SAVlLxbfiSVUw2q3rDZilLbTfVdxFZD13U2GppCPLeBTQA9gD0qtNOkkhBE6NM1Pbwwqx6_uFnFxnAHvrww7wRXaaKZWFFb4z4ijjzgPceQ04F_M26Y_MxFkCKNWbV0ILKA1pWJ1cGpOmGGXyAiPEeC0aBv1IUoe0ZGEAL6q2d7AS5_-HSCwliq6cNnl8by2aM_SlvbgZCGuneoQ76Ctu6BXJ9JI98L00ThhAm5gGnXID1T3OwnAtyGRyJEZbuVGMhVQWfJr0LBqz5U9I_WkukyPNH_p71Ogly9_DGW3KGEBSTs1Am1nUTyMYuOKaGG_c5nKrB_IOSy7mhNKxb_VK22-iM3PVnOAYq5R6zwXEywpNUv1cKLK-lPYaduFlgCJD59fllYPYMNiMQHl-oqFTJVXecX8KsOKINejrhyLRZp1AUEVk-__mw_QZRl4i7RB7nV140ytmpXxjhTbC7K1qSSaCos3A20yePEOSE2Ms6RJAqvkgkmWQKI_Z3_qBHfZ1x3bgMExWqQMyClw-uFm6v7lkfqDismrtkUdYpF6YX2v4osyV_et__C40BhmVHMT7UVVaWoNMnHPax47sarpdugUk_QQbfq6fDu_dc_3uFaubEZLFkIpQ4zIfYJk4tHxjAnwPClUTv4OsVe0StHMagdB3pZJT0t-DuiEAPM__PSxuXTcHuADdzR4TbfvpY1pVSbRwG3KVG6ORwzgT1LQC5WjF41LU44KACMLpT955zTRvvgk3htOUc5XKSo9JObzhNnEbHmIK_CIA5dz37lKfXXQC1ZMjUl5ncAWAGn0GxuyeA0o1t4zKnG6rnvQqEH-f72B52wFYzvlIKwXm8h5_TCA4e5hw5cKvKbjp2oa01ydss_zUE3nrEaMWJRmKbc3baG46b0IasnkqpenZ_kUFelC9GAMLUxeZYvHNPxfYeQJfvHFOEU3uY1CtTXMKhMOEz2FvK3Yi40Us_LV16f7FNoV-i6PMduwvbYntAwiasjXvxI5aL61bsOVkuWj0kPkJ43JDgXkH_DDMslF5AxN3Sqocn2eYzINkysntQbjjPLI_95pbw8JT_dGzhdt1bO2NiuvhmwdU6zHaoq0hyhv8bKJZUt-fOij6SFE4AIdcEUTd5STJixsmtVyXdDkiaigk68cpRFBJBzIX_sV0tklGdHg4Qy9TQzIyMLbTlHgUm81oyV4b3gTyZhQaqASPI9aKUUdyzmh6ftdBcZRHOoNkrUFRAu7tmdsKXHPypJv-RW9C_x-w2J3LpAKBdt1G6HUgjG3mauUmE3lHUrBbcVGsAlXztLJUzArTz8gknzzEQxdbNMSr3hZ69XfZhbg9KKuRYwYvKXgdPUCNyLYjx3Uk60y1_MSwOc-qPY9hwNzebtPQivXCPvtpZCpqGVcuOrWmpYfORO4GhgoNCC7uJFr_Kv5VkHAxXtF7JRvfeC7jyMB9uzCL7U7vVaaDI-lAbHCPblG_em9atXjRZ-3PppRKRT0zJ9wBUMmAXyAe7Gii0k02CD9LcQ3bC2-2UvlN2y0QMIgdxJyyBY5VxD6VNJ4hfaDeEgduFOZhHf36qMSoaNhiiffr3dzkDk6YVZr6aR41SjfMFrNqk6WuvymxHrq06GUb7lbn_GS09opix7ePbRspJGtjrz5NfrTXQ4dlnXBLKuUXVcIyblL7uVo0suv-y34yFOuJwfNwIdc_HcK4LFGrpX6OAG7Cnmi3NUJGIBdTnNK3FmXJo4xRdMdhvEhvt7zwE31lAgoVyLRf74l2GgAkjiQhHWKFS7A9Er09ALeEhjlRgz5XUlB1PVVNom8dEYclF0bi8go9R4_ZHrQrYZx5MHXhkN9AJR56XT0nPzaxSCEDbtoQID3LHEKiyuxPa2uzzPwPQxCRKeoJIDTrtE4UUPO7oeJnYAWuj7r3Mk4R9qEXwrSxK-uySlJQTidTNK1bGDsgEMsChSpHYd-TkEpRsCBJDZCl2v2hLh5xFcLGVW-R7HtKrpc-UwWhUbEx-apUVz0KpdgXO6RnGlsXtqMZHrTNWFWdbUEDVi4MH3W_k0kvxcFTOuqjjIv2V_deCZq9ixJbsUxdFbvTpi3VpABtDL2Rz--Pj4xXfx4sPg1jEHYjexCaze69JSiX9-lho_wgQ7KzI9MWaICXaYecFkRs1UO3tCoECD8TLrnJ4ZMZusl0ihdXJtfu_v6FdzDeZjQ1iDf8tgTX9semmz1eEKIN-UgNLrj8aEStKlSTQ_tkOaOeo7TeBBaXFMslV7aXMPGO5aUsejE1GKAiFu2F_4pmQ7TOl1sGJBH6MNjC0ktEobMbQI0dZhrWmPKkeP0g7R17P5QhVKPZotNmY4bv9e_uWj0foJw-Yb6rx41m0IU4HRpttBGz6F5IHI6iBIcC3RAwGppBx5SMvhA0UDvVIpPfVYfUXfmHqI9wYbefyeZjN7pYB1nzWEnMDPib_KGEdEhd9X942GmcegH_0ilmpnHdxGDJanRut7oNgDr5U8m7HxH9fMOJgZu6-RVcxJR6bWqkVk-WfYbXipCk-X83jiPGnBhgPMQk8VPrn5Nv8GWgUnPxfnBOoo4pCEarTqJaZ2NriJ4j787m5vAc0LA2E480vVVq78AeQub8HYvp-OYtTla32gIQowDg9Y-Ya6u6K25elf-hubIClNSlvuNM41mOkQtsXzuXg_GMsqBvVN0BglNdAxFyryBDtAJuofHu8hQVi93G7RFnCYIlVLUF9984NgH-Jitf2YJcI6E0M9T3z8UJl9xe3yT7smeNzKf_mYPTrKfco8YSOhXxZRxHxjH77S4DxOiZczgb-Qbsy9DE9HraYgjscIDwGdF6dConoOw9NZiqWafx0raoPWdfrzkpQXEAwvpMqJ1TOPmO4P8MTJ7NKHwCgkSEoBZsB-Qf7bPDbkNqUQqlGJb5Xmk-e4Xj_BW03l_ysPDwsTfNTWps1MASJpX4D4T14K1QIMcFYu42QYlYhmmNiKLfQOlPjOV68RDDsvUqpCRQjmfAYbb95MIIL2x2tOkp9SfIr22ZHmYDSqBABshUrXkCrWUyrtGOaErV0SYdWiThU-qasG_4Zz2_qIZmtkD5wp7gywtfFx2C6g5pSiK9pNmv_kHHWdevMQQfwIyPmOpnJHnHUAAcxRK0CljLC4r8GrCFhT_dQ7FM6DhZfY8cYgtPzQji11vPYCnf7YDtyiy4m7qnT_n-UMVcLXITxVY2Fev1UL9Sz-tF642n6ND-jSjJoGO4bkCkWh9pHXsoEvTkwEhZLvj5cWiCOHEv6KGe_NS3Sugqf55Q_AWDsg7HEbVDbcTJOThO4smuSTDFziL7jkO7ORw-QptfWWpUF70SYH&cid=CAASKORop39g3_v0y4tqIKS0XerAYMAOxYdC9Zd-3709TuAw1wXpFY09F5w&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:41:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:41:27 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/ Frame 2F78 27 KB
10 KB 121ms
41ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

562a8a15e1881723d0fa7826cbaf1ca561428ab33b7ef214b6894449e9a76a34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 111
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10462
x-xss-protection: 0
server: cafe
etag: 108952690031844284
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:42:44 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2F78 41 KB
15 KB 125ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 07:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3427
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 May 2023 07:47:28 GMT

GET
DATA 200
OK truncated
/ Frame 2F78 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c58d94b6df595658e089161d76109eafa31730cc53de93109368095b74608e2f

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 main.gr.19.8.309.js Show response
static.adsafeprotected.com/ Frame 2F78 191 KB
61 KB 167ms
45ms Script
application/javascript 2600:9000:214f:2600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.309.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1019383/62538988/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:2600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9f2e24b95c962fffb41eede228d0c5c7681cf9bc3dd3ece2440412ec4246d84e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:42:44 GMT
content-encoding: gzip
age: 1166512
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 05 May 2022 17:31:51 GMT
server: AmazonS3
etag: W/"25d0c2239b60642eaeddad303e621bd4"
vary: Accept-Encoding
x-amz-version-id: mjEd7PtHn1L574wGfHZ2vjRyhTR.v7IU
via: 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: Xbv-kt9YWTeslkSr_tUoQ2ZaZKvgcIskSNzupY2YFF11uIit8ajSmg==

GET
H3 200 310403289_AerLingus_TA_Manchester_OrlandoNY_300x250.html Show response
s0.2mdn.net/11581991/1649936156235/ Frame 0BA9 6 KB
2 KB 123ms
41ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/11581991/1649936156235/310403289_AerLingus_TA_Manchester_OrlandoNY_300x250.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5cd68545132b7f79bc60bfa1926da295eb73eeb7ec2f172026bab079794937b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 68873
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 2440
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 13:36:42 GMT
expires: Thu, 19 May 2022 13:36:42 GMT
last-modified: Thu, 14 Apr 2022 11:35:56 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2F78 0
307 B 99ms
84ms Ping
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvdmoDh0Z9NbONkyrJz39faoRSSDDG3tFu3i5_PnFMc5JjmH8ldOu7JLyIvXKHXBadNus7Ez4WawbJG7x3_vfBk83RG5xKkNNJmgImHJChuTO32AtMFm50VrcuXSmvmwkcJtnADpwO5dwUW_pKyWD6HqZKH5QblCHruc7qeCHv164GOB1WU5SXxg1TQ4wbwPfhcn0DRsXv-rpNd5d6Sk33IwFu-0fcFpYDjMpuEhXM23xIbeHY3vL0XX3dOA2Sc6VQMbZ3vQYddAQ1p0TPAQ9mX5Ro7FUL6RjR5cIrozS4wbXW0Cip4-E4HaU2n75FbtoKz_1jfsZZwOy-W9t-AwB44CSCchcM2BJn9vpzY8uYsVjxtnZCiEiWzm5njzEGH48GSvaosln2iHgIaxAmvpiCN-T1F7dTjz1sGxhnjzIzmtstryQ0zMXq2_XBtGswE7AXAwClwtd0lvdUKUjQy-FQaTvkxI3eIztT9r_j6oGgyIsxGopvRik5VAvhwWv0x889tMhR3M7Yi-dvUsNTumlGVO2RDVqgftp9dh5XIBlum_RqFRvCTi2_16NBVnRU1CQPo0efr4U34xGcvPxaZpWz5YGxRHF7FK4xDBUgS9CVpjcpP2r143zPFDsFqoVFVcm4a3wMH9SZZPgJyDdsu92dlx8dzcY4qD6fb5MihQgwGY56s9WzAr8x6Tp6qtFSGN7o-Bo7xWjbx-IAJekjilkvW_4TBKe2XF6oUemEzACbWfQjrod3w5QvlcrrQAJ-mM19KCTgBY2Xqpz9MNg7UvutLNUfLeTXUpEmJgUOha_FCrovEu8AuMT7XR5u-bEDQ9brB1oVBGnz1L7Y98RBH-V3ZjJdr8oD7962yMrgAdQy9xNNNQyvukAv5bsm_8yj2dzh8IZ1NsdVRa-Br-pbzbBVgwcOMhftx8SOEU-pvZ9GB_Fng9sMOXMDqzeCBRp1Wq0aEhKh7rMTeYhZ9ziC8c6XVaHbeMtxXkLwgbG7g14QvDNpQWBifoTHb2C0SRjm28olA7OPEGXUbJL3l64h0Jh04d_O5SJYp4XHTKUY4O9Fhy4sbSYQ6KagvIyNNoazpXDDAuBj-ITquF_ODQZy5ZqzQ0b8LpFDlobEYeMZ5qZiqtavOvfsmwASOkiX_EpVmIs7clKTaaoE3blyMa0xBa5odHQ0hd2P2UWrFFtMMkroBdBMbSKtciPu1YshQqZSNvSl409Y&sai=AMfl-YTgsQMPEkDvMlfC56tvwTliHZhuyX7gwVra2c1VmkYgTlxUIKUvhtqwDcGw_06vk-teh3jqzo6WTNtO2tQLA64zTXcKWqzy3K1roHP5Asjzmr5bYYjwVUoXi3eSG6dVBV4vdbYm3hnN1be-vgDWD_XkAO4sqzVPQxPOT1RDJ8jkDAcaluNM9kD78M2ZoYkKh8B9GQDMCOIdbxmqPasppfQi0FgW63NFQA&sig=Cg0ArKJSzCimzltbLa0XEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=200&cbvp=1&cstd=198&cisv=r20220516.35738&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Thu, 19 May 2022 08:44:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H/1.1 204
No Content multitracking Show response
ghb.adtelligent.com/adunit/ 0
218 B 53ms
53ms XHR
text/plain 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/multitracking
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hbw_master_306660_6693.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://vsim.ua
Date: Thu, 19 May 2022 08:44:34 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive
X-Robots-Tag: noindex

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D84D 22 KB
8 KB 41ms
41ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 3266
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 07:50:09 GMT
expires: Fri, 19 May 2023 07:50:09 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 0BA9 236 KB
63 KB 160ms
49ms Script
text/javascript 2a02:26f0:3500:11::215:14dc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/11581991/1649936156235/310403289_AerLingus_TA_Manchester_OrlandoNY_300x250.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:3500:11::215:14dc Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:35 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Thu, 19 May 2022 08:59:35 GMT

GET
H3 200 310403289_AerLingus_TA_Manchester_OrlandoNY_300x250.js Show response
s0.2mdn.net/11581991/1649936156235/ Frame 0BA9 76 KB
16 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/11581991/1649936156235/310403289_AerLingus_TA_Manchester_OrlandoNY_300x250.js?1649246052227

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/11581991/1649936156235/310403289_AerLingus_TA_Manchester_OrlandoNY_300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e4119a95b3df87dd503f7ecf26abb56c09a4cfd57fc81064f693422791f2ecf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/11581991/1649936156235/310403289_AerLingus_TA_Manchester_OrlandoNY_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68873
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16578
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 11:35:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 13:36:42 GMT

GET
H3 200 NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js Show response
pagead2.googlesyndication.com/bg/ Frame D84D 35 KB
13 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36146783665e9d945c68f46e534cc09aa8324ce84119759e7a19fcb969346c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 17:04:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56429
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13698
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 17:04:06 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 2F78
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1019383/62538988/skeleton.js?adsafe_url=https%3A%2F%2Fvsim.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndic...
https://static.adsafeprotected.com/skeleton.js

17 B
464 B

39ms
39ms

Script
application/javascript

2600:9000:214f:2600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2600:9000:214f:2600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
via: 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
age: 8016392
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
cache-control: max-age=315360000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: PtxwMFQToCCrmjW70FEYVrcrHHh6yhbsa3S7intPBKqQ9YWS1HboBg==

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
x-server-name: app05.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 7C5E 80 KB
21 KB 44ms
44ms Script
application/javascript 2600:9000:214f:2600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:2600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 02:32:42 GMT
content-encoding: gzip
age: 3823914
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: oHkdNF5SURBMan31AZAo5wxT9msu82JiRWTbeJvjydy96zqdeWxOlQ==

GET
H3 200 container.html Show response
9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3F41 6 KB
3 KB 41ms
40ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:34 GMT
expires: Fri, 19 May 2023 08:44:34 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 91C1 6 KB
3 KB 41ms
40ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:34 GMT
expires: Fri, 19 May 2023 08:44:34 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6024 6 KB
3 KB 40ms
40ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:34 GMT
expires: Fri, 19 May 2023 08:44:34 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2F78 43 B
217 B 551ms
177ms Image
image/gif 52.11.84.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1019383&asId=728c4d7a-4233-30fb-95e4-923cb0857c83&tv=%7Bc:d32Bh8,pingTime:-3,time:327,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:275%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:327,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:275,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B63~0%5D,as:%5B63~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t6gFdXZ+11%7C12%7C13%7C14*.1019383-62538988%7C141%7C142%7C1431,idMap:14*,rmeas:1,rend:0,renddet:na%7D&br=c
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.84.32 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-84-32.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
x-server-name: dt09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2F78 43 B
216 B 549ms
177ms Image
image/gif 52.11.84.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1019383&asId=728c4d7a-4233-30fb-95e4-923cb0857c83&tv=%7Bc:d32Bh9,pingTime:-6,time:328,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:328,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:275,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B64~0%5D,as:%5B64~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t6gFdXZ+11%7C12%7C13%7C14*.1019383-62538988%7C141%7C142%7C1431,idMap:14*,rmeas:1,rend:0,renddet:na%7D&tpiLookup=ao:vsim.ua*&br=c
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.84.32 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-84-32.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2F78 43 B
216 B 541ms
178ms Image
image/gif 52.11.84.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1019383&asId=728c4d7a-4233-30fb-95e4-923cb0857c83&tv=%7Bc:d32Bhk,pingTime:-2,time:339,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:350,bdZ:523,beA:524,beZ:525,mfA:785,cmA:786,inA:787,inZ:791,prA:791,prZ:795,si:801,poA:802,poZ:813,cmZ:813,mfZ:813,loA:852,loZ:854,ltA:863,ltZ:863%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:275%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:339,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:275,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B75~0%5D,as:%5B75~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t6gFdXZ+11%7C12%7C13%7C14*.1019383-62538988%7C141%7C142%7C1431,idMap:14*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:na,sinceFw:61,readyFired:true%7D&br=c
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.84.32 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-84-32.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EADF 624 B
297 B 140ms
57ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCj-8KCAhjhuenKATAB&v=APEucNWCbxiUQqMCPq2XvDlHG6DNvqLT6F-UtS-03JEsOjuazkdWuaKpE5_Mlu7nDUDiZ7otc2YPjjsHsVAm8uosKzl1soaokvZE2EIDQbmG9mEkXmvnoOZU8zL2dZiXkz7SqnFsxeRGu3W0nSqQnz2WHULt3YagWuEl0ngxEXTBNo97xhauxb4

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3F41 83 KB
33 KB 199ms
115ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AE8hGkR_TvhM97wrpozD0JR77kMs1lx6-LfDah8Kr2-Ie9FVAH9Glks4bAmvGzDe7rHE2L0p1PtX8J-fbS5mGVsRuJqNIg0PNR-jKijdsb5_fioZPpCRr5_PFaImrQXJCuba2b3CChLSPkrwW2xT3ClPTzOg&dbm_d=AKAmf-BLzoXjWx2DYS0UoyiGQl2Axf2DxaDdU-1u6yJmwXTU5I8injFmsq6ap44xUDJ6PIkCtrhK97xgWCYU0hsFDCb6IYRk_VqLR07n9M1HhVgV4okh_G_EdmoDUkqMk5UcXKnc1NT34SUYJssUgvJk23JtOtiXcjkQtOAo-JI1If0oycNX4I8xvCYHoGHapdr4dAruppCRtdNgphng2EDu6Y5U9r49PROsfGfbHyaM3_VFF8nlJS-oWdW32pht6cktdYpZ5fwxsKmaSsMikxXJjJdYqxMgmpt8eRM631en_eJm28_ma5FKYvNTJjNwvLJEkYXv8fdobMyOYoB9XMhvuuaVzVjMvfPpM15baflUUQjaxnEE41-OwL9sVGzTuGXbEXouYs6jOXlPVWbzgFnLLONp9tqg_XsOaMX4PRuD-kTlhXFPQCDlzrshW0IB8guYSl9nQj0wyt_OKA7ld-pOHPwYUY2bFOdtXQxJX7q6Q321M1m3ae_gVJRN3mjD35Whk9nU2VBcXnadesPEzolCNMCvylHEQARsvQ-x1C_KGz5rKbGlWSggK8f5vY3E8HpS3fl3_jSuIjxH__1OvUYEM2fIfwMUF7mqomixJvGCM-czvhbWNTKCcmVLOLiqFeCfnMwoi4_WH1As1yb8auIo2ljNcaTZFC1By8pB9z0wlvc5ouD9z055PQtah6mteAjKFV7QWNeWerxqxTKMsXwccrV6XhHPSUGGru4bzOul2e5FgJdzHU6nlkgpQ9LAnyKJCj-GbSzSlh6x04eoDqgiAzE-qpZn6YjXcMSM44SMyY45gIbAJ2WLAMkW3mBEouK8LXFlapgKh3-vxhycYSYe_VwFiDd85UfiO9qAKmC-YG0ol5Sh5BjJQzWcy-gcin33R9DtCJIRqBkC1HusGE_nGaP1U3drrhTj4wS2ufiXxB0c7lkWJXUdMhjx6XFHb5gyqKYSugi-tDg8AwCCqdor5cBpJRX0GL5bGMrIoOIYX9VaiZjLWBqoL-OAO5SJhhS2apMDgcBw1VmvW-Nmwgrh7xr_IIXCMaGCloW8zii5MZTk-zuFCySmprvHc1-1pwfgipljLgxw803sZSxmKBNkNL0OVOUsch6qHY6F9pcjnZ9dxJSIzbzvXPYMA1LeypbJy_gnspeQgDlyZ76PQ9NQFMMOI1sY2d_URcj-cEBTS2HhSHF8nRYZhnlLvXLFNUNjS14vmvkMnFZpv_X3gYzHfgn-tRcQXsFSr63w1L2RRsG4rVwZu-3Vh2HmU3QgI3C__Ro8PT0WoVlaDh3KVhQGJHO8QV2hcsXSkM5V_CwherMNv0D-dZ3m_PaZfVCZ_0F2V_QVtOJy_kLMhIzAlSENdfgnI3bKAJJwvODJ_O8PfMLB6ZOfTzibTlhI7Gg-U3C1jlRnf5cTBx1qA7RlXRZp5SvYMOdVoNXQVhOX3ANHE5JesVUB5zPR8JtritNj6Fd8XKh5_ODgo5SE6OgKvBy4E5DQiPYopnQUcRue4zpvUez9qaurszB1rI3IoWFucKCN1giXAZ-E-B_O30Gk9nlQ8QtV8ax6D3QYBRcR3m16y5K2eskS5J8Ao4quEOlUPzSb_MIo8B1EkIT9H2dIUikttdOmQlRWjw_JeUjc8AhoPFHl0f7eTnjWSRJspKeW0bTeNpcIPcLETqVLyG2NarXphZ_m5r22fEkh7lcazEwJDwTtarrk0vImK3ID-ATcz2rkqTStqkBLBlLWj1zPRMo5BjahcmH3r7eDjXZOp4ysfUcTomBk8sgwY7Eu4hgW3wSdiqxj91P1f6IgmPu9OeLT7mG7eGTvj7CEHD-xlEv_ny5r9ukd2IWsdh0El34lxOgw8MB-T0o50JBg1B7YOva6oR2mQdcapRF1dIi24ht682p5Vmkr72fzSXL6q9ASlUD1PaOOvRNzTIlKLtg9LUacGTeaQ5BVEOMaB2_WH54Q64kumDOzUOUPD8RhkxKpnNMejIxcERL989qGn48zcHM3-Htz3HGTq2kaYJBq2LtfRZmA64DK7vVJp_fPQDex7TOYVpeZzAn2LyaN3dciDSwIgAbiqGYrJMuZOw2IuSDfcBWk1hzDKMXlPQ9nB8hNSx00TQdFfIdNrrp3ftkptX2eP_NXJRE_I63UyBpBSn7waUBdYWqlYyHU2kHXj7HgetjlVsj9xI9tmYNP8I-cjVoqI-3nSOHz36SyUuyxjqkq0pBIXyN2hL6ysAJ05rmoUFQ-sDE7rTv7PT0TCr3eN9C0ZSQ3K1invsx7YFX7lvZB3W8VBnVvGILkquOp_1dMoybYHiiUqqvGMnYbS3shGJjXewIB70ndQYYy8CjwFF21Pua2be91PI22ARx9PCWvtKp_7MzbMcvmNND51qZ_YlgioNEo5G-tBlpSumQlTDo8RM2Hao9VJrCprBWyf6yqtKvZApBSbr9MtPJZDZd3sKiWccLxdACMAqm0L9HXw-PWWDTWVj8r2qF5yU45OA-juhoBAvMzmDo-sXz9CYiSd6maEk7SvFe5T5UL4xJT-I4kdVWWjTPwIkGTOzPYoDebl6wV8ELYT_xmsPNfPGCg25mqBHwTUBh-wIj28TBET152VeWboCGIUfIvqwGpanFxVSAObMKB2dS9b-CVy50G-MT4__ge8qUeNOstiYOuJiLJPSY2AVtTe7-gCiT_zbSIVeN4QcR_HSMA-HUsKOtanmjHkyB7DmF3nQusK-1SV6uTSX5lkW41J3Z9oDlrwefiLVmedRB2GECRu6V07zuIWaHLK05VOvypYctbR6kmsUHzttUZLEYi4zvAYiyPRaYGpI3IqhEle2U4NhTLDQyl-qG8ahZyaLPZY3sJM2N3WohljFrSVLf3jU_eiN-4M63l-hQ1RQcPmsw9r7vo6VC3COb2v38NPZcrR6_jN7XFOtZtKBj61ReXq3eastDSxYNT0s8ELdxo2Pbhf2B2dt1cqMfm0zF8H87CniWX2KfyXxjdwx8Cglc4Ww4dcdeNPcfkiv_Ncil9gbOrGRdv90eE1Z5ELVw8m6ARm7Xdb9LO_UHm1ne7OvVyaSbpO4vu9iVRK1AfUlKQ-Dvyy36K4Rggj8Rw3-4FPrwjFQldfB-xHjZy17jhNWvKUr4aZxzc0jPihscnL9yec-KJta3DAsvnKA-Z1OclLsK0pLjURhOsbXggn9FH2BRUZQREUfNPdzCINjejjYDituWAdqLIn7liVzT36RAd3mk8qCyEBHwMdhpWSnzTuS-qnC69LuwgZfApCyvgjYhieKWXg9s1rSgheNukvDvYMbxmBA2f-CEE7T_qWm73fLNSgqfERIB5h9scGgS7w_nGk3XH_zKf3vkshUtAMe6aC5zsZ8eSdXmzLzsL3w99iUC8fkHz1Y3Ybz85DGXhlWIsI_ZPANTTI3g0FZwCk3oxhAlyiBlQ4UHyBIFB1pmjBetQEv7dEYl2fjZ37J1tn2sCqyaR66SEc4r_xuUSf43rRhA2VIZILiaSfgpiSZwWTVlPE72jknO-4CNi9S9CnNCo7r0LrcRieWXgu1SjhdERJ_CtzIxCn26dVgDOzfZCyfAS19Xv2rjzyemG2jCqX8V2xeMlPnMBqxSI485zhcq3yX_KNkk5GmqVKVTkveZH8BNs0EqXj-HdTPlgprbLtC-udkuC&cid=CAASJeRosRsS53ONYaYmlyIF4XLdw4ju9SC0QLBJt0ED7HTe6A9wEUU&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48a44694aa812da949e13193b5f53b358bccae267beb63b7edf0b53f9a72f9a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34030
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3F41 42 B
63 B 88ms
86ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DvY6JMAzynf1qVtpirzvyyRb1NT20QGVCLF78XqMbVPxADbq-VEDGoe_xWnFOqs0U5-YaefYTr2wDo4wkGPuyOTzE1NzZpEms66ggG8d5AlkhgbAY

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/ Frame 3F41 3 KB
1 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/window_focus_fy2019.js

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:35:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 519
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:35:56 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3F41 135 KB
41 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35d962f44b1208c783395315f2793914f30a7df4aed795e62885e30675532830

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42375
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652873336749811"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 19 May 2022 08:44:35 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/ Frame 3F41 16 KB
7 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0351eef55e48244d3adae2b701dc82e6696074e872889aa2b4587448a2339671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:40:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
server: cafe
etag: 17289513661582941094
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:40:39 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3F41 0
0 131ms
48ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSY21LyqgITCwUjbkod2PNNIhLZdwIxSarCLoAV5q6kxUIT7_T72uoKhRcaYbU_72rKtJDZmR3cvRGgpNRuz-Th6HcJPQ
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 64DC 624 B
297 B 131ms
54ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2M4wEQh7-_nwMY8K6myQEwAQ&v=APEucNXAW6-24zIl8QQuRwhL9RqJSd--Aa4KbyH6ZMMxgy53kgQKb0jDHNyKXIVyQHDGRdcI9r7aGehvkuSlT94GfRvHy4sgKk_IXZw7r0WQYtBMdZBdnqrt8vIQeecslzbnYAt2dJjyN9Z8e93893RGg0jjKRXlFxeeNF7A_iCfqFS3-mhbxAk

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 91C1 86 KB
33 KB 177ms
101ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DkPIyUZtkWFd-0Gq1sARm1wiN6QZVDEuuqA5YyuCZiMclW4wBrEFyXeoDPECnbZrxh2kygynfi0tAz8QN5wSHNTZkwd4VCdARqhXcAtaVGQ4XJmF68ua3ime6FLfoQGEWvD0lA9HB4G1NrAj5azuQ9qg5wPQ&dbm_d=AKAmf-CHD8anUkc3RIZhJe-SyOghID67XH6ov_xgmaLEj0X2Cb6rBf9tuUxp_wu8oZr3LBCdccZF5v4ydrXC7R2vXnV9GS0x1LT-LM9Hk_zilIWyk6Vp4E9678vwTGR7tWG9LAzOXRVA-C5gSmt-bwPfqkcFWkGt5Ei1npXDFdRtpBYdugk7I-EGcRlsWvlcMv_qaoMB0ibVVhuy7KleDM8pZnqiVSmlY3ggoUr-nSWoXlziYcKi52r51lUmF0f-1tJxBLsQn7E11s8n8F34D5ZpDFIWy9w65IeY_PI5XDLArtpyPfmevCTQdPmiwAVc7-Q3mLn_nI5_xtppfXxrISI5P5lF1DRc0uBY_FIfDvYRP0KpeSuuG8HH6kxo861fiC-2n2UyRE-RhdM-IfekKXE9pX8S0XznBc3ZxQ8WvEtW5fOwMxbNsq7c6dgc-Dmhr3_xoTvv3MLeJqyYSbnkMjxPDODiJMB3Ulw5nohQ0P1J4rJeCXNHrEsAfMxEMZh88vOq9LTfFEqXO4FIOtkLOyIa0kEN0VauS-3dcnBC1nDW5aAeN95EkXW19YcQuevuRISVdJ2thMuEL1sLZvGsbRTV3oBqALaYpfQTJUTQqDHOMI4XwyBqO716DZatiLWS0H3CaxsR5aMpvoZHfcvvw4oTgHSQBTys3KdUdxtyVclS-PZfyJLOPIqLWriVGiowVe5kqbSLFjDJyCm0IOZYYUlxancxuu4MLEKmyzDpy790iFkymnUC0zfpelg0AcdAJdDS0oWPRlnefbjlgl5wVqayTceBblkMxQuFgc7pKk_CM6FGqLC5ghwupjODbJaSejAvNe_6doKOKKez2Vch__u3IJi6tbfixvga14r8zW5_6ic5uvYl7K-0_pPPQ7IrNmW7yHhBkbo-zuI4RcSp6kod-CjgBTP9HL2aQCddUzRLemEq7N4PPuil390Y56zpQ5tctKnjysVYZ7b0OxHXvYgG7Uf7kcewi3ihcLQdLPHBwevEWmmMLwhRquvlD1amZQVO4ZCOryehZt04jS1otKOptBQKrnkUPXlepbLjHf8xPWDPs-O0eYR5cXF4_Xtk-og5X3WPgGezd-yAEooJhlZHuDRz4cAEmcH14oK4N85zqMnNwg4rRaI4oZ_ZFAsOtWmFAHTxKHXtpMo8t7JGhQblBvAkZMMXmhGjbkGJbQOaBRs741YvBPiapHokkiLkrNVNuziL_i5CqOt6wxxj-kaAwR_IIJbBGVKy0wRZ4LJFQPeYLBqkXNXCmGdSivfatGjbAISe5VIrCqDJvefG6ZAeGWd4wMmGOhCRwESpKldH0wsB6HpZE7Hc4QigkR9L4ArmYm03M4SY0awrPlg9eZi5_4Bvb_eN1WgudKMtE9Akdz09jv9di4Mw8t3frEHsv76mr9Avmxu1BmXpAZ7Fm8zszKtOpbs7MQ9bFoEguBtvkB72iVmXdp5J_hpA6bUGIgVIHXJ56_DnVWL7jfBhhdVHYrXIZdWPFdtepQbv7J34aXv9POurUY_yZxIKd5ZhvdhRhdtdjVk0tIOJfgKaVuQFrezSAjWtoa0myItTOZLo7awkTagXa1PQClIjuq2vucbi505nSvkBLrhMUM6n-ytoOZXbg21p0kmZQ1m96-bVLTx_FZ5V-obYurAl_F9MRbWC25hBz61OLSEAXy2grQfv8VxzCtaKM6A2sU6lHil7J6gF4IpjRrq1C18LTMmqO1DfPGxf34g1-7RDvQJOnWn_RRukd35lzWb7vkgG6jhGDUReVKNeBggX0_8qwqK8p7NVVbrCEZ9z6PS768COCQtp_9bs0-pImWV646VRKbWA7Pj1doQRG0nUdK-BlBOgQCZxI75sBWFQLY5VvRuKVM_cqUKNpK6l9sYvgfjl_UU7ChFD5cvHE0KsxrynGK0sMHJ5hKILfLIDdXExkfoSbkS4LgNv98ByNHu2EwcEuZYt2WVo1BgbcyG39K92bHKKLry6Y_lKFws5UGF3YKumdDCGTjQVBTdX5-fYvamb9qTXDuuRDblLH_EPMdPFpxouoVBsRmHWw2x9GHouBRvIU-0ojGZsg7036FM4e8OZFGJSVuxKhuxBYlebgfoG78LRBYkoadvyhOsUrMMkCa_tnkhs7jLkx-BI7enCn3Txx7C7lkRlBqa3-rRwOMpXIfBb_GfVrpJ9Co-cVeXfeearFY_SILgqisy8pEFsmppb6z5uxTS7FxYJT7L9OMH7E_p3ELLmMgt5-Alnbifjvk3O0e8eBfyU0GMpcjwWs_9p2LDbMjm6YOjI6ydgH2uNGCv8e-JjeuesLgO5_00UwaGl44asnpONzpqdl0Ee3jEfW4mfuHyPuO1mD8fVjUk-92pcWj9zK7-5ThgV6l6P7-IPVyUa2FuZG4axjtUsEzbMEtAZ5zPjMn274zwGyw7ACjLXp_Juskh-RE3FiprWFQ57OtZhBMk_GnYmIbJT8giglCG9FKbFz-Qc9oZAEkVi1dN2HIFsUF1rMCfuI5YsZVo4qzhgiDVJXXm4k-2cOu-cvufPFMhFYsMstrRQ6p8_Drav-KnGZVKK80w5P5WD7IGlBtnUcfxB2WYWt_EOxHwJ0epst314_x23-3Y612vh-7aEs7ntjo5V41xzeX6aU9pMwaC1fcv_FzWHt-ZeJahGbF620PL69GqxxxBqSFvJevZzIiqk4rShCjmhdxFvYeBB3buij8FqgJZKsuOXuCG_FwQ2iGWGMfx3lZyHAcZC-RsoVY86kwmEDItFrt5jchXr0ym1SE82EZwuc6JUMNalDm6JPF7x9dEMbE8QkPBtmNDfIyIHsT4uCLyTyYe6x266Z8RLnxHMXN3GdDR21-qKzjDWuTN5nspJ6HdkMCkJ7Xtxbzs_BEfuigl8NsnqmdluRxZ2VnRMdXKPKmZzarYkTPlHNwoxEYCSE20PFH97PnXMe510TqXZ8k1WfTRyXtfatyt_U-bi3nprDlQHEml0AWY4HE-q1EoEGSnC9i9_--YLB_fz1aEUuvrvDc2qXJTPMCs4Ao9sZK2aSNmPdDuxGpr5TCthyqP1X1rCcsGe5XdR6Sj2Og1v769Ml6XLJuoxWtnh6y5oAVO7U2tcZX2HlMEHExSo1sZnAm5FFpXRu8fwh63Mc0obT8g3wPWku0IvqDvwS4-WbEqh_0PlTgsCwQumEByNsYMTH1wyFCEYnQ5-DwwT_WIztfyy-IlO9TMxNQHnFqmGXndHzQ7pWj_8rGnQBOE7cbdwAuFZpYK-4stdwne3gxmhImhSusLzjF2AcvJIdhrjshdT_4GEifzkoOz8k01TB9GO6XEH-jEocTUXfvQYsuek2Qvk4U8AArnhbNBlPM7ywz9YeMFZOOMQdE-Sf1vrj6IfomVaR3ixmE-CTrr16mIe1EXdC0AmDMBcNgRaoeE5M2Wm--0VECBuag8f4ZLgC4blWsva9uizXXzczLK9qf0bVbECksmx4iA-o0pmDcGfytu3PxZJTxD80GN-HUdzqD6LAsqeUT9k34r8Xy46imDGHPHYx42oyL8dGKTEbQyya30H58us5MnfuPrl3F5F7hhGx3OAOvSLTu52wppfwOyIqzEfm5eKtB7cWBi9OJ3SCD2vBnywTWkceK0KqmIMQaRbH-rhHx7degTvMf619DB1Lz8iSS9I1yLGyGCiKENhTBSuIrE1jNED1rTv_KBQ57s74CtVikWfghjPXSWU6ol5oJuMyanHF5jtTqpMFvSHw1m9ArfJPLvMn8lckbdQyzwcNaAdBaFem24iIn2iTL5vAez2GbFe_h7qlkO-EtkbOlcPU7CIF8G99BUKk5C8NFgJQzzxfS3WmCSXLWH0gLEaCyy4&cid=CAASJeRo8HxUgqMRZr0EpqdZMyzP51nGfhAcv5uToyt6gBX9p_BkliU&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c27892bd71384adac683da0fa31b1eb7d2133448b8b03dc247e0a4c6cf965f30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34213
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 91C1 42 B
63 B 81ms
81ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A8OuRVqaMLRFkNSmRyMkGgeQIB6OyWcdPe2NbnX5hBvuMcCZESJRC0YfAIykMXsiJgUU3fftEyE1xCWWuWPyZCfh4ZOIF9LK_quFeodPZUiwD9RJ0

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/ Frame 91C1 3 KB
1 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/window_focus_fy2019.js

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:35:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 519
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:35:56 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 91C1 135 KB
41 KB 82ms
82ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35d962f44b1208c783395315f2793914f30a7df4aed795e62885e30675532830

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42375
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652873336749811"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 19 May 2022 08:44:35 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/ Frame 91C1 16 KB
7 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0351eef55e48244d3adae2b701dc82e6696074e872889aa2b4587448a2339671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:40:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
server: cafe
etag: 17289513661582941094
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:40:39 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 91C1 0
0 126ms
49ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRz2DQ6MP_xv63rK9hxplvFZ3WsA4GkZL1Y_18Uxa-dJi8jxp6y_wuIIRB9ZxRofpTmTw_Ni5URBkxubUir54Ny8w0EWQ
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2ECD 624 B
297 B 122ms
56ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2M4wEQh7-_nwMY8K6myQEwAQ&v=APEucNUNY3jjsyOWbGvYZN3gV_nAuDQnEpkVtAMt7pdY6Kh1eTeMJu_vsRGTB24Vi64tdijh8_qXDgd3aoO6TmISIT7lrUX-mmMpAkvheuQs2XIsGtHYnogF43w-B3UjVxJgmg2DXTrEmwpyiptubQrYAk54G5KDaRirmLK278SuAfTajGIAdGA

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6024 86 KB
33 KB 151ms
84ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BcGZFkCD-6jZcWYvMzLo6ePKL4aYtF24QkJfl6_HUa4s7EoODNutYKrGlD9zsKV39RCLc8bUqU5nJ7VjVsNieEsyvAPThHh6gKXTH4lKD6Xps7sXYzrnK3vhquT7UqaQ7jYkHl90B9Vm6cgmV9BULenykVWQ&dbm_d=AKAmf-A3ZZ2tvx8nh3F5QdBBZuoEd3EiDUKYJT5lihAXikd8EkqziTlbCg4HR9Fp0kiHxV1xzhd2YcAVhcK-rRfCNXXCAGE7dVIw3DC8ApM6uK2GgufOqBxQrGLX4IiVOmzLCiY1tH4fxHqycFZ962xNEKEMHBijFEEhAJrnYrpetmGwQdrkgLeURrbFt_YAbl3oSaec_nFa_PbzQoat_GPO3hoKylJecwcStKLnlulspnizwqvdmcGerC6Zy2v37_--NEobKxSRIX5DwHK73nJroRbXcR9uvJmM09ksm_MAwGW5zFW1TZICE5dMZsL3Mo_If5puGpi8sctDtCYeKzjh9CA92Q5wsch9DaAp8LorGSSx2LAyp96Z3wYVVNQuDE5p2kQMRBmphkCcotyA00MqGu6CidqcDKTwSL1ebfHcPQrrYcedZMG5dSlKebEpvdM-7mKCUzEtQMg_nLWS0pwE3e011oE_nKpVcahMBg7Q2H7VoJ3uYI1v7pArzrI4Vs3TpLCSRgc3Wed14xl3RoBUrEpfVozMRZZ0T6bm1n8_JqZ3k9N9YIehqntcpAyzx-sZPrLFAocJlNbYEIyYUO31RVnaPsZesDH-Naip-pycaRpKRw4NxdrIYit_UqUdtFqBThKsIx_kI-Mp6iR4tIRDWDLQzIskWsMUdtKH3anwY9Zp4yFJuuwMRE_DdAwBl5iAS6BWlHMo5NJc3jGQvN7SukCAJJFpKnYg2wcpP4km74P--Mx-XQ3fIkosVJArWwr-mcDg3rbyvwL80emamuArXoML5_2dEEaeWLIIAFVx1fKe7xL_VB5ga3ER89NuX-gJOq29cMhtGlamtACfFY8qYm7oMt9FNxgYom0pCmBSPsVGHVFYbouxIS6Z6iC1O_D7bJBMY9zz2YvAHEUxbGDadjmyxXYZHorLl1sIAZNuSsRXB6wvkSiww2BfEF_PjIpfM3BLw5-yt6cioo5GCImhfbqD_nL56jDb4qslI5yLmYq6ilYk1osrDNisofa7lifvXiE1chYED4JU-iIPWvDaYAB_goCT_k0NWxyThExSWbODCTx32f2e8e68C6nuQNBDhFzfPAX7SGLDKrvC2cyRDishZoSVje-Wum8eSsbT-UaDGpLzby4CK29eJHFisTyBY_qjPJdOEfBHcXN0sPEUo1oFEonHnRyKKaFf_rhlaQh-ffNBIs2un7fm19QdldVBUnEcMhv0IAHI0o5zaKvsQcN4gi_jWAXBXd4dF7PT7ye4Mo3aZdG11qLoRpdORWui0qou-VJZ1FAaft4rRmgHMqT2cw01go6DeEMWZkxUxbEqkTpRqm02_ZEO_1meNdXTo8lUi0xXaHu6en9oq1aIp8E4lfghOTgRhSGEkRyYK1CkrwZK-uvi2Qz74f-LkU6C_CaXTSz08DIrEGtgokcJSXsjwXaLNcEwtgLLIN7SyVIjhemM8tmQFN3WOTmPTCUWkn9vMbNSM2jnFc0R7DV4CmoVcrBsybxIDJhMqrt_QXxQvCvH769vClTLnHhFAGRl_16ALTiIsTnz0c1NYhAhAUoByLN-zKuJGkSbedFatu5cuOh8KLCS6i8BQX6Iix2qVtN5f1Yb58hBDEc0Kip55Et6VDunLPlkEsTj9Tqj2DeOm95WYpuVkjEkKQzHeJE3jL9oczUaDvwNOrjMYxOWrsQrkMTowyYzp3fRaZrbYe89SZkQ2cpQIdYtgNPcQ3iXzq505YxVdhJFJjNSms9bXwywql-UZfdbfD_XNLEHD0diJYK04kXLqJTD7Jeq1yEWg8Kz5gfm88ETetvrHkIH-M_2V29v8jORfuznoA6u90MweKkNB2ZBN-ArF2pqQw7HvgY8mvd_eaO_U_27oGkjvC8CQOqYr-knhHn6bARAQf6-h_00caYsnaKS9fB_thy7OZ2G6DY_oHv0l9Qni9DUuLmtvcKBP08ts52fnVLByl4csI_5TVdbGZxkxWA6UAvvJ31wlNqaJSqNSnnLhxv9KZNCg1s3gervVDVAOsGd0nKZIuver4p8_SriuLHLMMawRiOTL5wTuVUAiwRXgKNar_NuNFl10ASk5I7CEY7Gwz4DOk6mgt44wMjcuc4eh6Z1Ey08r2b3ncyjs7IJQ2W0J8Amo0ER2SoHMUncmlYIcPDX3tn0NkKwrUY6h1qzGBCBbXVM-GHKNPKjgz3fg8k05dZ3cRC4HTJ4_Xi5ehS2QGMkQgFPX8ZZzJCNCaRmcREPJRbgYLiXmAbvvCwVIFSLibaBUK8X7dVdv-o2E_hE4RihnomMBWbOjVZSPbLunmW-t46d5h1bSFfm8IIde7q2Uq1mnF_vsyDgcnC1np3a4b9wBltID5ybSXGvjR5EbllfP28r2xPdfLRkLR5D4FEqdng3VfDgS0rbVmEhk7sm9qUBFit-rImO0smUSQU8uni2hWCkaF3u-j6FUd7xaUISoG1R1sMoRIMq_Bu47VHxjCMdvm9Ts_gXA-cT5yOH4potGn3RKHw1FvAbgFMC_hJkkvhbCaj2jll3VK3iPgDDjPC4JQJcCv32ib3Ca5uYcFb5R8tlaS3YCsGQM20q27r550HMAf-5qF0wg8-qKhlts5u-bek7GufUKLXjn05KS_zDLX_Nc57o9mWG-dcyG4U-K56ruqSS7UHSLqsLTjsX6JFhz1De1qWdiz2m_JVHwo1vCoRPmAY6ff_N602UZT1aeMAgCG1hRWGLIjx070OEVY3dXo4_onRG73qimeqrDicu1obILQp4-Fnghgtkavvd8sk8ev5Aqc9u_a-imi4N0sPU2L6dYbBhER1xdO11JYQAX-CR1_pdGX-Zgi9z5mgU6olIUJutET0R5AXVq1PknLe4yqief5q-H6hxI6JzAvfEwDZUs0_wOudsDmwZiin1j3FD6fBXYBLMEhRNFPi_bYAADP-BbEIFe7ndJLkaRgYmiH4R8L11vjMKSI6ZLpVokt9iKeMP63BK5oXtdnyEL8C35YGLrQHrgt6yu9fYTNrhv1UGigz4-msnd3nPfJCTlCyODuwh583q8LxJGn1yw3vBqJoRbglQ0GhqQr691_Mke9njba3BfXwVf0pLwO1wcs7ALlRkPFUxMj2MqvEul1EX0PZshBqHUxiSSfbc2hcNghqCwsCWesuOy8rpCOXc82VlleX_85BwaIZ6A1DpENRsCohxFA3mJixwcGTWM0YG67KTU2uRXeevRlhYv0Y0lFaurdwYvl51hmPH3tcLDmSgAX4iWSATWJEeXncWmF7KsHKI7IYGSeHKquzb_fzk2eUDhMqjjCryU1Ywk9KB8cSc4Zjn4t3ppwA2DlSmiJ6bOMmaAsySq5J8kNQJjNd3orX0XFDDJBkovwi6id25Kd42WE-p86RA5zkCeIrZOgSeqQzIkOQZtZEe9w1oqKlfI5cjo7jMDo0SVGcltTXHtKRnnOdl7KSUHf49mQlT0F1Z3iYy9ruhFsNl9bFE3uaGPzedy2cKfv7_uhaPyEWAVtxqluHWAljV2p0iOgtJbvq4o4WF958ouvuuWWK1DJoLlLWqn8HZ-VroFF54kNZbuOHH2X5tgNpSEHSG6XMJT_6BhcH1R-LuHp2KtTHnxodl3ZlO6qBcrBvH5D9iKgn7LfzprLZBL41Oxk3OkbfJNmLsgKTI72YiBnz8O_NL_oWecbJvREbMrPU9UVhbWsWH6_xWyTVq0wfft38yohW0y8LA6tb1xk1SicrR1z6TDNopVSjn1kUdu9tn5qEPvt11wOom6nJ0_ypO-RANxE1GM46MhKDAjYiW8j31fz3HJ-fyAO6rrdvZ0Qyge-tJfqvQni-s2hTn_82UhglR5dyo4v0xzzqncqxh&cid=CAASJeRoRKUFc9OfjHXl64cuEzVnQfNDncn2XpFTYoffPf8Zs3NMg_Y&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eaa8ed6fa427f2e003afef9cda40e58504987efa459bce2ac97f46be448a6db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34086
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6024 42 B
63 B 122ms
122ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AJi3WziFVtMLmVAd5Wsv-6eUbn4328TCJj9jI9C7o9O_7wliRqQJR7e-MXcOnyZ01XcYSz4cTl5V-m5OHhY0Wl4nD2a7H9_KqcV-rs_itUcuNgt0k

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/ Frame 6024 3 KB
1 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/window_focus_fy2019.js

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:35:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 519
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:35:56 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6024 135 KB
41 KB 89ms
88ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35d962f44b1208c783395315f2793914f30a7df4aed795e62885e30675532830

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42375
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652873336749811"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 19 May 2022 08:44:35 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/ Frame 6024 16 KB
7 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0351eef55e48244d3adae2b701dc82e6696074e872889aa2b4587448a2339671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:40:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
server: cafe
etag: 17289513661582941094
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:40:39 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6024 0
0 116ms
48ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSDspRoI6kf921nc99BX1VAAWdN-755cJlUro5z83WUPW7zCg_NpdkVRoRVFFuN_4ejwmRjhbjhS1gCgS075ZMYThghEw
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 Path_0.png
s0.2mdn.net/11581991/1649936156235/images/ Frame 0BA9 264 B
288 B 40ms
40ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/11581991/1649936156235/images/Path_0.png?1649246051547

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31c108c32113ea7639aaed085b54a2fad04574040934daf5ae2a5c2c1c7a7b3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/11581991/1649936156235/310403289_AerLingus_TA_Manchester_OrlandoNY_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:46:29 GMT
x-content-type-options: nosniff
age: 75486
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 264
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 11:35:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 11:46:29 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2F78 0
26 B 78ms
77ms Ping
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvdmoDh0Z9NbONkyrJz39faoRSSDDG3tFu3i5_PnFMc5JjmH8ldOu7JLyIvXKHXBadNus7Ez4WawbJG7x3_vfBk83RG5xKkNNJmgImHJChuTO32AtMFm50VrcuXSmvmwkcJtnADpwO5dwUW_pKyWD6HqZKH5QblCHruc7qeCHv164GOB1WU5SXxg1TQ4wbwPfhcn0DRsXv-rpNd5d6Sk33IwFu-0fcFpYDjMpuEhXM23xIbeHY3vL0XX3dOA2Sc6VQMbZ3vQYddAQ1p0TPAQ9mX5Ro7FUL6RjR5cIrozS4wbXW0Cip4-E4HaU2n75FbtoKz_1jfsZZwOy-W9t-AwB44CSCchcM2BJn9vpzY8uYsVjxtnZCiEiWzm5njzEGH48GSvaosln2iHgIaxAmvpiCN-T1F7dTjz1sGxhnjzIzmtstryQ0zMXq2_XBtGswE7AXAwClwtd0lvdUKUjQy-FQaTvkxI3eIztT9r_j6oGgyIsxGopvRik5VAvhwWv0x889tMhR3M7Yi-dvUsNTumlGVO2RDVqgftp9dh5XIBlum_RqFRvCTi2_16NBVnRU1CQPo0efr4U34xGcvPxaZpWz5YGxRHF7FK4xDBUgS9CVpjcpP2r143zPFDsFqoVFVcm4a3wMH9SZZPgJyDdsu92dlx8dzcY4qD6fb5MihQgwGY56s9WzAr8x6Tp6qtFSGN7o-Bo7xWjbx-IAJekjilkvW_4TBKe2XF6oUemEzACbWfQjrod3w5QvlcrrQAJ-mM19KCTgBY2Xqpz9MNg7UvutLNUfLeTXUpEmJgUOha_FCrovEu8AuMT7XR5u-bEDQ9brB1oVBGnz1L7Y98RBH-V3ZjJdr8oD7962yMrgAdQy9xNNNQyvukAv5bsm_8yj2dzh8IZ1NsdVRa-Br-pbzbBVgwcOMhftx8SOEU-pvZ9GB_Fng9sMOXMDqzeCBRp1Wq0aEhKh7rMTeYhZ9ziC8c6XVaHbeMtxXkLwgbG7g14QvDNpQWBifoTHb2C0SRjm28olA7OPEGXUbJL3l64h0Jh04d_O5SJYp4XHTKUY4O9Fhy4sbSYQ6KagvIyNNoazpXDDAuBj-ITquF_ODQZy5ZqzQ0b8LpFDlobEYeMZ5qZiqtavOvfsmwASOkiX_EpVmIs7clKTaaoE3blyMa0xBa5odHQ0hd2P2UWrFFtMMkroBdBMbSKtciPu1YshQqZSNvSl409Y&sai=AMfl-YTgsQMPEkDvMlfC56tvwTliHZhuyX7gwVra2c1VmkYgTlxUIKUvhtqwDcGw_06vk-teh3jqzo6WTNtO2tQLA64zTXcKWqzy3K1roHP5Asjzmr5bYYjwVUoXi3eSG6dVBV4vdbYm3hnN1be-vgDWD_XkAO4sqzVPQxPOT1RDJ8jkDAcaluNM9kD78M2ZoYkKh8B9GQDMCOIdbxmqPasppfQi0FgW63NFQA&sig=Cg0ArKJSzCimzltbLa0XEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=581&vt=11&dtpt=381&dett=3&cstd=198&cisv=r20220516.35738&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D84D 0
20 B 112ms
111ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B6ojZcwOGYsndCqK6lQeMrKbYDgAAAAA4AeAEAg&bg=!MzClMHTNAAZL3OSAa9w7ACkAdvg8WhFlPgoZXrsyon4dBkjq3yNfFlryXRjWsuo6TsxhSwhFpiyM-QIAAACoUgAAAAJoAQeZAtitC-Hq6RhjraP3BYB4kGT28G6mHhl-naFvDf9ezHuZ-KmJtdMLmHsj-IGHb_c-yM6Kewj95aiKqrfCI52t0NzjeHAJOaK7RTfAw0sleB0NgoBhIVsQ68uR4-PRLpVu7b5CL4eeapMyRbNhBunO8U1bS5U6CbTiPxvtUMGkQ-70u3eDqguM4eWZxgMII8W3xAISGl0QUouRBpONS1ClthGoXoCD67-H5FukzcusGiIJO0Ih43ICxNHNL5LcQENo16kfNR8mUEuD33Jt5MA4E180-KE-bo4eLxc0nc6mFezj3g0Ipm4mGza7nFwcvEXFDomXgpKd4aqX3PUMgjS4BL5xy3H8kVtmzEfhOaMTqlg59e1oQMaER094b-mMDR2gco6R3Go3eL-1wlVR2zvSoE9IvVap5viLUMO6ksw1xmeGWvz90S03Gx3WG4txAkqDTtYXi4XWUC7osa2upgooJl7PdkGeApcl0X6ZO9M4diMo1gAxaTsWxDNHTp8jPgE0oBUkkEGbvE-ivN5YNsAC8fxOZs3JcWONsU-b2qTtZSWtNyCvbub0QVtZ92L0IHWNPuRKRFXpk6PoBdA_szoiUyvf_665uo7tSZNcKhFXgKXVN9NEbvcsM5RejkPVW0wGU80v8XH_vG3w1szCvhw4Xlc_8OMd8YkCyIogc5Nx3oe7aiIIXcCqCUGjgxdaufEm1HTe0YelRZGNwbChphVo1JBdpuMH6lCSfbc41oXqISFr4nYPkU_eny0uBANy3oq5Fwb6xcsMX0US1Y5WJyguJN4YWU9XHFOSMP_cW7QZbgr6QfN1_Yfqi53_8DqY6NsPwt9nPpvt_E-ogY6QpygsAJCgmm69qBl-natLIqSFtV3v6LtIbTb13nPx7sRqpqsgRMlBAdYPfLEDv6wL18p14zN3e7xMy5gQ9E6vhsXZyN-s6toDb7N1h4RK_iS9sO1_fPWUv9ZlV4A1_Q

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2F78 43 B
216 B 601ms
350ms Image
image/gif 52.11.84.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1019383&asId=728c4d7a-4233-30fb-95e4-923cb0857c83&tv=%7Bc:d32Bj1,time:444,type:e,im:%7Bpci:%7Btdr:143%7D,imprf:%7Bttecl:588,ecd:94,tsecr:43%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:444,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:275,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B181~0%5D,as:%5B181~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t6gFdXZ+11%7C12%7C13%7C14*.1019383-62538988%7C141%7C142%7C1431,idMap:14*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.84.32 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-84-32.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 orlando_ny_image1_300x250.jpg
s0.2mdn.net/11581991/1649936156235/images/ Frame 0BA9 32 KB
32 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/11581991/1649936156235/images/orlando_ny_image1_300x250.jpg?1649246051547

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d0dcf41a597f0a35c102fe48214216f472ed68dc297683a72c8e2ddf799a9fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/11581991/1649936156235/310403289_AerLingus_TA_Manchester_OrlandoNY_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 20:34:20 GMT
x-content-type-options: nosniff
age: 43815
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32951
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 11:35:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 20:34:20 GMT

GET
H3 200 orlando_ny_image2_300x250.jpg
s0.2mdn.net/11581991/1649936156235/images/ Frame 0BA9 26 KB
26 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/11581991/1649936156235/images/orlando_ny_image2_300x250.jpg?1649246051547

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61eeccfd65fea910982729c57a04eee5d5eafe0935ea6a3635c576324e404073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/11581991/1649936156235/310403289_AerLingus_TA_Manchester_OrlandoNY_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:46:29 GMT
x-content-type-options: nosniff
age: 75486
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26257
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 11:35:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 11:46:29 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 64DC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1

43 B
892 B

55ms
53ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2M4wEQh7-_nwMY8K6myQEwAQ&v=APEucNXAW6-24zIl8QQuRwhL9RqJSd--Aa4KbyH6ZMMxgy53kgQKb0jDHNyKXIVyQHDGRdcI9r7aGehvkuSlT94GfRvHy4sgKk_IXZw7r0WQYtBMdZBdnqrt8vIQeecslzbnYAt2dJjyN9Z8e93893RGg0jjKRXlFxeeNF7A_iCfqFS3-mhbxAk
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 19 May 2022 08:44:36 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 64DC
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YoYDc5Iw7O0z-PH3ey.YOQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1&google_hm=2

43 B
892 B

57ms
54ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2M4wEQh7-_nwMY8K6myQEwAQ&v=APEucNXAW6-24zIl8QQuRwhL9RqJSd--Aa4KbyH6ZMMxgy53kgQKb0jDHNyKXIVyQHDGRdcI9r7aGehvkuSlT94GfRvHy4sgKk_IXZw7r0WQYtBMdZBdnqrt8vIQeecslzbnYAt2dJjyN9Z8e93893RGg0jjKRXlFxeeNF7A_iCfqFS3-mhbxAk
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 19 May 2022 08:44:36 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 64DC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDoscW04Rkml8bwyEA1aD1k&google_cver=1

43 B
1020 B

80ms
57ms

Image
image/gif

37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDoscW04Rkml8bwyEA1aD1k&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2M4wEQh7-_nwMY8K6myQEwAQ&v=APEucNXAW6-24zIl8QQuRwhL9RqJSd--Aa4KbyH6ZMMxgy53kgQKb0jDHNyKXIVyQHDGRdcI9r7aGehvkuSlT94GfRvHy4sgKk_IXZw7r0WQYtBMdZBdnqrt8vIQeecslzbnYAt2dJjyN9Z8e93893RGg0jjKRXlFxeeNF7A_iCfqFS3-mhbxAk

Protocol

HTTP/1.1

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
X-Proxy-Origin: 217.138.196.105; 217.138.196.105; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: b7aea0cf-fbb8-4bbd-a6a6-0f52639ec61f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDoscW04Rkml8bwyEA1aD1k&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 64DC
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D

170 B
188 B

51ms
51ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
X-Proxy-Origin: 217.138.196.105; 217.138.196.105; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: ccd3ce8f-e364-4387-93ef-3dc852ae0900
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame EADF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1

43 B
892 B

66ms
54ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCj-8KCAhjhuenKATAB&v=APEucNWCbxiUQqMCPq2XvDlHG6DNvqLT6F-UtS-03JEsOjuazkdWuaKpE5_Mlu7nDUDiZ7otc2YPjjsHsVAm8uosKzl1soaokvZE2EIDQbmG9mEkXmvnoOZU8zL2dZiXkz7SqnFsxeRGu3W0nSqQnz2WHULt3YagWuEl0ngxEXTBNo97xhauxb4
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 19 May 2022 08:44:36 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame EADF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YoYDc5Iw7O0z-PH3ey.YOQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1&google_hm=2

43 B
892 B

54ms
53ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCj-8KCAhjhuenKATAB&v=APEucNWCbxiUQqMCPq2XvDlHG6DNvqLT6F-UtS-03JEsOjuazkdWuaKpE5_Mlu7nDUDiZ7otc2YPjjsHsVAm8uosKzl1soaokvZE2EIDQbmG9mEkXmvnoOZU8zL2dZiXkz7SqnFsxeRGu3W0nSqQnz2WHULt3YagWuEl0ngxEXTBNo97xhauxb4
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 19 May 2022 08:44:36 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame EADF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDoscW04Rkml8bwyEA1aD1k&google_cver=1

43 B
1020 B

43ms
43ms

Image
image/gif

37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDoscW04Rkml8bwyEA1aD1k&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCj-8KCAhjhuenKATAB&v=APEucNWCbxiUQqMCPq2XvDlHG6DNvqLT6F-UtS-03JEsOjuazkdWuaKpE5_Mlu7nDUDiZ7otc2YPjjsHsVAm8uosKzl1soaokvZE2EIDQbmG9mEkXmvnoOZU8zL2dZiXkz7SqnFsxeRGu3W0nSqQnz2WHULt3YagWuEl0ngxEXTBNo97xhauxb4

Protocol

HTTP/1.1

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
X-Proxy-Origin: 217.138.196.105; 217.138.196.105; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: fbd2a619-1daa-4061-90c8-a4fe67cdebfe
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDoscW04Rkml8bwyEA1aD1k&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EADF
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D

170 B
188 B

51ms
51ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
X-Proxy-Origin: 217.138.196.105; 217.138.196.105; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 461ad850-c9bf-41f9-8a08-445f7a3505d9
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2ECD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1

43 B
892 B

72ms
54ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2M4wEQh7-_nwMY8K6myQEwAQ&v=APEucNUNY3jjsyOWbGvYZN3gV_nAuDQnEpkVtAMt7pdY6Kh1eTeMJu_vsRGTB24Vi64tdijh8_qXDgd3aoO6TmISIT7lrUX-mmMpAkvheuQs2XIsGtHYnogF43w-B3UjVxJgmg2DXTrEmwpyiptubQrYAk54G5KDaRirmLK278SuAfTajGIAdGA
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 19 May 2022 08:44:36 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2ECD
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YoYDc5Iw7O0z-PH3ey.YOQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1&google_hm=2

43 B
892 B

53ms
53ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2M4wEQh7-_nwMY8K6myQEwAQ&v=APEucNUNY3jjsyOWbGvYZN3gV_nAuDQnEpkVtAMt7pdY6Kh1eTeMJu_vsRGTB24Vi64tdijh8_qXDgd3aoO6TmISIT7lrUX-mmMpAkvheuQs2XIsGtHYnogF43w-B3UjVxJgmg2DXTrEmwpyiptubQrYAk54G5KDaRirmLK278SuAfTajGIAdGA
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 19 May 2022 08:44:36 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwIjqi5JGmv1SOO7Kd28kk&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 2ECD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDoscW04Rkml8bwyEA1aD1k&google_cver=1

43 B
1020 B

138ms
104ms

Image
image/gif

37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDoscW04Rkml8bwyEA1aD1k&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ2M4wEQh7-_nwMY8K6myQEwAQ&v=APEucNUNY3jjsyOWbGvYZN3gV_nAuDQnEpkVtAMt7pdY6Kh1eTeMJu_vsRGTB24Vi64tdijh8_qXDgd3aoO6TmISIT7lrUX-mmMpAkvheuQs2XIsGtHYnogF43w-B3UjVxJgmg2DXTrEmwpyiptubQrYAk54G5KDaRirmLK278SuAfTajGIAdGA

Protocol

HTTP/1.1

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
X-Proxy-Origin: 217.138.196.105; 217.138.196.105; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0a1898bc-bc26-49e4-865a-011e320646b4
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDoscW04Rkml8bwyEA1aD1k&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2ECD
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D

170 B
188 B

50ms
50ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
X-Proxy-Origin: 217.138.196.105; 217.138.196.105; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: fdb0db31-452a-45c6-b410-8f41fd71eae6
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjEyNDc2MTYyMzY2NDg1NDYyMA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 orlando_ny_image3_300x250.jpg
s0.2mdn.net/11581991/1649936156235/images/ Frame 0BA9 52 KB
52 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/11581991/1649936156235/images/orlando_ny_image3_300x250.jpg?1649246051547

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4712dc32650c53d35a9d9b6e7502c6ee32f834edab73b0499c68f59c67e317d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/11581991/1649936156235/310403289_AerLingus_TA_Manchester_OrlandoNY_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:46:29 GMT
x-content-type-options: nosniff
age: 75487
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53540
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 11:35:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 11:46:29 GMT

GET
H3 200 html_obb_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 6024 169 KB
59 KB 126ms
44ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_obb_rendering_lib_200_276.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd2056d3c5a5f9a087647154dc26dbed362a61b733a6cbc8d9e5330b4f4d4284

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Origin: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 08:56:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85697
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60459
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 08:56:19 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/elements/html/ Frame 6024 8 KB
3 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BcGZFkCD-6jZcWYvMzLo6ePKL4aYtF24QkJfl6_HUa4s7EoODNutYKrGlD9zsKV39RCLc8bUqU5nJ7VjVsNieEsyvAPThHh6gKXTH4lKD6Xps7sXYzrnK3vhquT7UqaQ7jYkHl90B9Vm6cgmV9BULenykVWQ&dbm_d=AKAmf-A3ZZ2tvx8nh3F5QdBBZuoEd3EiDUKYJT5lihAXikd8EkqziTlbCg4HR9Fp0kiHxV1xzhd2YcAVhcK-rRfCNXXCAGE7dVIw3DC8ApM6uK2GgufOqBxQrGLX4IiVOmzLCiY1tH4fxHqycFZ962xNEKEMHBijFEEhAJrnYrpetmGwQdrkgLeURrbFt_YAbl3oSaec_nFa_PbzQoat_GPO3hoKylJecwcStKLnlulspnizwqvdmcGerC6Zy2v37_--NEobKxSRIX5DwHK73nJroRbXcR9uvJmM09ksm_MAwGW5zFW1TZICE5dMZsL3Mo_If5puGpi8sctDtCYeKzjh9CA92Q5wsch9DaAp8LorGSSx2LAyp96Z3wYVVNQuDE5p2kQMRBmphkCcotyA00MqGu6CidqcDKTwSL1ebfHcPQrrYcedZMG5dSlKebEpvdM-7mKCUzEtQMg_nLWS0pwE3e011oE_nKpVcahMBg7Q2H7VoJ3uYI1v7pArzrI4Vs3TpLCSRgc3Wed14xl3RoBUrEpfVozMRZZ0T6bm1n8_JqZ3k9N9YIehqntcpAyzx-sZPrLFAocJlNbYEIyYUO31RVnaPsZesDH-Naip-pycaRpKRw4NxdrIYit_UqUdtFqBThKsIx_kI-Mp6iR4tIRDWDLQzIskWsMUdtKH3anwY9Zp4yFJuuwMRE_DdAwBl5iAS6BWlHMo5NJc3jGQvN7SukCAJJFpKnYg2wcpP4km74P--Mx-XQ3fIkosVJArWwr-mcDg3rbyvwL80emamuArXoML5_2dEEaeWLIIAFVx1fKe7xL_VB5ga3ER89NuX-gJOq29cMhtGlamtACfFY8qYm7oMt9FNxgYom0pCmBSPsVGHVFYbouxIS6Z6iC1O_D7bJBMY9zz2YvAHEUxbGDadjmyxXYZHorLl1sIAZNuSsRXB6wvkSiww2BfEF_PjIpfM3BLw5-yt6cioo5GCImhfbqD_nL56jDb4qslI5yLmYq6ilYk1osrDNisofa7lifvXiE1chYED4JU-iIPWvDaYAB_goCT_k0NWxyThExSWbODCTx32f2e8e68C6nuQNBDhFzfPAX7SGLDKrvC2cyRDishZoSVje-Wum8eSsbT-UaDGpLzby4CK29eJHFisTyBY_qjPJdOEfBHcXN0sPEUo1oFEonHnRyKKaFf_rhlaQh-ffNBIs2un7fm19QdldVBUnEcMhv0IAHI0o5zaKvsQcN4gi_jWAXBXd4dF7PT7ye4Mo3aZdG11qLoRpdORWui0qou-VJZ1FAaft4rRmgHMqT2cw01go6DeEMWZkxUxbEqkTpRqm02_ZEO_1meNdXTo8lUi0xXaHu6en9oq1aIp8E4lfghOTgRhSGEkRyYK1CkrwZK-uvi2Qz74f-LkU6C_CaXTSz08DIrEGtgokcJSXsjwXaLNcEwtgLLIN7SyVIjhemM8tmQFN3WOTmPTCUWkn9vMbNSM2jnFc0R7DV4CmoVcrBsybxIDJhMqrt_QXxQvCvH769vClTLnHhFAGRl_16ALTiIsTnz0c1NYhAhAUoByLN-zKuJGkSbedFatu5cuOh8KLCS6i8BQX6Iix2qVtN5f1Yb58hBDEc0Kip55Et6VDunLPlkEsTj9Tqj2DeOm95WYpuVkjEkKQzHeJE3jL9oczUaDvwNOrjMYxOWrsQrkMTowyYzp3fRaZrbYe89SZkQ2cpQIdYtgNPcQ3iXzq505YxVdhJFJjNSms9bXwywql-UZfdbfD_XNLEHD0diJYK04kXLqJTD7Jeq1yEWg8Kz5gfm88ETetvrHkIH-M_2V29v8jORfuznoA6u90MweKkNB2ZBN-ArF2pqQw7HvgY8mvd_eaO_U_27oGkjvC8CQOqYr-knhHn6bARAQf6-h_00caYsnaKS9fB_thy7OZ2G6DY_oHv0l9Qni9DUuLmtvcKBP08ts52fnVLByl4csI_5TVdbGZxkxWA6UAvvJ31wlNqaJSqNSnnLhxv9KZNCg1s3gervVDVAOsGd0nKZIuver4p8_SriuLHLMMawRiOTL5wTuVUAiwRXgKNar_NuNFl10ASk5I7CEY7Gwz4DOk6mgt44wMjcuc4eh6Z1Ey08r2b3ncyjs7IJQ2W0J8Amo0ER2SoHMUncmlYIcPDX3tn0NkKwrUY6h1qzGBCBbXVM-GHKNPKjgz3fg8k05dZ3cRC4HTJ4_Xi5ehS2QGMkQgFPX8ZZzJCNCaRmcREPJRbgYLiXmAbvvCwVIFSLibaBUK8X7dVdv-o2E_hE4RihnomMBWbOjVZSPbLunmW-t46d5h1bSFfm8IIde7q2Uq1mnF_vsyDgcnC1np3a4b9wBltID5ybSXGvjR5EbllfP28r2xPdfLRkLR5D4FEqdng3VfDgS0rbVmEhk7sm9qUBFit-rImO0smUSQU8uni2hWCkaF3u-j6FUd7xaUISoG1R1sMoRIMq_Bu47VHxjCMdvm9Ts_gXA-cT5yOH4potGn3RKHw1FvAbgFMC_hJkkvhbCaj2jll3VK3iPgDDjPC4JQJcCv32ib3Ca5uYcFb5R8tlaS3YCsGQM20q27r550HMAf-5qF0wg8-qKhlts5u-bek7GufUKLXjn05KS_zDLX_Nc57o9mWG-dcyG4U-K56ruqSS7UHSLqsLTjsX6JFhz1De1qWdiz2m_JVHwo1vCoRPmAY6ff_N602UZT1aeMAgCG1hRWGLIjx070OEVY3dXo4_onRG73qimeqrDicu1obILQp4-Fnghgtkavvd8sk8ev5Aqc9u_a-imi4N0sPU2L6dYbBhER1xdO11JYQAX-CR1_pdGX-Zgi9z5mgU6olIUJutET0R5AXVq1PknLe4yqief5q-H6hxI6JzAvfEwDZUs0_wOudsDmwZiin1j3FD6fBXYBLMEhRNFPi_bYAADP-BbEIFe7ndJLkaRgYmiH4R8L11vjMKSI6ZLpVokt9iKeMP63BK5oXtdnyEL8C35YGLrQHrgt6yu9fYTNrhv1UGigz4-msnd3nPfJCTlCyODuwh583q8LxJGn1yw3vBqJoRbglQ0GhqQr691_Mke9njba3BfXwVf0pLwO1wcs7ALlRkPFUxMj2MqvEul1EX0PZshBqHUxiSSfbc2hcNghqCwsCWesuOy8rpCOXc82VlleX_85BwaIZ6A1DpENRsCohxFA3mJixwcGTWM0YG67KTU2uRXeevRlhYv0Y0lFaurdwYvl51hmPH3tcLDmSgAX4iWSATWJEeXncWmF7KsHKI7IYGSeHKquzb_fzk2eUDhMqjjCryU1Ywk9KB8cSc4Zjn4t3ppwA2DlSmiJ6bOMmaAsySq5J8kNQJjNd3orX0XFDDJBkovwi6id25Kd42WE-p86RA5zkCeIrZOgSeqQzIkOQZtZEe9w1oqKlfI5cjo7jMDo0SVGcltTXHtKRnnOdl7KSUHf49mQlT0F1Z3iYy9ruhFsNl9bFE3uaGPzedy2cKfv7_uhaPyEWAVtxqluHWAljV2p0iOgtJbvq4o4WF958ouvuuWWK1DJoLlLWqn8HZ-VroFF54kNZbuOHH2X5tgNpSEHSG6XMJT_6BhcH1R-LuHp2KtTHnxodl3ZlO6qBcrBvH5D9iKgn7LfzprLZBL41Oxk3OkbfJNmLsgKTI72YiBnz8O_NL_oWecbJvREbMrPU9UVhbWsWH6_xWyTVq0wfft38yohW0y8LA6tb1xk1SicrR1z6TDNopVSjn1kUdu9tn5qEPvt11wOom6nJ0_ypO-RANxE1GM46MhKDAjYiW8j31fz3HJ-fyAO6rrdvZ0Qyge-tJfqvQni-s2hTn_82UhglR5dyo4v0xzzqncqxh&cid=CAASJeRoRKUFc9OfjHXl64cuEzVnQfNDncn2XpFTYoffPf8Zs3NMg_Y&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:41:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 189
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:41:27 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/ Frame 6024 27 KB
10 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

562a8a15e1881723d0fa7826cbaf1ca561428ab33b7ef214b6894449e9a76a34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10462
x-xss-protection: 0
server: cafe
etag: 108952690031844284
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:42:44 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2F78 43 B
216 B 247ms
178ms Image
image/gif 52.11.84.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1019383&asId=728c4d7a-4233-30fb-95e4-923cb0857c83&tv=%7Bc:d32Bm3,pingTime:-10,time:632,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85OS4wLjQ4NDQuNTEgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1652949876075%7C%7Cc711e0cec9b63fb29638dca4f6a09535%7C%7C6b9a00393fb1607b0ada13520f814ab5%7C%7C024337f22a5e909663a7cfd292a96624%7C%7C8fe1350c0c18fb35ae4dacd1f086f704%7C%7Cc8399fe161c7bce321d4b358d3d4fbab%7C%7Cbf9a2e594578f3c52f6c46fbdbf5541b%7C%7C84b8a651f37e50d9ebf0ff1ce8523997%7C%7C1629390669%7D
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.84.32 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-84-32.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 html_obb_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 91C1 169 KB
59 KB 100ms
42ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_obb_rendering_lib_200_276.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd2056d3c5a5f9a087647154dc26dbed362a61b733a6cbc8d9e5330b4f4d4284

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Origin: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 08:56:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85697
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60459
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 08:56:19 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/elements/html/ Frame 91C1 8 KB
3 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DkPIyUZtkWFd-0Gq1sARm1wiN6QZVDEuuqA5YyuCZiMclW4wBrEFyXeoDPECnbZrxh2kygynfi0tAz8QN5wSHNTZkwd4VCdARqhXcAtaVGQ4XJmF68ua3ime6FLfoQGEWvD0lA9HB4G1NrAj5azuQ9qg5wPQ&dbm_d=AKAmf-CHD8anUkc3RIZhJe-SyOghID67XH6ov_xgmaLEj0X2Cb6rBf9tuUxp_wu8oZr3LBCdccZF5v4ydrXC7R2vXnV9GS0x1LT-LM9Hk_zilIWyk6Vp4E9678vwTGR7tWG9LAzOXRVA-C5gSmt-bwPfqkcFWkGt5Ei1npXDFdRtpBYdugk7I-EGcRlsWvlcMv_qaoMB0ibVVhuy7KleDM8pZnqiVSmlY3ggoUr-nSWoXlziYcKi52r51lUmF0f-1tJxBLsQn7E11s8n8F34D5ZpDFIWy9w65IeY_PI5XDLArtpyPfmevCTQdPmiwAVc7-Q3mLn_nI5_xtppfXxrISI5P5lF1DRc0uBY_FIfDvYRP0KpeSuuG8HH6kxo861fiC-2n2UyRE-RhdM-IfekKXE9pX8S0XznBc3ZxQ8WvEtW5fOwMxbNsq7c6dgc-Dmhr3_xoTvv3MLeJqyYSbnkMjxPDODiJMB3Ulw5nohQ0P1J4rJeCXNHrEsAfMxEMZh88vOq9LTfFEqXO4FIOtkLOyIa0kEN0VauS-3dcnBC1nDW5aAeN95EkXW19YcQuevuRISVdJ2thMuEL1sLZvGsbRTV3oBqALaYpfQTJUTQqDHOMI4XwyBqO716DZatiLWS0H3CaxsR5aMpvoZHfcvvw4oTgHSQBTys3KdUdxtyVclS-PZfyJLOPIqLWriVGiowVe5kqbSLFjDJyCm0IOZYYUlxancxuu4MLEKmyzDpy790iFkymnUC0zfpelg0AcdAJdDS0oWPRlnefbjlgl5wVqayTceBblkMxQuFgc7pKk_CM6FGqLC5ghwupjODbJaSejAvNe_6doKOKKez2Vch__u3IJi6tbfixvga14r8zW5_6ic5uvYl7K-0_pPPQ7IrNmW7yHhBkbo-zuI4RcSp6kod-CjgBTP9HL2aQCddUzRLemEq7N4PPuil390Y56zpQ5tctKnjysVYZ7b0OxHXvYgG7Uf7kcewi3ihcLQdLPHBwevEWmmMLwhRquvlD1amZQVO4ZCOryehZt04jS1otKOptBQKrnkUPXlepbLjHf8xPWDPs-O0eYR5cXF4_Xtk-og5X3WPgGezd-yAEooJhlZHuDRz4cAEmcH14oK4N85zqMnNwg4rRaI4oZ_ZFAsOtWmFAHTxKHXtpMo8t7JGhQblBvAkZMMXmhGjbkGJbQOaBRs741YvBPiapHokkiLkrNVNuziL_i5CqOt6wxxj-kaAwR_IIJbBGVKy0wRZ4LJFQPeYLBqkXNXCmGdSivfatGjbAISe5VIrCqDJvefG6ZAeGWd4wMmGOhCRwESpKldH0wsB6HpZE7Hc4QigkR9L4ArmYm03M4SY0awrPlg9eZi5_4Bvb_eN1WgudKMtE9Akdz09jv9di4Mw8t3frEHsv76mr9Avmxu1BmXpAZ7Fm8zszKtOpbs7MQ9bFoEguBtvkB72iVmXdp5J_hpA6bUGIgVIHXJ56_DnVWL7jfBhhdVHYrXIZdWPFdtepQbv7J34aXv9POurUY_yZxIKd5ZhvdhRhdtdjVk0tIOJfgKaVuQFrezSAjWtoa0myItTOZLo7awkTagXa1PQClIjuq2vucbi505nSvkBLrhMUM6n-ytoOZXbg21p0kmZQ1m96-bVLTx_FZ5V-obYurAl_F9MRbWC25hBz61OLSEAXy2grQfv8VxzCtaKM6A2sU6lHil7J6gF4IpjRrq1C18LTMmqO1DfPGxf34g1-7RDvQJOnWn_RRukd35lzWb7vkgG6jhGDUReVKNeBggX0_8qwqK8p7NVVbrCEZ9z6PS768COCQtp_9bs0-pImWV646VRKbWA7Pj1doQRG0nUdK-BlBOgQCZxI75sBWFQLY5VvRuKVM_cqUKNpK6l9sYvgfjl_UU7ChFD5cvHE0KsxrynGK0sMHJ5hKILfLIDdXExkfoSbkS4LgNv98ByNHu2EwcEuZYt2WVo1BgbcyG39K92bHKKLry6Y_lKFws5UGF3YKumdDCGTjQVBTdX5-fYvamb9qTXDuuRDblLH_EPMdPFpxouoVBsRmHWw2x9GHouBRvIU-0ojGZsg7036FM4e8OZFGJSVuxKhuxBYlebgfoG78LRBYkoadvyhOsUrMMkCa_tnkhs7jLkx-BI7enCn3Txx7C7lkRlBqa3-rRwOMpXIfBb_GfVrpJ9Co-cVeXfeearFY_SILgqisy8pEFsmppb6z5uxTS7FxYJT7L9OMH7E_p3ELLmMgt5-Alnbifjvk3O0e8eBfyU0GMpcjwWs_9p2LDbMjm6YOjI6ydgH2uNGCv8e-JjeuesLgO5_00UwaGl44asnpONzpqdl0Ee3jEfW4mfuHyPuO1mD8fVjUk-92pcWj9zK7-5ThgV6l6P7-IPVyUa2FuZG4axjtUsEzbMEtAZ5zPjMn274zwGyw7ACjLXp_Juskh-RE3FiprWFQ57OtZhBMk_GnYmIbJT8giglCG9FKbFz-Qc9oZAEkVi1dN2HIFsUF1rMCfuI5YsZVo4qzhgiDVJXXm4k-2cOu-cvufPFMhFYsMstrRQ6p8_Drav-KnGZVKK80w5P5WD7IGlBtnUcfxB2WYWt_EOxHwJ0epst314_x23-3Y612vh-7aEs7ntjo5V41xzeX6aU9pMwaC1fcv_FzWHt-ZeJahGbF620PL69GqxxxBqSFvJevZzIiqk4rShCjmhdxFvYeBB3buij8FqgJZKsuOXuCG_FwQ2iGWGMfx3lZyHAcZC-RsoVY86kwmEDItFrt5jchXr0ym1SE82EZwuc6JUMNalDm6JPF7x9dEMbE8QkPBtmNDfIyIHsT4uCLyTyYe6x266Z8RLnxHMXN3GdDR21-qKzjDWuTN5nspJ6HdkMCkJ7Xtxbzs_BEfuigl8NsnqmdluRxZ2VnRMdXKPKmZzarYkTPlHNwoxEYCSE20PFH97PnXMe510TqXZ8k1WfTRyXtfatyt_U-bi3nprDlQHEml0AWY4HE-q1EoEGSnC9i9_--YLB_fz1aEUuvrvDc2qXJTPMCs4Ao9sZK2aSNmPdDuxGpr5TCthyqP1X1rCcsGe5XdR6Sj2Og1v769Ml6XLJuoxWtnh6y5oAVO7U2tcZX2HlMEHExSo1sZnAm5FFpXRu8fwh63Mc0obT8g3wPWku0IvqDvwS4-WbEqh_0PlTgsCwQumEByNsYMTH1wyFCEYnQ5-DwwT_WIztfyy-IlO9TMxNQHnFqmGXndHzQ7pWj_8rGnQBOE7cbdwAuFZpYK-4stdwne3gxmhImhSusLzjF2AcvJIdhrjshdT_4GEifzkoOz8k01TB9GO6XEH-jEocTUXfvQYsuek2Qvk4U8AArnhbNBlPM7ywz9YeMFZOOMQdE-Sf1vrj6IfomVaR3ixmE-CTrr16mIe1EXdC0AmDMBcNgRaoeE5M2Wm--0VECBuag8f4ZLgC4blWsva9uizXXzczLK9qf0bVbECksmx4iA-o0pmDcGfytu3PxZJTxD80GN-HUdzqD6LAsqeUT9k34r8Xy46imDGHPHYx42oyL8dGKTEbQyya30H58us5MnfuPrl3F5F7hhGx3OAOvSLTu52wppfwOyIqzEfm5eKtB7cWBi9OJ3SCD2vBnywTWkceK0KqmIMQaRbH-rhHx7degTvMf619DB1Lz8iSS9I1yLGyGCiKENhTBSuIrE1jNED1rTv_KBQ57s74CtVikWfghjPXSWU6ol5oJuMyanHF5jtTqpMFvSHw1m9ArfJPLvMn8lckbdQyzwcNaAdBaFem24iIn2iTL5vAez2GbFe_h7qlkO-EtkbOlcPU7CIF8G99BUKk5C8NFgJQzzxfS3WmCSXLWH0gLEaCyy4&cid=CAASJeRo8HxUgqMRZr0EpqdZMyzP51nGfhAcv5uToyt6gBX9p_BkliU&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:41:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 189
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:41:27 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/ Frame 91C1 27 KB
10 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

562a8a15e1881723d0fa7826cbaf1ca561428ab33b7ef214b6894449e9a76a34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10462
x-xss-protection: 0
server: cafe
etag: 108952690031844284
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:42:44 GMT

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 3F41 170 KB
59 KB 113ms
61ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Origin: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 02:50:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21223
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 20 May 2022 02:50:53 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/elements/html/ Frame 3F41 8 KB
3 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AE8hGkR_TvhM97wrpozD0JR77kMs1lx6-LfDah8Kr2-Ie9FVAH9Glks4bAmvGzDe7rHE2L0p1PtX8J-fbS5mGVsRuJqNIg0PNR-jKijdsb5_fioZPpCRr5_PFaImrQXJCuba2b3CChLSPkrwW2xT3ClPTzOg&dbm_d=AKAmf-BLzoXjWx2DYS0UoyiGQl2Axf2DxaDdU-1u6yJmwXTU5I8injFmsq6ap44xUDJ6PIkCtrhK97xgWCYU0hsFDCb6IYRk_VqLR07n9M1HhVgV4okh_G_EdmoDUkqMk5UcXKnc1NT34SUYJssUgvJk23JtOtiXcjkQtOAo-JI1If0oycNX4I8xvCYHoGHapdr4dAruppCRtdNgphng2EDu6Y5U9r49PROsfGfbHyaM3_VFF8nlJS-oWdW32pht6cktdYpZ5fwxsKmaSsMikxXJjJdYqxMgmpt8eRM631en_eJm28_ma5FKYvNTJjNwvLJEkYXv8fdobMyOYoB9XMhvuuaVzVjMvfPpM15baflUUQjaxnEE41-OwL9sVGzTuGXbEXouYs6jOXlPVWbzgFnLLONp9tqg_XsOaMX4PRuD-kTlhXFPQCDlzrshW0IB8guYSl9nQj0wyt_OKA7ld-pOHPwYUY2bFOdtXQxJX7q6Q321M1m3ae_gVJRN3mjD35Whk9nU2VBcXnadesPEzolCNMCvylHEQARsvQ-x1C_KGz5rKbGlWSggK8f5vY3E8HpS3fl3_jSuIjxH__1OvUYEM2fIfwMUF7mqomixJvGCM-czvhbWNTKCcmVLOLiqFeCfnMwoi4_WH1As1yb8auIo2ljNcaTZFC1By8pB9z0wlvc5ouD9z055PQtah6mteAjKFV7QWNeWerxqxTKMsXwccrV6XhHPSUGGru4bzOul2e5FgJdzHU6nlkgpQ9LAnyKJCj-GbSzSlh6x04eoDqgiAzE-qpZn6YjXcMSM44SMyY45gIbAJ2WLAMkW3mBEouK8LXFlapgKh3-vxhycYSYe_VwFiDd85UfiO9qAKmC-YG0ol5Sh5BjJQzWcy-gcin33R9DtCJIRqBkC1HusGE_nGaP1U3drrhTj4wS2ufiXxB0c7lkWJXUdMhjx6XFHb5gyqKYSugi-tDg8AwCCqdor5cBpJRX0GL5bGMrIoOIYX9VaiZjLWBqoL-OAO5SJhhS2apMDgcBw1VmvW-Nmwgrh7xr_IIXCMaGCloW8zii5MZTk-zuFCySmprvHc1-1pwfgipljLgxw803sZSxmKBNkNL0OVOUsch6qHY6F9pcjnZ9dxJSIzbzvXPYMA1LeypbJy_gnspeQgDlyZ76PQ9NQFMMOI1sY2d_URcj-cEBTS2HhSHF8nRYZhnlLvXLFNUNjS14vmvkMnFZpv_X3gYzHfgn-tRcQXsFSr63w1L2RRsG4rVwZu-3Vh2HmU3QgI3C__Ro8PT0WoVlaDh3KVhQGJHO8QV2hcsXSkM5V_CwherMNv0D-dZ3m_PaZfVCZ_0F2V_QVtOJy_kLMhIzAlSENdfgnI3bKAJJwvODJ_O8PfMLB6ZOfTzibTlhI7Gg-U3C1jlRnf5cTBx1qA7RlXRZp5SvYMOdVoNXQVhOX3ANHE5JesVUB5zPR8JtritNj6Fd8XKh5_ODgo5SE6OgKvBy4E5DQiPYopnQUcRue4zpvUez9qaurszB1rI3IoWFucKCN1giXAZ-E-B_O30Gk9nlQ8QtV8ax6D3QYBRcR3m16y5K2eskS5J8Ao4quEOlUPzSb_MIo8B1EkIT9H2dIUikttdOmQlRWjw_JeUjc8AhoPFHl0f7eTnjWSRJspKeW0bTeNpcIPcLETqVLyG2NarXphZ_m5r22fEkh7lcazEwJDwTtarrk0vImK3ID-ATcz2rkqTStqkBLBlLWj1zPRMo5BjahcmH3r7eDjXZOp4ysfUcTomBk8sgwY7Eu4hgW3wSdiqxj91P1f6IgmPu9OeLT7mG7eGTvj7CEHD-xlEv_ny5r9ukd2IWsdh0El34lxOgw8MB-T0o50JBg1B7YOva6oR2mQdcapRF1dIi24ht682p5Vmkr72fzSXL6q9ASlUD1PaOOvRNzTIlKLtg9LUacGTeaQ5BVEOMaB2_WH54Q64kumDOzUOUPD8RhkxKpnNMejIxcERL989qGn48zcHM3-Htz3HGTq2kaYJBq2LtfRZmA64DK7vVJp_fPQDex7TOYVpeZzAn2LyaN3dciDSwIgAbiqGYrJMuZOw2IuSDfcBWk1hzDKMXlPQ9nB8hNSx00TQdFfIdNrrp3ftkptX2eP_NXJRE_I63UyBpBSn7waUBdYWqlYyHU2kHXj7HgetjlVsj9xI9tmYNP8I-cjVoqI-3nSOHz36SyUuyxjqkq0pBIXyN2hL6ysAJ05rmoUFQ-sDE7rTv7PT0TCr3eN9C0ZSQ3K1invsx7YFX7lvZB3W8VBnVvGILkquOp_1dMoybYHiiUqqvGMnYbS3shGJjXewIB70ndQYYy8CjwFF21Pua2be91PI22ARx9PCWvtKp_7MzbMcvmNND51qZ_YlgioNEo5G-tBlpSumQlTDo8RM2Hao9VJrCprBWyf6yqtKvZApBSbr9MtPJZDZd3sKiWccLxdACMAqm0L9HXw-PWWDTWVj8r2qF5yU45OA-juhoBAvMzmDo-sXz9CYiSd6maEk7SvFe5T5UL4xJT-I4kdVWWjTPwIkGTOzPYoDebl6wV8ELYT_xmsPNfPGCg25mqBHwTUBh-wIj28TBET152VeWboCGIUfIvqwGpanFxVSAObMKB2dS9b-CVy50G-MT4__ge8qUeNOstiYOuJiLJPSY2AVtTe7-gCiT_zbSIVeN4QcR_HSMA-HUsKOtanmjHkyB7DmF3nQusK-1SV6uTSX5lkW41J3Z9oDlrwefiLVmedRB2GECRu6V07zuIWaHLK05VOvypYctbR6kmsUHzttUZLEYi4zvAYiyPRaYGpI3IqhEle2U4NhTLDQyl-qG8ahZyaLPZY3sJM2N3WohljFrSVLf3jU_eiN-4M63l-hQ1RQcPmsw9r7vo6VC3COb2v38NPZcrR6_jN7XFOtZtKBj61ReXq3eastDSxYNT0s8ELdxo2Pbhf2B2dt1cqMfm0zF8H87CniWX2KfyXxjdwx8Cglc4Ww4dcdeNPcfkiv_Ncil9gbOrGRdv90eE1Z5ELVw8m6ARm7Xdb9LO_UHm1ne7OvVyaSbpO4vu9iVRK1AfUlKQ-Dvyy36K4Rggj8Rw3-4FPrwjFQldfB-xHjZy17jhNWvKUr4aZxzc0jPihscnL9yec-KJta3DAsvnKA-Z1OclLsK0pLjURhOsbXggn9FH2BRUZQREUfNPdzCINjejjYDituWAdqLIn7liVzT36RAd3mk8qCyEBHwMdhpWSnzTuS-qnC69LuwgZfApCyvgjYhieKWXg9s1rSgheNukvDvYMbxmBA2f-CEE7T_qWm73fLNSgqfERIB5h9scGgS7w_nGk3XH_zKf3vkshUtAMe6aC5zsZ8eSdXmzLzsL3w99iUC8fkHz1Y3Ybz85DGXhlWIsI_ZPANTTI3g0FZwCk3oxhAlyiBlQ4UHyBIFB1pmjBetQEv7dEYl2fjZ37J1tn2sCqyaR66SEc4r_xuUSf43rRhA2VIZILiaSfgpiSZwWTVlPE72jknO-4CNi9S9CnNCo7r0LrcRieWXgu1SjhdERJ_CtzIxCn26dVgDOzfZCyfAS19Xv2rjzyemG2jCqX8V2xeMlPnMBqxSI485zhcq3yX_KNkk5GmqVKVTkveZH8BNs0EqXj-HdTPlgprbLtC-udkuC&cid=CAASJeRosRsS53ONYaYmlyIF4XLdw4ju9SC0QLBJt0ED7HTe6A9wEUU&rfl=1%2Chttps%253A%252F%252Fvsim.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:41:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 189
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:41:27 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/ Frame 3F41 27 KB
10 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

562a8a15e1881723d0fa7826cbaf1ca561428ab33b7ef214b6894449e9a76a34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10462
x-xss-protection: 0
server: cafe
etag: 108952690031844284
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 08:42:44 GMT

GET
H3 200 plane_300x250.jpg
s0.2mdn.net/11581991/1649936156235/images/ Frame 0BA9 32 KB
32 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/11581991/1649936156235/images/plane_300x250.jpg?1649246051547

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5922146b2e06c28e1e0d74320e45416f67d6367dfe9871344ae0b0cfa7af3ec5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/11581991/1649936156235/310403289_AerLingus_TA_Manchester_OrlandoNY_300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:46:29 GMT
x-content-type-options: nosniff
age: 75487
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32846
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 11:35:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 11:46:29 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6024 41 KB
15 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 07:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3428
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 May 2023 07:47:28 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6696 1 KB
749 B 41ms
40ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 69504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 13:26:12 GMT
etag: 48472445140208031
expires: Thu, 19 May 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 6024 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 08d6666758af18eced874d9bd0e8e02cba994d43afa9ed5c6f57ff165fa36e79

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 91C1 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 07:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3428
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 May 2023 07:47:28 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A833 1 KB
749 B 40ms
40ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 69504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 13:26:12 GMT
etag: 48472445140208031
expires: Thu, 19 May 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 91C1 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 54d90cc66e9a68dee4852224da6009bec7ebaae5b9525a725c35df30b18a812e

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3F41 41 KB
15 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 07:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3428
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 May 2023 07:47:28 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6D50 1 KB
749 B 41ms
41ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 69504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 13:26:12 GMT
etag: 48472445140208031
expires: Thu, 19 May 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3F41 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b062a3c1ac11d9923abd92b5eaa4d8fc510fe74793f3d58bf2fb863610d1124b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 50E9 22 KB
8 KB 41ms
40ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 3267
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 07:50:09 GMT
expires: Fri, 19 May 2023 07:50:09 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A048 22 KB
8 KB 41ms
41ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 3267
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 07:50:09 GMT
expires: Fri, 19 May 2023 07:50:09 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6696
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKnNd57JMJEZrSadJoaETtd8YNDysvHAwQjoaT...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WW9ZRGRBQUFCRWFSTmo5TQ&google_push=AYg5qPKnNd57JMJEZrSadJoaETtd8YNDysvHAwQjoaTA_krICe_vO1g6On1nWEmRKbfpBx7iUXJwQDAdB_PSbo555dJoWKHue8I4

170 B
188 B

51ms
51ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WW9ZRGRBQUFCRWFSTmo5TQ&google_push=AYg5qPKnNd57JMJEZrSadJoaETtd8YNDysvHAwQjoaTA_krICe_vO1g6On1nWEmRKbfpBx7iUXJwQDAdB_PSbo555dJoWKHue8I4

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WW9ZRGRBQUFCRWFSTmo5TQ&google_push=AYg5qPKnNd57JMJEZrSadJoaETtd8YNDysvHAwQjoaTA_krICe_vO1g6On1nWEmRKbfpBx7iUXJwQDAdB_PSbo555dJoWKHue8I4
Date: Thu, 19 May 2022 08:44:36 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6696
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPILlANI-15KTGJPO82XDxg1C7CCfxGUrffQSXacXbzgdh_qVLExtmrR0caNMNsF0A-duCNse7zv79JxnRNTzjYG6MlsFAqL&google_gid=CAESEJ1WaE-iAJp411bCPQU5Rss&goo...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCPSGmJQGEgUI6AcQAEIASnBnb29nbGVfcHVzaD1BWWc1cVBJTGxBTkktMTVLVEdKUE84MlhEeGcxQzdDQ2Z4R1VyZmZRU1hhY1hiemdkaF9xVkxFeHRtclIwY2FOTU5zRjBBLWR1Q05zZTd6djc5SnhuUk...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwdGpGWkNBN0hrcFZ5WHJRZHF5REVieDdrdkgxLW9HU3NaVUx4T3ktZUxaTQ==&google_push

170 B
188 B

50ms
50ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwdGpGWkNBN0hrcFZ5WHJRZHF5REVieDdrdkgxLW9HU3NaVUx4T3ktZUxaTQ==&google_push

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 19 May 2022 08:44:36 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwdGpGWkNBN0hrcFZ5WHJRZHF5REVieDdrdkgxLW9HU3NaVUx4T3ktZUxaTQ==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6696
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKaf4Z6...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKaf4Z6...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA1MTkwODQ0MzYwMDA3NjMxNDc2Mzk1MQ%3D%3D&google_push=AYg5qPKaf4Z6CMLjzgkS5ri5ei9Y85TXqscn0X9G9MCyptrTIrkhd6CNSLluNaymK31tO3...

170 B
188 B

51ms
51ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA1MTkwODQ0MzYwMDA3NjMxNDc2Mzk1MQ%3D%3D&google_push=AYg5qPKaf4Z6CMLjzgkS5ri5ei9Y85TXqscn0X9G9MCyptrTIrkhd6CNSLluNaymK31tO32YQHPaU8dSEHeD1bF1omskzi7L8PE62A

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA1MTkwODQ0MzYwMDA3NjMxNDc2Mzk1MQ%3D%3D&google_push=AYg5qPKaf4Z6CMLjzgkS5ri5ei9Y85TXqscn0X9G9MCyptrTIrkhd6CNSLluNaymK31tO32YQHPaU8dSEHeD1bF1omskzi7L8PE62A
pragma: no-cache
date: Thu, 19 May 2022 08:44:37 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Thu, 19 May 2022 08:44:37 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 6696 43 B
107 B 107ms
42ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEF-RyL4slNnGkJs3bTAtchQ&google_push=AYg5qPKQwKIuflE3OfpBfENzuUETJWm8mVSoyrNsm1hlFcXc6tWiu79yyD-WhKUcc6IGwujUBWfzuiLoIx3ATxccTHrmtnbFPtZxKg&google_cver=1
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6696
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=SZGwOTN2TlGRPy24IAFpSg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

51ms
51ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=SZGwOTN2TlGRPy24IAFpSg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJGisriE20g8gZ-OpW6xuPkE0_HD3Xe_oHU7_fp3tdETlaxUXaLkpi1DCizC-SPyUnXytpNr47W9tI7oeiJtDUuR_ypNOta6A

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=SZGwOTN2TlGRPy24IAFpSg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJGisriE20g8gZ-OpW6xuPkE0_HD3Xe_oHU7_fp3tdETlaxUXaLkpi1DCizC-SPyUnXytpNr47W9tI7oeiJtDUuR_ypNOta6A
date: Thu, 19 May 2022 08:44:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6696
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENf8oWa7s7RHSQVVZAYfqMU&google_cver=1&google_push=AYg5qPLK5fWJehzj9oSVoyEJiyO2jabPJ8wFdocUa02SXH4TaSXnKf2rRIY4nllaZ4gvT6wEODk...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNDUk9GQlgtMUItNUdZSQ==&google_push=AYg5qPLK5fWJehzj9oSVoyEJiyO2jabPJ8wFdocUa02SXH4TaSXnKf2rRIY4nllaZ4gvT6wEODkax7ywgw-L9O2YPEQfRYmBISla

170 B
188 B

52ms
52ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNDUk9GQlgtMUItNUdZSQ==&google_push=AYg5qPLK5fWJehzj9oSVoyEJiyO2jabPJ8wFdocUa02SXH4TaSXnKf2rRIY4nllaZ4gvT6wEODkax7ywgw-L9O2YPEQfRYmBISla

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNDUk9GQlgtMUItNUdZSQ==&google_push=AYg5qPLK5fWJehzj9oSVoyEJiyO2jabPJ8wFdocUa02SXH4TaSXnKf2rRIY4nllaZ4gvT6wEODkax7ywgw-L9O2YPEQfRYmBISla
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6696
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoYDc5Iw7O0z_PH3ey-YOQAAAR8AAAAB&google_cver=1&google_push=AYg5qPJIBcv6kraV8_ngf4yEcXrT1uFl_TsAzhtIb438ymHpRpCcDUrxfQiDuK_xbtoTwzn0a4oL...

170 B
188 B

52ms
51ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoYDc5Iw7O0z_PH3ey-YOQAAAR8AAAAB&google_cver=1&google_push=AYg5qPJIBcv6kraV8_ngf4yEcXrT1uFl_TsAzhtIb438ymHpRpCcDUrxfQiDuK_xbtoTwzn0a4oLQYo-8685zZ3J48BbiHxRqjw48w&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoYDc5Iw7O0z_PH3ey-YOQAAAR8AAAAB&google_cver=1&google_push=AYg5qPJIBcv6kraV8_ngf4yEcXrT1uFl_TsAzhtIb438ymHpRpCcDUrxfQiDuK_xbtoTwzn0a4oLQYo-8685zZ3J48BbiHxRqjw48w&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 462
Expires: Thu, 19 May 2022 08:44:36 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6696 0
12 B 48ms
48ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LN6hWVxA4y6eNyZjII5thnw1NT9qj--5FQzb8uKy27mGzgdqTXJQy6ONpViUEhgebbtzlj

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 50B8 22 KB
8 KB 41ms
40ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 3267
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 07:50:09 GMT
expires: Fri, 19 May 2023 07:50:09 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame A833 35 B
465 B 126ms
41ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELX_XRNafUQD1xsdPZujikY&google_cver=1&google_push=AYg5qPIkqUmJwrXSX8agXev9sTdfiLUv-HPD1VPpwxy73m607Dcr5rUpkUo1wi-t3sWpPDroWZ5_8HPSs3ErRcqZySpPcvy33NfsJQ

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame A833 43 B
107 B 105ms
43ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEF-RyL4slNnGkJs3bTAtchQ&google_push=AYg5qPIGjqE7YQkRN1XLa7WzYdPqBgokzwffuNCQ6oaHahAWCx2UBmlVZ1zDYfDrYOjnB7Yl_-5rQNTzeKhUmcWDZbC5ye5fpQaW0A&google_cver=1
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame A833 43 B
352 B 102ms
36ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEMowePlB6P_obs1U9DrSoUQ&google_cver=1&google_push=AYg5qPJTHTmCX1Szb1kW3VyBXrps2H69_1OoiQTz5aur05Vyd7P1ZzWvFm7KOb7OahYf1uEnarUr7ry1CUZKTcLrFZO0n16fqOziFw
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: btq3umc6vfcek6aa0nvg7v0ibfg0qnit

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A833
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=N0l8v9vjQxSWwA4hCb5Q6w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

58ms
58ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=N0l8v9vjQxSWwA4hCb5Q6w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLywly5_WABJKccPJ1LqoB2SIQJoHRdnkd5-XNix6l3tGDwrDhga4tFKSoOevknqFjf0bcw5RYIjrew-8QLHi_6vyKNXF3qxA

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=N0l8v9vjQxSWwA4hCb5Q6w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLywly5_WABJKccPJ1LqoB2SIQJoHRdnkd5-XNix6l3tGDwrDhga4tFKSoOevknqFjf0bcw5RYIjrew-8QLHi_6vyKNXF3qxA
date: Thu, 19 May 2022 08:44:36 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A833
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENf8oWa7s7RHSQVVZAYfqMU&google_cver=1&google_push=AYg5qPJ7ZNfOMCEorp-JTO5-JtlRFIDNh6np8jpd0KLLoEzvBBrH_O0DfQk70h8Z81i0rgcQiBN...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNDUk9GQlotQy1QT1E=&google_push=AYg5qPJ7ZNfOMCEorp-JTO5-JtlRFIDNh6np8jpd0KLLoEzvBBrH_O0DfQk70h8Z81i0rgcQiBN_FDGN37RBnPvpyJ_9FP48942KrA

170 B
188 B

73ms
73ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNDUk9GQlotQy1QT1E=&google_push=AYg5qPJ7ZNfOMCEorp-JTO5-JtlRFIDNh6np8jpd0KLLoEzvBBrH_O0DfQk70h8Z81i0rgcQiBN_FDGN37RBnPvpyJ_9FP48942KrA

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNDUk9GQlotQy1QT1E=&google_push=AYg5qPJ7ZNfOMCEorp-JTO5-JtlRFIDNh6np8jpd0KLLoEzvBBrH_O0DfQk70h8Z81i0rgcQiBN_FDGN37RBnPvpyJ_9FP48942KrA
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A833
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoYDc5Iw7O0z_PH3ey-YOQAAAR8AAAAB&google_cver=1&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw&google_push=AYg5qPIq7Zknq6VNImkX8s_yZuAIaJxPH85fe...

170 B
188 B

51ms
51ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoYDc5Iw7O0z_PH3ey-YOQAAAR8AAAAB&google_cver=1&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw&google_push=AYg5qPIq7Zknq6VNImkX8s_yZuAIaJxPH85fegmnMqEWq5o2B-d2S_XfRGZiqbJZtLOZU5wjf1rm-j91p_Y7PxIEJST4dONWLEUEew

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoYDc5Iw7O0z_PH3ey-YOQAAAR8AAAAB&google_cver=1&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw&google_push=AYg5qPIq7Zknq6VNImkX8s_yZuAIaJxPH85fegmnMqEWq5o2B-d2S_XfRGZiqbJZtLOZU5wjf1rm-j91p_Y7PxIEJST4dONWLEUEew
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 462
Expires: Thu, 19 May 2022 08:44:36 GMT

GET googleredir
googlecm.hit.gemius.pl/ Frame A833 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame A833 0
12 B 48ms
48ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K-4o55JjrtkIB7CNNe2fBYZDzG6mNbLkdpPSMX3BaO1Jczmhec_x5HWKoE4IML4wlGLFg-2g

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 6D50 35 B
464 B 123ms
41ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELX_XRNafUQD1xsdPZujikY&google_cver=1&google_push=AYg5qPIDIJyYkHFokiCtRSH2-1P4AIyTMfoCMn1Byqjb6cVnIKRzux71hJLrUPXNpuqxYJXQmmCwkTYXLAiSoi1tUHk7AEZboBbJ

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 6D50 43 B
357 B 99ms
42ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEF-RyL4slNnGkJs3bTAtchQ&google_push=AYg5qPLFseQug-Wr3R71XNKR7EBGDk1-00Im_hfAVFYLxtVoF_BLtu8fpORalkFqaWPTgVyTfohIL0ggmdoYT-rpF80X-X67QwYA&google_cver=1
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 6D50 43 B
135 B 99ms
37ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEMowePlB6P_obs1U9DrSoUQ&google_cver=1&google_push=AYg5qPIPDn6yytAeicPzdnPU_QAW6SXkHmJRErlj65T2e8z39SfijmAyBDemjZEHwm9mPqdmVJOVKAraPfXUZ2xTEJ-4O-D6crQF
Requested by: Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:35 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: nr2ug1g1q4ugaaln7rioss065pk81p2g

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6D50
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8eQjSPmLSjeOZfwA6CS2EQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

60ms
59ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8eQjSPmLSjeOZfwA6CS2EQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI41uvybrHC4GnJpUWORY66M3m-Caabo8uqt2WtjnlUk29Hq13vuQyt5s5SGjtyhW4x78OakUqtDNLojQA0Dtey7hX1gjwe

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8eQjSPmLSjeOZfwA6CS2EQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI41uvybrHC4GnJpUWORY66M3m-Caabo8uqt2WtjnlUk29Hq13vuQyt5s5SGjtyhW4x78OakUqtDNLojQA0Dtey7hX1gjwe
date: Thu, 19 May 2022 08:44:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6D50
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENf8oWa7s7RHSQVVZAYfqMU&google_cver=1&google_push=AYg5qPLlA_gWrJeUAqTY7fDRjqau5k2c8nvGsL5vYQ9Xwz7vZk74Jae5hrDIj714hdCdZmbKhHZ...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNDUk9GQzEtMTEtOEFBVQ==&google_push=AYg5qPLlA_gWrJeUAqTY7fDRjqau5k2c8nvGsL5vYQ9Xwz7vZk74Jae5hrDIj714hdCdZmbKhHZNg7byVuOyniKN_SWLF860GDg

170 B
188 B

52ms
52ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNDUk9GQzEtMTEtOEFBVQ==&google_push=AYg5qPLlA_gWrJeUAqTY7fDRjqau5k2c8nvGsL5vYQ9Xwz7vZk74Jae5hrDIj714hdCdZmbKhHZNg7byVuOyniKN_SWLF860GDg

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNDUk9GQzEtMTEtOEFBVQ==&google_push=AYg5qPLlA_gWrJeUAqTY7fDRjqau5k2c8nvGsL5vYQ9Xwz7vZk74Jae5hrDIj714hdCdZmbKhHZNg7byVuOyniKN_SWLF860GDg
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6D50
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoYDc5Iw7O0z_PH3ey-YOQAAAR8AAAAB&google_push=AYg5qPJ9zVPWTvEro6PEf-ZH9E94J0E5YkwGulP9HtvCgWFpe-7pLhDIQDk8HpOIFxiHPkC_zBqYHZkbN0AXEuLHm2...

170 B
188 B

50ms
50ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoYDc5Iw7O0z_PH3ey-YOQAAAR8AAAAB&google_push=AYg5qPJ9zVPWTvEro6PEf-ZH9E94J0E5YkwGulP9HtvCgWFpe-7pLhDIQDk8HpOIFxiHPkC_zBqYHZkbN0AXEuLHm2MsmVFShjFQ&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw&google_cver=1

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 08:44:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YoYDc5Iw7O0z_PH3ey-YOQAAAR8AAAAB&google_push=AYg5qPJ9zVPWTvEro6PEf-ZH9E94J0E5YkwGulP9HtvCgWFpe-7pLhDIQDk8HpOIFxiHPkC_zBqYHZkbN0AXEuLHm2MsmVFShjFQ&google_gid=CAESEDn5I1ONeV0lkjhbXiJRCsw&google_cver=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 460
Expires: Thu, 19 May 2022 08:44:36 GMT

GET googleredir
googlecm.hit.gemius.pl/ Frame 6D50 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6D50 0
12 B 50ms
49ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K5pk3Cv5bvJIRRhzC2wulONIVW7de0Qp12QfSfYP9dOFUJxt_3wozY-zFzlTch7SBsujqkXQ

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:36 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js Show response
pagead2.googlesyndication.com/bg/ Frame 50E9 35 KB
13 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36146783665e9d945c68f46e534cc09aa8324ce84119759e7a19fcb969346c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 17:04:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56430
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13698
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 17:04:06 GMT

GET
H3 200 NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js Show response
pagead2.googlesyndication.com/bg/ Frame A048 35 KB
13 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36146783665e9d945c68f46e534cc09aa8324ce84119759e7a19fcb969346c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 17:04:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56430
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13698
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 17:04:06 GMT

GET
H3 200 NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js Show response
pagead2.googlesyndication.com/bg/ Frame 50B8 35 KB
13 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36146783665e9d945c68f46e534cc09aa8324ce84119759e7a19fcb969346c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 17:04:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56430
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13698
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 17:04:06 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/5825321732835115008/ Frame 4FB4 92 KB
25 KB 48ms
48ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=NehQoaFRPd&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ddc95507676c16045fd509f101f5dfe5e57b1c28a5b55cebe9b857deb7f7d49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:36 GMT
expires: Fri, 19 May 2023 08:44:36 GMT
last-modified: Wed, 27 Apr 2022 09:23:48 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6024 0
27 B 86ms
86ms Ping
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvi3a8XJ9yh4e-cKZeJ_NtDNLcYp9GBAnueNlpuFlbg1IcORdys2qn5DDo86VrKH6jy1crYLjb_etk5aMyDUwxspYru8tFD_bKf5GwwUPCYsyVJjlypFJMX5ZyFEc8ITem8F9IvOs4UCjcg99QnGRHO549HMDlVOE38KcEf6OixQL_jPFtvqkcw4JErCjwBdoU-mERMvm2wpQ5vxsMY1mj6rUZNxqyYecgXFZ2kEw1xD1kU4lRCyHFW6TagdS-tZCupPanvDGmLrX_hycOJrM-dXxZ4EQ-uC5YPpZHkZoXwfdsaAmDTnkvMxUE8q7pYAcZAajDSZCbv_NmBjCi-zB5vtHUuLRpPZokommaT-jQUH4SaRuXZ_oVwwitqu-H8ou5jl16hj-EbKSSog27rsNj2md-P1BY3UVNPsyKX40UM0zzU5lw7KNn4xTdjXc4R1mxwMpNojjNnXZ7DPZY0TCTlPi-1Us9UwX9kAQjp0BaMndak3qnt73FHUhG1H-jhhM0edQtXPKKxf0yKMbi8J33NieRrusq-L_Fw74BY_zPWrWuih-VXH4WWDlzc-tNvV8h7NtEJtm2IspoffuNAKlYXEFlwYZ3_JEwbVI84-xQyodSUnvGKIXGaZNShMpPJ1kyg7fYMk6OKCD8tz_vYdiAVTrwSld5KsRTSp_1Dr1oFb9XKFnk1gPCzMklvQLFnJ9sfgcb4wPQ5gMgR5tj526qNJPVi389ojHIT64jONbK5tpNGPb0doFO0MAE3aE2njysCHhIFHMPTXawwRsKlxu2NjnIDy-9h-0-o4QP5Ec-kAaPji323TIqaSktYbIYc8BWNaXBsFXlMiIqTms65xrcblM3owCAHQRacr4DleTWxBYtL1B8HfXlBGUQdZzE8LCEMOUuS44kqZ7F4kVvu8M2Wumd8JQLk2M0liWmIdzjMHuy-eMWCEvLe18yyNyus8nyuJXE9TxcAmAbNPQ-YrKK30MTPVlUo5v8okmocxtQ1ppXVcI1hj5r-24hEBpWRnsd0quBJJtdVkz9jCduhgO-mivJr61Nnsos170SH-2KhW8htt4BgL32gfxpmtHK1OR4bkiaj0uu-AGpLHa3JqRk8Ghtm25L_azhTSbqU-8OSIQLirKH79k4Vv3ZQWrAR5wTUOWGKVQNYfsUIn0s8kx7dKJSL_VVtf01NWaZBUlJo1veCLXA23Ru5HQu_MVmxhdjjMzwmExIm-qC2dRZFqXKrqMIRIPM3FF2Zh4b_bTe-L0CLmMTLYTd_Pzg8jz5g1gFi_r75ITBq3UIn-RqciSEx1aXPuz93_29-PDdb-axkBzE&sai=AMfl-YTlfp-pciA0c-Gsb9HivE70pagC24zi_NiYlRNJnxmr7Tn0u_tvA5v13T89NJ2MwTcUogFVILWwTXeTHnlo5p8QiKPwoEr9gNosJBe64FLKBsATWJ6uQzqVMt3Zm44kTaoa_XeQSrIpNBm4YLqs_o0ws3ghYdX8D7pfLSoxoADTf8p4P8C-6D0wyP7IMYSdhrj8ETTfoNthZHhUbYACwBzh&sig=Cg0ArKJSzPbLTVrG5LJfEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=245&cbvp=1&cstd=240&cisv=r20220516.42051&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Thu, 19 May 2022 08:44:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/ Frame 5CBD 15 KB
4 KB 53ms
52ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76d7c81bff643d6341543d4f1164a7a113c900e99de7feb1fffa78a96d3df495

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3649
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:36 GMT
expires: Fri, 19 May 2023 08:44:36 GMT
last-modified: Thu, 12 May 2022 10:47:02 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3F41 0
27 B 91ms
86ms Ping
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst_5z4Ye_YPYEa8kAMlhS7I0FkV0JPA_2Fo97WFrFgWtpfSKabMPzbDMQy5ns0BjSwbL73ZNKnA6P-xCh1I9xL6Sw7sGzhNeIwJ-y7BM3-mMp2u7jpl-q5-o7mBiOXpN9zrsRejLS3LqEHBrHPRfjKmQel82D2iEzBBs9-VN8T-I9W01mGogeZwk0DBkCqSb-_f4SQCCfJtVlH7IV5yPeKmuE8eheI5LgJKqwu0AO7-tlmwLe_3DSAoI_oBKSszW5TsmduUtR_8-nplIdD7zpR8Z8XsYOrGlDchi1eyKbqGsk50gIlQol1b6Fc-rrbTgH7Zq6Ah99esVHF1M8IySvUDN78z3duV0ISXwPa1j_sPqqgkLwjx5GVOTgsicCnZdsg4fprqt0JNS8q7Rvh-BW1smMwd9ik3qD08h_cF8ySnTwXZOtRZVKl4OqWLN-SdK_EFYrVPHAajWncDU992NcXwVr5REyAhPi2pOLVdqR1dMV85bTqOfBQ5dtoS0hcib8QcBZ06uYjc8ptJ8TDRzwmA5G3aJb6UDZz5a1U903Z3QMcCv8BsqzI__yNDt7QvZY0QNrZs80hpn3APsWCdqLOtpB-4BdWjnkTQYRGmoVaIObQAwHntNC_k1690_BnNXgsFgkaUKm1S7lHR_FV16QCeWoQBKpVTOAVOo-3uVEubdfxBsKebsgrBJ18hiFQ4-hQcV1f0T6uo-vzSpkr9zQhh2LnyXp2hYzLNK0EdJq4YXlJ9lkEo2m7dHOE8KmqJJtPvLpsymTErNULbKItONbcJHVBPUPKk2NT3NIf1sENS0sU-LH6zhZCAceU8l6dJGBoFB6Rw5w09aS11qFlyfPmg6uCMRbBSIurow88nDtWOHbA_XABSq3iOeFCncQkCNOlcBC-_d71FX5YqLzbUlgJfBgImAEBCZ1VGn99VoFvs8mGTOrl-TgVWCWIlj-bmBeB-yiOCllD7tvJAvFXT9D2hy0xz2aTp8keBPjpqY7CgbZ2BZTvv6ZNgh-fWQbgPxCClTKWSi7t0Uogtck4gDVGuT0etCDfdTuA8HqAxPniAwl9y5pdDxb1djROJ9lGRHnX4RxZrfmGBbWsqto8uFz23HukScpmb6_8AfoHYRFLPlRzL294Fjir6c0HnBhJiHVo6Tc8eEUMg-kwsVOXH9YBSOMkgoittokvKUkk-w-WYomF5w0PeQ6e_hHmAz7Lel4RjWWt7Gtd3DuclKQXdHADAJ94uDFGcoadvceO_jKSprbX3GidG5zkDrRYqZIFsAojrIA&sai=AMfl-YS-HLq00BeEn80rSfr63PGm-RpqkpdbzSxCiP6OTr8rgHmEOs7DyhGCc4up5fBb2FZdrpsiro30BPOcvkGE36rBDSiDuoKua8-OVAAO8Pjs0Glw4KP1eOXxSp2W2sTvTEvs34pnBXpa--WND6d4w1p2tHP4tFffJkisxs8kvnDCKqUnwLshulqs8HT-ULXSC_eofIv0KcJs4thKiKmprXE6oKLkjhGZMcx9kYia5UZW-oAhqQ&sig=Cg0ArKJSzF0NCPBUl2GsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=227&cbvp=1&cstd=223&cisv=r20220516.96758&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Thu, 19 May 2022 08:44:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/5825321732835115008/ Frame F155 92 KB
25 KB 56ms
50ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ddc95507676c16045fd509f101f5dfe5e57b1c28a5b55cebe9b857deb7f7d49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:36 GMT
expires: Fri, 19 May 2023 08:44:36 GMT
last-modified: Wed, 27 Apr 2022 09:23:48 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 91C1 0
27 B 86ms
84ms Ping
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst36g24tFO4zcb9Hdb_7gOaSg-xm1m-QwFk3g5AUWl_QeW6Z8z_j-L8n4Esj296FSNYT4oa5zY9bGTbtu6fBxCRbRM851V0flDFI0cmJYMTpJZPUu4kcj4V-pRCaGLyHA96omUjarf0vJIRKvsGP16AXzVs9jgdnVRn11MU_ZXDluAU27eaqfOc609_WWjNd2bbbmn_LdTemZ94MexUDhakm1EqgkiWyWkIM03sUV9iwCC7_YXSXXWZ0rWTrG003tD6sBvrUfPrBkV3OU9niVAgpeuuXpUCEbuP8OTz_GLcC1zJ20lf4W8_pbXnce-QBF0eNVuuJb5CugzXelWSI1qgk7kTHM5wPyj1VHI9Zfpbcson_4N9uD_2iIAyjrJBLvQBZovTkOCJqoJE8gQlsSjepnckYwCDG2SA7R2UztLEIO7T--hktM3m-g0FHOLCM-zdTtyQOATMRBZkShDSv8yuSsjl-ADSWcT0rYpcCyIVVsUnP3C6zIq4wHZYq9pGvDQ3YZzwrGX0ZrdVN3ZFzCsivyTRepGhZmGfEKwQTiisojAWUg6Is2BaKUIEhU8nzCuvAPB65DuL4Dy3rq4Dt5_bqCNF-R3x75G9o1UTGrF0HUUAe02LsgZcT_K464ejFf943xKDpcBnimEMIHetx5eZDQPyGnzNExvYu2c-7DetVrOBb1ekU9pZgHnXgsMU7xcTUULpwPfJg3AJW1sTn9jvrg15eSliN4h7vdJoVvvmBaPs37L1b4gLyBnGCoLBuJSoSTIdx1HGpNgC0PB9cnRnqa98E8jwc7FHlD2aBbV33409M8VvQWdeKMwKOtImuumlhwP6vgePkaXcXuRtF7TAs2l4iPb18mp88z7pU48DkpnBTncZLAAjf7peoWRf0bylOY7WbANxIFdUbtyB_mu7LITRf4N-G-bN27iFXEWq2ZKnITiylADcVXX-0I6i3fK7U9IORjnPcHbwdF7KCxp-KnFZIW66zx231YD3QCmPtncOJPeT-RkKtJ-hsu3i3VNJB9t5-4Dnw_sxom-AihwV-dvHI-WytrCLmttNZoGVxTnWch6Ta_Vz2f2zWIenAfhIn005fS6Xj-EvmqXF4k8i_BjQoLrRW1h6lsH8of9IsEn1s_rUlxJrTjCV2Fc7dBJU-nGosau_7SgdjWXTgQz3DL1kWNznZtWHdpVtSLVFdV334TFAu-I-0nxCue6ZCjz5Ga7FBGIejeG0qv7CJ1SH4aNm40fKgbXPiT6KH9id3jlmsdKS05FE7p8m0JDeH5dr-ARyxtBopSYz2iouzrGmfrAVKQOUtCxmNCC2K-FWu8U&sai=AMfl-YQmUS9kGZ3_FS6g8yQVVozaPJiGHpYo1RpQliPXEAL5RoSVleD3sbwLx3v7lAW_e4sGmG2ZPj1SGpCAvDJj64MNg7MOTkmhVp-vzdkyd6qLa_C-1xIFIJ7ZgVMtAukckAhx2tvHJaoweOM6ZlNYxUX7NkYaA4Bk2GQDFYaxIZ-hez-Mo-dOLpui_Nkuj-pgbxu8aPjaW6kXBzRCA7pbROUJ&sig=Cg0ArKJSzLzyj-9h8cPDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=243&cbvp=1&cstd=240&cisv=r20220516.96206&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Thu, 19 May 2022 08:44:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 css
fonts.googleapis.com/ Frame 4FB4 3 KB
1 KB 136ms
49ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:regular

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=NehQoaFRPd&t=1&renderingType=2&ev=01_247

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

127971f0d7e0ac5bc266c81c7a858e1ecf84e318238f2d36d2aec12dc6b6d211

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 May 2022 08:10:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 19 May 2022 08:44:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 May 2022 08:44:36 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 4FB4 118 KB
40 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=NehQoaFRPd&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=NehQoaFRPd&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 10:16:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80884
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 10:16:32 GMT

GET
H3 200 gsap_3.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 4FB4 54 KB
22 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=NehQoaFRPd&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=NehQoaFRPd&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22005
x-xss-protection: 0
last-modified: Mon, 11 Nov 2019 18:08:13 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 08:44:36 GMT

GET
H3 200 adlib.css
s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/ Frame 5CBD 6 KB
2 KB 42ms
41ms Stylesheet
text/css 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/adlib.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

437b62002b3aa74ee137d19b391dca8654b56dae86142648176149bc0d7b823c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 140354
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1976
x-xss-protection: 0
last-modified: Thu, 12 May 2022 10:47:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 May 2023 17:45:22 GMT

GET
H3 200 adStyle.css
s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/ Frame 5CBD 5 KB
894 B 44ms
43ms Stylesheet
text/css 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/adStyle.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2b2bdeae208e22fa3caab9049518f24db02568033e6083aa733029723ea1ce4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 140354
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 865
x-xss-protection: 0
last-modified: Thu, 12 May 2022 10:47:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 May 2023 17:45:22 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 5CBD 118 KB
40 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 10:16:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80884
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 10:16:32 GMT

GET
H3 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 5CBD 57 KB
23 KB 69ms
69ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 08:44:36 GMT

GET
H3 200 Line1.png
s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/ Frame 5CBD 103 B
130 B 42ms
42ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/Line1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f415cb6a326034f8bb0bf49096a985573631a3d79f31dd9981bb412a86bfae05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:22 GMT
x-content-type-options: nosniff
age: 140354
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103
x-xss-protection: 0
last-modified: Thu, 12 May 2022 10:47:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 May 2023 17:45:22 GMT

GET
H3 200 Line2.png
s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/ Frame 5CBD 103 B
130 B 41ms
41ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/Line2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f415cb6a326034f8bb0bf49096a985573631a3d79f31dd9981bb412a86bfae05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:22 GMT
x-content-type-options: nosniff
age: 140354
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103
x-xss-protection: 0
last-modified: Thu, 12 May 2022 10:47:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 May 2023 17:45:22 GMT

GET
H3 200 adlibUtils-v3.js Show response
s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/ Frame 5CBD 25 KB
10 KB 41ms
40ms Script
application/x-javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/adlibUtils-v3.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6aed3a238eccdba51ccad99da44ae89e563a5e561cff593bdaa35982b8cc16f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 140354
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10657
x-xss-protection: 0
last-modified: Thu, 12 May 2022 10:47:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 May 2023 17:45:22 GMT

GET
H3 200 animation.js Show response
s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/ Frame 5CBD 7 KB
1 KB 41ms
40ms Script
application/x-javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/animation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8943f1dd74d07f839966b22be8d8202b4e5a7d2011ea9dd8b39130de88abbb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 140354
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1404
x-xss-protection: 0
last-modified: Thu, 12 May 2022 10:47:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 May 2023 17:45:22 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2F78 42 B
64 B 160ms
77ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstllzjHJX70VbDL5IwOlRnyV8D6asHhXzQs6p46yT-10Q-j5Z4QTQz82bso1LGX7J9rsbbWdWqOnfogyjdRY6_42-zzM-POaQhQ_oWH4w5IPtVGPX6U8F_xKXox&sai=AMfl-YShQLe_84thQW1Q28sNold4x3DHn_8aul647KNuFgDD_gz3c_zftPjzligIQL5eR6YoXuosqkEq6MdM63v0wfjKwOaPHwH-4GTP4LlVekt46TsRc6JAUp39EPF4RZUv&sig=Cg0ArKJSzBuI-lgGHU5PEAE&cid=CAASKORop39g3_v0y4tqIKS0XerAYMAOxYdC9Zd-3709TuAw1wXpFY09F5w&id=lidar2&mcvt=1050&p=228,1092,478,1392&mtos=1050,1050,1050,1050,1050&tos=1050,0,0,0,0&v=20220518&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=978356717&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652949874919&rpt=511&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame F155 3 KB
702 B 112ms
50ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:regular

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

127971f0d7e0ac5bc266c81c7a858e1ecf84e318238f2d36d2aec12dc6b6d211

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 19 May 2022 07:56:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 19 May 2022 08:44:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 19 May 2022 08:44:36 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame F155 118 KB
40 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 10:16:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80884
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 10:16:32 GMT

GET
H3 200 gsap_3.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame F155 54 KB
22 KB 84ms
84ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22005
x-xss-protection: 0
last-modified: Mon, 11 Nov 2019 18:08:13 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 08:44:36 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 50E9 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BucAKcwOGYvzhOaLP7_UPsI-M-AQAAAAAOAHgBAI&bg=!YWKlYibNAAZL3OSAa9w7ACkAdvg8WjO6Pu6W6FiWtfIgwTVo1lb0xPrBZxLWtL7YqJnZSg_1ibOzOAIAAAEAUgAAAAJoAQcKAF4DoGHqFHvXNum9S0IOa5Ftpda0uyfIMN-NQmN5hBdAgKg1Ci4_NYX0Rc9y66BOB8A2yB4ygO1gyxG4A8lee5A3BkkM-KzaHO_RPffbsUAt2yUqQkHkFBIMbYAEmNoZmQLdaAVajqJAKvJedNvYjc-5hXgrX79vbWxRnL2CbWL_w8woH_4tLjzFN5HlF53q3bIzSXf8KJ-MAo5rKziNhKkrtnytjsRZwYtPq5jP5EM7gkjzTBv8UV1mjCLKY6bJxoWTwK9JVK4deKWRW_JAGn4fqHJZXTVh4i-oLf0tfdoAhCG1Us8_8LyL6RUGqvqqc-Kl4CIHqmrnS_0qCDAaoc52iWpknwYIi9eA61dYyWTL_V5KeIKf0VR39s8hDCAgZerO5yq_TzzmXlwkLyVVvH2MlVZtXnpYO473O3ZkGcqZaNaFwmTNngwZ4YyIdbbbBSoAJiv6ulkDsAJkvmbgmVXW-NoMIO6LjkIfK7DbnPjh9vbWKN5kKUE1lqsD6zYQsxAlKj9y5BZJjyZcKj2euXsFC7RovnJ8bNZqPX-GALbPdkp33plhVooCyLA5Q8rIBojgohI0BvZ7_TW9XFCVz0O1AcUOp5abk00hZKoGigw0b_8r_l_2QOA6qlqNOr2e6l3TmNNN6RQ2o9oK46mettV7QWHG1V_doKnzRMpA0hHdmEX1SnibmBTzDFHqLtk28jiQ8hg0nf2M2WmS7Vk20VXxAhtdeAiGPfABAjZeq_-NkGuuXAq4o_GOhhMmPJ8LcEhFgEtLrWLe7gRFiuv-HdHOtbprVdtE9mcPRkC25VDThf70PfZs__1u800MfuslEWfWGWpe62ms5qUMdS3jlCsFrzUvVaKB6dP7L9_J2Hvw3spfsBi5Hi_aue9-eZSFrFBKuokihFXr5DVvgTapBdOFPdg0CTO5y1VbhKwHQuWEV2O5Xz1tpKKhQDrb3fMpGx7a-MMIx_gcHMgSYgGf3NMkkV8xsUwSC8zvDiztkUioZLBt3NFP-hfLSrm6FuSMYoTI4FK5e0tUsznFmHnFqmitikVuuu3I4-8AI0ly8z-L9YHiuGDmCAHRUwDmgL42Cpb0jB_gDWifqqOLAT8Glw

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A048 0
20 B 77ms
76ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BVAUJcwOGYvDsOfiL7_UP-OqLqAIAAAAAOAHgBAI&bg=!MjGlMXXNAAZL3OSAa9w7ACkAdvg8WtHN7QxZeYfLbEgQ3nFQZNFrdGqA_F8DtumnMpMUMq11s6B_MAIAAAD_UgAAAANoAQeZAuLbse01RR6hbukc8rG1U5DeqC_S9--vbygKFbxKhjEIfPKGd0LYvkf9D83NWPGIXXdgoTnEpDI45SuLcLdTp2UWOIwJdkjKaDt4Q_-MHCKvcgYEmYN25Zl5sE1XtqfyLtXLr1H6p-ENBTfs3Gepq44qLIekQi2tI6l8P0bBjADsQDya_9wxkkQMZP-R7t9muiYIo9Gnm0zNQTho3si_-HWHG5Nh8CGvJQTY3Fu56pQ8mB0-ZgVjYGplWQWBmYLuDheD0WO3qAyDu_ICZ1f0qL93SbJl4adsOt4L8itFUu90CDCr5GjRiEAQMg-HVp3tyfkgUtLHPyNlUkUrcDOIBlA5CdYvdob76KNXcWLFw-wdRwslcaQeHo7BsXx5mT47lX2oyiwEUr-clXNdb5qwjUHfxMLLSaEHIShp0edeHKmouv1dx_5m_JUldllOpYgAixA0o_t6H7rurOJss_ptmJudl7fNlheUaD0xVHVCLHK_2wINg3UT8Vit0QdvwZ1a9QoFKW4Ab8UwhM4gAQbbKLFoRcxRJynlUz2I9pJMr2SIvNcXWdYSxGX6dDB5mnr9KwcxSkUu-kFUtfEjuLjfQol832rLAIdDNYTULBJCiMHLN-jdz9fBIwO-a61wcb6qvMl7f0VmWoxfgML4G9Ec80pKx-XDfyEZ9gFu4D2MGYNlNDjd1aZc-fpp5aiCbqGOnaYOJJ5opVfEpvk-ZhlNPAtxZIsOsR37DymRTxPCDA1BgjWK8hSv-2dfZVSBtVi6Md5su88XQ1ehKgL0k9MuvAH9HCIJ3Ws-qKFKj7EnMb7hZ8GFH_lsdmb_K0C21i_MPVj97WEw7pMbSCgF-_BFv4xP6ELROOU5S1Vg0SNpJ4AZ8Ugioy4FwxWTRyeohrPd9MmAD2VJoEFto5k7MezIuvTXZ72ODBrzQ4JfEFuwF2wRZB_JFMy6pgQt1k3wwm_FsCKjko6MQ9rtzAO7Py1gE0zqnLI

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6024 0
26 B 82ms
82ms Ping
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvi3a8XJ9yh4e-cKZeJ_NtDNLcYp9GBAnueNlpuFlbg1IcORdys2qn5DDo86VrKH6jy1crYLjb_etk5aMyDUwxspYru8tFD_bKf5GwwUPCYsyVJjlypFJMX5ZyFEc8ITem8F9IvOs4UCjcg99QnGRHO549HMDlVOE38KcEf6OixQL_jPFtvqkcw4JErCjwBdoU-mERMvm2wpQ5vxsMY1mj6rUZNxqyYecgXFZ2kEw1xD1kU4lRCyHFW6TagdS-tZCupPanvDGmLrX_hycOJrM-dXxZ4EQ-uC5YPpZHkZoXwfdsaAmDTnkvMxUE8q7pYAcZAajDSZCbv_NmBjCi-zB5vtHUuLRpPZokommaT-jQUH4SaRuXZ_oVwwitqu-H8ou5jl16hj-EbKSSog27rsNj2md-P1BY3UVNPsyKX40UM0zzU5lw7KNn4xTdjXc4R1mxwMpNojjNnXZ7DPZY0TCTlPi-1Us9UwX9kAQjp0BaMndak3qnt73FHUhG1H-jhhM0edQtXPKKxf0yKMbi8J33NieRrusq-L_Fw74BY_zPWrWuih-VXH4WWDlzc-tNvV8h7NtEJtm2IspoffuNAKlYXEFlwYZ3_JEwbVI84-xQyodSUnvGKIXGaZNShMpPJ1kyg7fYMk6OKCD8tz_vYdiAVTrwSld5KsRTSp_1Dr1oFb9XKFnk1gPCzMklvQLFnJ9sfgcb4wPQ5gMgR5tj526qNJPVi389ojHIT64jONbK5tpNGPb0doFO0MAE3aE2njysCHhIFHMPTXawwRsKlxu2NjnIDy-9h-0-o4QP5Ec-kAaPji323TIqaSktYbIYc8BWNaXBsFXlMiIqTms65xrcblM3owCAHQRacr4DleTWxBYtL1B8HfXlBGUQdZzE8LCEMOUuS44kqZ7F4kVvu8M2Wumd8JQLk2M0liWmIdzjMHuy-eMWCEvLe18yyNyus8nyuJXE9TxcAmAbNPQ-YrKK30MTPVlUo5v8okmocxtQ1ppXVcI1hj5r-24hEBpWRnsd0quBJJtdVkz9jCduhgO-mivJr61Nnsos170SH-2KhW8htt4BgL32gfxpmtHK1OR4bkiaj0uu-AGpLHa3JqRk8Ghtm25L_azhTSbqU-8OSIQLirKH79k4Vv3ZQWrAR5wTUOWGKVQNYfsUIn0s8kx7dKJSL_VVtf01NWaZBUlJo1veCLXA23Ru5HQu_MVmxhdjjMzwmExIm-qC2dRZFqXKrqMIRIPM3FF2Zh4b_bTe-L0CLmMTLYTd_Pzg8jz5g1gFi_r75ITBq3UIn-RqciSEx1aXPuz93_29-PDdb-axkBzE&sai=AMfl-YTlfp-pciA0c-Gsb9HivE70pagC24zi_NiYlRNJnxmr7Tn0u_tvA5v13T89NJ2MwTcUogFVILWwTXeTHnlo5p8QiKPwoEr9gNosJBe64FLKBsATWJ6uQzqVMt3Zm44kTaoa_XeQSrIpNBm4YLqs_o0ws3ghYdX8D7pfLSoxoADTf8p4P8C-6D0wyP7IMYSdhrj8ETTfoNthZHhUbYACwBzh&sig=Cg0ArKJSzPbLTVrG5LJfEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=628&vt=11&dtpt=383&dett=3&cstd=240&cisv=r20220516.42051&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6024 7 KB
5 KB 51ms
51ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=latest&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f3def127bfa2537ced4c73a8a4efbe687f8428326e7e7d6872311d590a2fe6b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5555
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 91C1 0
26 B 77ms
77ms Ping
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst36g24tFO4zcb9Hdb_7gOaSg-xm1m-QwFk3g5AUWl_QeW6Z8z_j-L8n4Esj296FSNYT4oa5zY9bGTbtu6fBxCRbRM851V0flDFI0cmJYMTpJZPUu4kcj4V-pRCaGLyHA96omUjarf0vJIRKvsGP16AXzVs9jgdnVRn11MU_ZXDluAU27eaqfOc609_WWjNd2bbbmn_LdTemZ94MexUDhakm1EqgkiWyWkIM03sUV9iwCC7_YXSXXWZ0rWTrG003tD6sBvrUfPrBkV3OU9niVAgpeuuXpUCEbuP8OTz_GLcC1zJ20lf4W8_pbXnce-QBF0eNVuuJb5CugzXelWSI1qgk7kTHM5wPyj1VHI9Zfpbcson_4N9uD_2iIAyjrJBLvQBZovTkOCJqoJE8gQlsSjepnckYwCDG2SA7R2UztLEIO7T--hktM3m-g0FHOLCM-zdTtyQOATMRBZkShDSv8yuSsjl-ADSWcT0rYpcCyIVVsUnP3C6zIq4wHZYq9pGvDQ3YZzwrGX0ZrdVN3ZFzCsivyTRepGhZmGfEKwQTiisojAWUg6Is2BaKUIEhU8nzCuvAPB65DuL4Dy3rq4Dt5_bqCNF-R3x75G9o1UTGrF0HUUAe02LsgZcT_K464ejFf943xKDpcBnimEMIHetx5eZDQPyGnzNExvYu2c-7DetVrOBb1ekU9pZgHnXgsMU7xcTUULpwPfJg3AJW1sTn9jvrg15eSliN4h7vdJoVvvmBaPs37L1b4gLyBnGCoLBuJSoSTIdx1HGpNgC0PB9cnRnqa98E8jwc7FHlD2aBbV33409M8VvQWdeKMwKOtImuumlhwP6vgePkaXcXuRtF7TAs2l4iPb18mp88z7pU48DkpnBTncZLAAjf7peoWRf0bylOY7WbANxIFdUbtyB_mu7LITRf4N-G-bN27iFXEWq2ZKnITiylADcVXX-0I6i3fK7U9IORjnPcHbwdF7KCxp-KnFZIW66zx231YD3QCmPtncOJPeT-RkKtJ-hsu3i3VNJB9t5-4Dnw_sxom-AihwV-dvHI-WytrCLmttNZoGVxTnWch6Ta_Vz2f2zWIenAfhIn005fS6Xj-EvmqXF4k8i_BjQoLrRW1h6lsH8of9IsEn1s_rUlxJrTjCV2Fc7dBJU-nGosau_7SgdjWXTgQz3DL1kWNznZtWHdpVtSLVFdV334TFAu-I-0nxCue6ZCjz5Ga7FBGIejeG0qv7CJ1SH4aNm40fKgbXPiT6KH9id3jlmsdKS05FE7p8m0JDeH5dr-ARyxtBopSYz2iouzrGmfrAVKQOUtCxmNCC2K-FWu8U&sai=AMfl-YQmUS9kGZ3_FS6g8yQVVozaPJiGHpYo1RpQliPXEAL5RoSVleD3sbwLx3v7lAW_e4sGmG2ZPj1SGpCAvDJj64MNg7MOTkmhVp-vzdkyd6qLa_C-1xIFIJ7ZgVMtAukckAhx2tvHJaoweOM6ZlNYxUX7NkYaA4Bk2GQDFYaxIZ-hez-Mo-dOLpui_Nkuj-pgbxu8aPjaW6kXBzRCA7pbROUJ&sig=Cg0ArKJSzLzyj-9h8cPDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=616&vt=11&dtpt=373&dett=3&cstd=240&cisv=r20220516.96206&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 91C1 7 KB
5 KB 52ms
52ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=latest&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f76ba226994ecb7176fab779e3029596942490adf9c4b3368403deb3f6f7438

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5453
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5CBD 7 KB
5 KB 60ms
60ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc4c519935729ddf40ee4d358df251dc9e836ad9e83de489db85e649b2e0bf22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5430
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 50B8 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B0aSAcwOGYrSAOvXH7_UPidO6-AMAAAAAOAHgBAI&bg=!MTKlMnbNAAZL3OSAa9w7ACkAdvg8WhfXG_QdyYi6ZWEpFUl2wHtCsxy4tw3loDNe3t65qEDXtnraFAIAAAE7UgAAAARoAQcKALQT33o5t2XKb98u-MTrMt55Q8WikJVduHKJnRRcqlqhEkUV4ft-TlONbddYvxvQ9x5UR2rSYcLYf6rhH6MzWyGmZWKuh8GmkpbWHj6-yA31KOopfVHDzKynwaXBqqnPa0pIMqvn-SYD3TfAjhQliKdT3lD0sKrWa0DgSrl6la4aMK0MS5xCwvxngJCfg2tngTSE0YoTR0IGPEucMHuHLpLJAX1DxjwrS3VW5Q1FJgbRg_Uci5uZAt4-yKqU9v8uRXzw9WMu9DmL775zTzK2kDBuMqKsWMfEWWgzWTm4YcssB95X2lf2DoUzEew8fHyRdNbbowsInstB52wq0yr9kM5YnZ--fIf_Iap3Tb_iHvJ60VVwtil2GEp4AKW86Hn2Jk0GJwkfVrkKmcKcU3pS9xkfZhkCXFifNLqVTyrX5UHLkUNZeXGHhKL6BPHmFoDsUz-p_jZF7UkGwTtP59ltivPAWllhDbVfsAKqlcp52SmfN0aObXiXrxcDb6Q75lkqmI3wyTp48Y6H0Axx_epuywA9YTK-srL2LxmxYzXQzESm4xaCUWq4xp2p1hWkmJHlfrPrs6Yy4PHF4DUAICRt6wjdG7EaL_lJEddls9KnMSAl7kO4-8iXnh2gI_rkkn2KQ1VoHB6kybxXWnyTIyD4Mz7panSSEz-WcEhTWyuP1crQFo7IO4HuCRnGmhFWTpDtBWyoyiZupX9tRw5FYt5dSG98WvW4W_5ZyfsDbyDXl_aUePRfwnyMjpmp16t2IuVV5vliVANS3USTxKmFZG6IHK5dwSlb3Pn7a3LmyHaLHL8YqErniPEtgFAE5ziLHObJamWGxA-QH1HsOBCj2tzaE-BlGTYn_UffjJmJmWQshQKlgPMxXo7Yv5yM9g8zqp2koyTqDE0Myla83h1mlfUAaBG3YYcjv8e0LjgFbtBEGEMJ7ypnWwli49CukBEx6on-Ift8V3g702i-169aGGXWxcRMkVEheMzp4bAAkZuaYCytsbduErrOwYd1l6FYVfeS44RfWeFErbcivQi6XGNY3Wstk5fQ1fT4SLdmqo9VqkkcpI8UdjN0bd0E2ojRXhaJnKIxMPvveJzsJ31KVflpkq7zLNTfHbw7qekHfbu5uHe5TiHspigjilgWFigiSDBsn1fJBe_zDOJD-ySqlR4B7w4Dt7IUMgaPLp0IVjEEfw6Pc2o7kIbgWUdtidR9VOD9-nODrKwYsA

Requested by

Host: 9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
URL: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3F41 0
26 B 77ms
77ms Ping
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst_5z4Ye_YPYEa8kAMlhS7I0FkV0JPA_2Fo97WFrFgWtpfSKabMPzbDMQy5ns0BjSwbL73ZNKnA6P-xCh1I9xL6Sw7sGzhNeIwJ-y7BM3-mMp2u7jpl-q5-o7mBiOXpN9zrsRejLS3LqEHBrHPRfjKmQel82D2iEzBBs9-VN8T-I9W01mGogeZwk0DBkCqSb-_f4SQCCfJtVlH7IV5yPeKmuE8eheI5LgJKqwu0AO7-tlmwLe_3DSAoI_oBKSszW5TsmduUtR_8-nplIdD7zpR8Z8XsYOrGlDchi1eyKbqGsk50gIlQol1b6Fc-rrbTgH7Zq6Ah99esVHF1M8IySvUDN78z3duV0ISXwPa1j_sPqqgkLwjx5GVOTgsicCnZdsg4fprqt0JNS8q7Rvh-BW1smMwd9ik3qD08h_cF8ySnTwXZOtRZVKl4OqWLN-SdK_EFYrVPHAajWncDU992NcXwVr5REyAhPi2pOLVdqR1dMV85bTqOfBQ5dtoS0hcib8QcBZ06uYjc8ptJ8TDRzwmA5G3aJb6UDZz5a1U903Z3QMcCv8BsqzI__yNDt7QvZY0QNrZs80hpn3APsWCdqLOtpB-4BdWjnkTQYRGmoVaIObQAwHntNC_k1690_BnNXgsFgkaUKm1S7lHR_FV16QCeWoQBKpVTOAVOo-3uVEubdfxBsKebsgrBJ18hiFQ4-hQcV1f0T6uo-vzSpkr9zQhh2LnyXp2hYzLNK0EdJq4YXlJ9lkEo2m7dHOE8KmqJJtPvLpsymTErNULbKItONbcJHVBPUPKk2NT3NIf1sENS0sU-LH6zhZCAceU8l6dJGBoFB6Rw5w09aS11qFlyfPmg6uCMRbBSIurow88nDtWOHbA_XABSq3iOeFCncQkCNOlcBC-_d71FX5YqLzbUlgJfBgImAEBCZ1VGn99VoFvs8mGTOrl-TgVWCWIlj-bmBeB-yiOCllD7tvJAvFXT9D2hy0xz2aTp8keBPjpqY7CgbZ2BZTvv6ZNgh-fWQbgPxCClTKWSi7t0Uogtck4gDVGuT0etCDfdTuA8HqAxPniAwl9y5pdDxb1djROJ9lGRHnX4RxZrfmGBbWsqto8uFz23HukScpmb6_8AfoHYRFLPlRzL294Fjir6c0HnBhJiHVo6Tc8eEUMg-kwsVOXH9YBSOMkgoittokvKUkk-w-WYomF5w0PeQ6e_hHmAz7Lel4RjWWt7Gtd3DuclKQXdHADAJ94uDFGcoadvceO_jKSprbX3GidG5zkDrRYqZIFsAojrIA&sai=AMfl-YS-HLq00BeEn80rSfr63PGm-RpqkpdbzSxCiP6OTr8rgHmEOs7DyhGCc4up5fBb2FZdrpsiro30BPOcvkGE36rBDSiDuoKua8-OVAAO8Pjs0Glw4KP1eOXxSp2W2sTvTEvs34pnBXpa--WND6d4w1p2tHP4tFffJkisxs8kvnDCKqUnwLshulqs8HT-ULXSC_eofIv0KcJs4thKiKmprXE6oKLkjhGZMcx9kYia5UZW-oAhqQ&sig=Cg0ArKJSzF0NCPBUl2GsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=616&vt=11&dtpt=389&dett=3&cstd=223&cisv=r20220516.96758&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4FB4 7 KB
6 KB 56ms
55ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a325579c10c9e8fddfb15e7bbbcdbc9918970d29b3d30c8a7aceb566d5533830

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5627
x-xss-protection: 0

GET
H3 200 prod_studio_01_247_configurablemodule.js Show response
s0.2mdn.net/879366/ Frame 4FB4 31 KB
10 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_247_configurablemodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8460aaf36b73e229c6b0fcaf7bac791e23c3145e87de6a04d0d91541e39289b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=NehQoaFRPd&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 09:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83406
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10616
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 09:34:30 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F155 7 KB
5 KB 58ms
58ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

622afe30d9d537bb21391e4f105d06c26c7dccf215b663de982606ff4441d0e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5529
x-xss-protection: 0

GET
H3 200 prod_studio_01_247_configurablemodule.js Show response
s0.2mdn.net/879366/ Frame F155 31 KB
10 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_247_configurablemodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8460aaf36b73e229c6b0fcaf7bac791e23c3145e87de6a04d0d91541e39289b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 09:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83406
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10616
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 09:34:30 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6024 17 KB
6 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 19 May 2022 08:44:36 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 91C1 17 KB
6 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_obb_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 19 May 2022 08:44:36 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5CBD 17 KB
6 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 19 May 2022 08:44:36 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4FB4 17 KB
6 KB 72ms
71ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 19 May 2022 08:44:36 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F155 17 KB
6 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 19 May 2022 08:44:36 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/5825321732835115008/ Frame 4FB4 2 KB
1 KB 42ms
41ms Image
image/svg+xml 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5825321732835115008/logo.svg

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0fe0dabaf5e69e88b98234e97cdd6b5dd26560b787c051167a3e9eddfbc284c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=NehQoaFRPd&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 12 May 2022 22:00:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 557037
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1030
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 09:23:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 22:00:39 GMT

GET
H3 200 7062488226882609744
s0.2mdn.net/simgad/ Frame 4FB4 140 KB
140 KB 43ms
43ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7062488226882609744

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b56c21f94c846431e5d7471a8be28840608cfdb35658a50e292fb8a685e6dbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=NehQoaFRPd&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 12 May 2022 22:08:09 GMT
x-content-type-options: nosniff
age: 556587
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143004
x-xss-protection: 0
last-modified: Thu, 28 Apr 2022 11:21:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 22:08:09 GMT

GET
DATA 200
OK truncated
/ Frame 4FB4 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/5825321732835115008/ Frame F155 2 KB
1 KB 44ms
44ms Image
image/svg+xml 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5825321732835115008/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0fe0dabaf5e69e88b98234e97cdd6b5dd26560b787c051167a3e9eddfbc284c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 12 May 2022 22:00:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 557037
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1030
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 09:23:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 22:00:39 GMT

GET
H3 200 7062488226882609744
s0.2mdn.net/simgad/ Frame F155 140 KB
140 KB 44ms
44ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7062488226882609744

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b56c21f94c846431e5d7471a8be28840608cfdb35658a50e292fb8a685e6dbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 12 May 2022 22:08:09 GMT
x-content-type-options: nosniff
age: 556587
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143004
x-xss-protection: 0
last-modified: Thu, 28 Apr 2022 11:21:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 22:08:09 GMT

GET
DATA 200
OK truncated
/ Frame F155 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js Show response
pagead2.googlesyndication.com/bg/ Frame E9CC 35 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36146783665e9d945c68f46e534cc09aa8324ce84119759e7a19fcb969346c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 17:04:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56430
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13698
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 17:04:06 GMT

GET
H3 200 bgPizza.png_1652199267860_bgPizza.png
s0.2mdn.net/dynamic/2/10958791/cdn.ad-lib.io/v2/partners/5f97d957694f690006bb0887/assets/concepts/624c5c1c43129612afb40e2a/templates/6270d609fb31e78c39c5c3b6/content/ Frame 5CBD 356 KB
356 KB 80ms
79ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10958791/cdn.ad-lib.io/v2/partners/5f97d957694f690006bb0887/assets/concepts/624c5c1c43129612afb40e2a/templates/6270d609fb31e78c39c5c3b6/content/bgPizza.png_1652199267860_bgPizza.png

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6aebc5eb8375e4849e698cbd39f9581b605750448dfcc61d6efce39b6273dbdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:37:35 GMT
x-content-type-options: nosniff
age: 140821
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 364217
x-xss-protection: 0
last-modified: Tue, 10 May 2022 16:14:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 17:37:35 GMT

GET
H3 200 bgBurger.png_1652199267860_bgBurger.png
s0.2mdn.net/dynamic/2/10958791/cdn.ad-lib.io/v2/partners/5f97d957694f690006bb0887/assets/concepts/624c5c1c43129612afb40e2a/templates/6270d609fb31e78c39c5c3b6/content/ Frame 5CBD 314 KB
314 KB 88ms
87ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25f5ff8d1cb122dff56ec587a2940fd208c29833bd87ffe04f8606268f09379e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:37:34 GMT
x-content-type-options: nosniff
age: 140822
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 321077
x-xss-protection: 0
last-modified: Tue, 10 May 2022 16:14:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 17:37:34 GMT

GET
H3 200 bgGreen.png_1652199267860_bgGreen.png
s0.2mdn.net/dynamic/2/10958791/cdn.ad-lib.io/v2/partners/5f97d957694f690006bb0887/assets/concepts/624c5c1c43129612afb40e2a/templates/6270d609fb31e78c39c5c3b6/content/ Frame 5CBD 5 KB
5 KB 83ms
81ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76e9a6570fc2330985d8b8608b9bc0bcf7824655cb183109975e38b4a207139c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:37:34 GMT
x-content-type-options: nosniff
age: 140822
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5125
x-xss-protection: 0
last-modified: Tue, 10 May 2022 16:14:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 17:37:34 GMT

GET
H3 200 deliverooPresents.png_1652199267860_deliverooPresents.png
s0.2mdn.net/dynamic/2/10958791/cdn.ad-lib.io/v2/partners/5f97d957694f690006bb0887/assets/concepts/624c5c1c43129612afb40e2a/templates/6270d609fb31e78c39c5c3b6/content/ Frame 5CBD 11 KB
11 KB 86ms
85ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2299a314e1ca18806d528a5add67c5555a4df7a3a1d473ce3e91ab005f2c874

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:37:34 GMT
x-content-type-options: nosniff
age: 140822
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11338
x-xss-protection: 0
last-modified: Tue, 10 May 2022 16:14:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 17:37:34 GMT

GET
H3 200 morrisonsLogo.png_1652199267860_morrisonsLogo.png
s0.2mdn.net/dynamic/2/10958791/cdn.ad-lib.io/v2/partners/5f97d957694f690006bb0887/assets/concepts/624c5c1c43129612afb40e2a/templates/6270d609fb31e78c39c5c3b6/content/ Frame 5CBD 8 KB
8 KB 93ms
91ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c1117aaad8ef421ac3e57c032005f20f76a986d48e1e44edc5bcecebad711e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:24 GMT
x-content-type-options: nosniff
age: 140352
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8181
x-xss-protection: 0
last-modified: Tue, 10 May 2022 16:14:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 17:45:24 GMT

GET
H3 200 waitroseLogo.png_1652199267860_waitroseLogo.png
s0.2mdn.net/dynamic/2/10958791/cdn.ad-lib.io/v2/partners/5f97d957694f690006bb0887/assets/concepts/624c5c1c43129612afb40e2a/templates/6270d609fb31e78c39c5c3b6/content/ Frame 5CBD 5 KB
5 KB 94ms
93ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c142c158c0c54c6bb7b77c7e53932236d43357d485853538dd2b95ceaad9378c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:24 GMT
x-content-type-options: nosniff
age: 140352
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5009
x-xss-protection: 0
last-modified: Tue, 10 May 2022 16:14:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 17:45:24 GMT

GET
H3 200 sainsburyLogo.png_1652199267860_sainsburyLogo.png
s0.2mdn.net/dynamic/2/10958791/cdn.ad-lib.io/v2/partners/5f97d957694f690006bb0887/assets/concepts/624c5c1c43129612afb40e2a/templates/6270d609fb31e78c39c5c3b6/content/ Frame 5CBD 5 KB
5 KB 91ms
90ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1ed6275c2a0f787c8ae949b03c8466508def84e4b926f9643dd5068c254069e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:27 GMT
x-content-type-options: nosniff
age: 140349
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5229
x-xss-protection: 0
last-modified: Tue, 10 May 2022 16:14:37 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 17:45:27 GMT

GET
H3 200 smallLogoGreen.png_1652199267860_smallLogoGreen.png
s0.2mdn.net/dynamic/2/10958791/cdn.ad-lib.io/v2/partners/5f97d957694f690006bb0887/assets/concepts/624c5c1c43129612afb40e2a/templates/6270d609fb31e78c39c5c3b6/content/ Frame 5CBD 2 KB
2 KB 93ms
92ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a1aee92d80d7f5ddb88956411664d95f0dfc2b36bf2dd12038a314d85de3bb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:27 GMT
x-content-type-options: nosniff
age: 140349
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1650
x-xss-protection: 0
last-modified: Tue, 10 May 2022 16:14:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 17:45:27 GMT

GET
H3 200 smallLogoWhite.png_1652199267860_smallLogoWhite.png
s0.2mdn.net/dynamic/2/10958791/cdn.ad-lib.io/v2/partners/5f97d957694f690006bb0887/assets/concepts/624c5c1c43129612afb40e2a/templates/6270d609fb31e78c39c5c3b6/content/ Frame 5CBD 1 KB
1 KB 93ms
92ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fdc5ad77a7b9f2c97350a74abdb8b75f8295a6ef1a9d5ec29597c83776f8a28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:27 GMT
x-content-type-options: nosniff
age: 140349
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1340
x-xss-protection: 0
last-modified: Tue, 10 May 2022 16:14:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 17:45:27 GMT

GET
H3 200 engLogo.png_1652199267860_engLogo.png
s0.2mdn.net/dynamic/2/10958791/cdn.ad-lib.io/v2/partners/5f97d957694f690006bb0887/assets/concepts/624c5c1c43129612afb40e2a/templates/6270d609fb31e78c39c5c3b6/content/ Frame 5CBD 11 KB
11 KB 90ms
89ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4ea04f63940e148b7e1d4a6cd96a531e06fdc1f6dca8b136edc37c8d84630f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/index.html?e=69&leftOffset=0&topOffset=0&c=DCsjCOPOqp&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:27 GMT
x-content-type-options: nosniff
age: 140349
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11533
x-xss-protection: 0
last-modified: Tue, 10 May 2022 16:14:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 17:45:27 GMT

GET
H3 200 stratosdeliveroo-regular.woff
s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/ Frame 5CBD 43 KB
43 KB 46ms
45ms Font
font/woff 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/stratosdeliveroo-regular.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/adlib.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f60710f6e068b35323439bfa0c7db81caf2796d43b9edc5d5cffadfcc7b80dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/adlib.css
Origin: https://s0.2mdn.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:23 GMT
x-content-type-options: nosniff
age: 140353
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43644
x-xss-protection: 0
last-modified: Thu, 12 May 2022 10:47:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 May 2023 17:45:23 GMT

GET
H3 200 stratosdeliveroo-bold.woff
s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/ Frame 5CBD 45 KB
45 KB 50ms
50ms Font
font/woff 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/stratosdeliveroo-bold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/adlib.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35059cdc43401fbcf730189eb26b53bbda8e45d58f16b89c2d236b6bbe6d839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/adlib.css
Origin: https://s0.2mdn.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:23 GMT
x-content-type-options: nosniff
age: 140353
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45640
x-xss-protection: 0
last-modified: Thu, 12 May 2022 10:47:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 May 2023 17:45:23 GMT

GET
H3 200 stratosdeliveroo-light.woff
s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/ Frame 5CBD 42 KB
42 KB 43ms
43ms Font
font/woff 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/stratosdeliveroo-light.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/adlib.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a14b003ffe0e950c19ee590ea71d46f6ba7faa8412ac5442f95ec9df010751d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9611913150374871040/970x250-SprintCities/adlib.css
Origin: https://s0.2mdn.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 17 May 2022 17:45:24 GMT
x-content-type-options: nosniff
age: 140352
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43352
x-xss-protection: 0
last-modified: Thu, 12 May 2022 10:47:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 May 2023 17:45:24 GMT

GET
H3 200 NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js Show response
pagead2.googlesyndication.com/bg/ Frame D9FE 35 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36146783665e9d945c68f46e534cc09aa8324ce84119759e7a19fcb969346c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 17:04:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56430
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13698
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 17:04:06 GMT

GET
H3 200 NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js Show response
pagead2.googlesyndication.com/bg/ Frame 9D48 35 KB
13 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36146783665e9d945c68f46e534cc09aa8324ce84119759e7a19fcb969346c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 17:04:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56430
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13698
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 17:04:06 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/5825321732835115008/ Frame F155 2 KB
1 KB 53ms
52ms Image
image/svg+xml 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5825321732835115008/logo.svg

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0fe0dabaf5e69e88b98234e97cdd6b5dd26560b787c051167a3e9eddfbc284c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 12 May 2022 22:00:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 557037
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1030
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 09:23:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 22:00:39 GMT

GET
H3 200 NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js Show response
pagead2.googlesyndication.com/bg/ Frame EF4B 35 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36146783665e9d945c68f46e534cc09aa8324ce84119759e7a19fcb969346c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 17:04:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56430
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13698
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 17:04:06 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/5825321732835115008/ Frame 4FB4 2 KB
1 KB 44ms
43ms Image
image/svg+xml 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5825321732835115008/logo.svg

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0fe0dabaf5e69e88b98234e97cdd6b5dd26560b787c051167a3e9eddfbc284c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=NehQoaFRPd&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 12 May 2022 22:00:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 557037
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1030
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 09:23:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 22:00:39 GMT

GET
H3 200 NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js Show response
pagead2.googlesyndication.com/bg/ Frame 2120 35 KB
13 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36146783665e9d945c68f46e534cc09aa8324ce84119759e7a19fcb969346c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 17:04:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56430
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13698
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 17:04:06 GMT

GET
H3 200 7062488226882609744
s0.2mdn.net/simgad/ Frame 4FB4 140 KB
140 KB 40ms
40ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7062488226882609744

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b56c21f94c846431e5d7471a8be28840608cfdb35658a50e292fb8a685e6dbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=NehQoaFRPd&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 12 May 2022 22:08:09 GMT
x-content-type-options: nosniff
age: 556587
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143004
x-xss-protection: 0
last-modified: Thu, 28 Apr 2022 11:21:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 22:08:09 GMT

GET
H3 200 7062488226882609744
s0.2mdn.net/simgad/ Frame F155 140 KB
140 KB 40ms
40ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7062488226882609744

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b56c21f94c846431e5d7471a8be28840608cfdb35658a50e292fb8a685e6dbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5825321732835115008/index.html?e=69&leftOffset=0&topOffset=0&c=aE1cMyImkQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 12 May 2022 22:08:09 GMT
x-content-type-options: nosniff
age: 556588
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143004
x-xss-protection: 0
last-modified: Thu, 28 Apr 2022 11:21:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 22:08:09 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3F41 42 B
64 B 80ms
80ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstG7M-vmCLxtnekBSel0Qfmn70-ntENFcTRaRofyvneHGTWvwn9MwbyTs9ZSKnum77_wjne-HD7dqljp2q4KzWEv0BMiOa0Rs9xKiqLVxz9FeyY6Cxi68hSPbbO&sai=AMfl-YQ5eMyJ-MwiLYU6hXqxHIpbJiIgB8JFdQ-M0VZjYDj9vYJsiWP46VBFA05LmvanDXPPeHotZczVmUlqDRJ5GwFnb0qP1iMXf3abZeKdjTNQ50dYUdr8mQs0rPwO&sig=Cg0ArKJSzFtO1Sb9hbXwEAE&cid=CAASJeRosRsS53ONYaYmlyIF4XLdw4ju9SC0QLBJt0ED7HTe6A9wEUU&id=lidar2&mcvt=1000&p=931,204,1181,1396&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220518&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2483578089&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652949875742&rpt=425&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2F78 43 B
216 B 178ms
178ms Image
image/gif 52.11.84.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1019383&asId=728c4d7a-4233-30fb-95e4-923cb0857c83&tv=%7Bc:d32BNJ,pingTime:1,time:2348,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:275%7D,%7Bpiv:100,vs:i,r:,t:1347%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1347,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:275,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1083~0,0~100%5D,as:%5B1083~300.250%5D%7D%7D,%7Bsl:i,t:1347,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:612,fm:t6gFdXZ+11%7C12%7C13%7C14*.1019383-62538988%7C141%7C142%7C1431,idMap:14*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.84.32 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-84-32.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:37 GMT
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2F78 43 B
216 B 177ms
177ms Image
image/gif 52.11.84.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1019383&asId=728c4d7a-4233-30fb-95e4-923cb0857c83&tv=%7Bc:d32BNJ,pingTime:1,time:2348,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:275%7D,%7Bpiv:100,vs:i,r:,t:1347%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1347,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:275,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1083~0,0~100%5D,as:%5B1083~300.250%5D%7D%7D,%7Bsl:i,t:1347,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:612,fm:t6gFdXZ+11%7C12%7C13%7C14*.1019383-62538988%7C141%7C142%7C1431,idMap:14*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.84.32 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-84-32.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:37 GMT
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 111ms
36ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fvsim.ua%2F&domain=vsim.ua&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://vsim.ua
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 19 May 2022 08:44:37 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1119
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fvsim.ua%2F&domain=vsim.ua&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=36TsEnxsWWVYbHFDY1E3K21JTllYNEpQdzlMWnJZeklqNWRVVDFQRCtrY0VKMkZma3o4b3BieWdnalozbHBUQWVpM3FiYlBhY3o5N2lHdGtSb1Y1VHZJTlg1NkNLaTE1bXFlSE5haW51R1R5eFp5bHl4b3h5M1JPL09DVF...

318 B
596 B

102ms
35ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=36TsEnxsWWVYbHFDY1E3K21JTllYNEpQdzlMWnJZeklqNWRVVDFQRCtrY0VKMkZma3o4b3BieWdnalozbHBUQWVpM3FiYlBhY3o5N2lHdGtSb1Y1VHZJTlg1NkNLaTE1bXFlSE5haW51R1R5eFp5bHl4b3h5M1JPL09DVFlvVEpEak1nL1V3VWdPNFhLUFFjdThPQlFzVE95Qk4vUUF4VkQvSmJmdTJrN3VlWm41bHIwTkVLWjAzN3dOZzdYaGNIMDYzL0NpUkt6aDVyMXZ0VmNldjRwZ1QyamtqaXJRNlhIK1puNHA0SSt5bzdNSWdvPXw&cppv=2

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

d4616c3cfb6c66cebc96943b97e3393b3c4dfa6f74062fbd2cdba56050445252

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:38 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3424
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:37 GMT
location: https://mug.criteo.com/sid?cpp=36TsEnxsWWVYbHFDY1E3K21JTllYNEpQdzlMWnJZeklqNWRVVDFQRCtrY0VKMkZma3o4b3BieWdnalozbHBUQWVpM3FiYlBhY3o5N2lHdGtSb1Y1VHZJTlg1NkNLaTE1bXFlSE5haW51R1R5eFp5bHl4b3h5M1JPL09DVFlvVEpEak1nL1V3VWdPNFhLUFFjdThPQlFzVE95Qk4vUUF4VkQvSmJmdTJrN3VlWm41bHIwTkVLWjAzN3dOZzdYaGNIMDYzL0NpUkt6aDVyMXZ0VmNldjRwZ1QyamtqaXJRNlhIK1puNHA0SSt5bzdNSWdvPXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1394
content-length: 482
expires: 0

POST
H/1.1 200 692.json Show response
id5-sync.com/g/v2/ 213 B
614 B 133ms
42ms XHR
application/json 141.95.98.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/692.json

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/459152/hb_306660_6693.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.70 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216620.ip-141-95-98.eu

Software

Resource Hash

de0f922c37bac368d601b9acfc027ac49467d360144a082aff399e29d34a8641

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://vsim.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://vsim.ua
date: Thu, 19 May 2022 08:44:38 GMT
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=UTF-8

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 118ms
34ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 19 May 2022 08:44:37 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1299
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 bg-img--small.jpg
vsim.ua/bundles/twentyminutuamain/img/ 5 KB
6 KB 76ms
76ms Image
image/jpeg 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/bundles/twentyminutuamain/img/bg-img--small.jpg
Requested by: Host: vsim.ua
URL: https://vsim.ua/css/3831ad9.css?73e4da98
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: bc36c65f1dc213532add7eda26bfcf948894764eb17f1ef9c7ca14a296d3534c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/css/3831ad9.css?73e4da98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
last-modified: Wed, 19 Feb 2020 13:22:57 GMT
server: nginx
etag: "5e4d36b1-1580"
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 5504
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 check Show response
vsim.ua/site_login/login/ 20 B
145 B 352ms
351ms XHR
application/json 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vsim.ua/site_login/login/check
Requested by: Host: vsim.ua
URL: https://vsim.ua/js/ed8d0db.js?73e4da98
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 9976a53c60fa10eebb92eb813e79d085205a151a4c7cf2c11d715cc3fcabc5d9

Request headers

Accept: */*
Referer: https://vsim.ua/
X-Requested-With: XMLHttpRequest
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
cache-control: no-cache, private
server: nginx
content-type: application/json
x-dev: Desktop
x-cache: BYPASS
x-stat: 1

GET
H2 200 bg_img.jpg
vsim.ua/html/20min-page/web/img/ 285 B
461 B 76ms
76ms Image
image/jpeg 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/bg_img.jpg
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 976781a6b69b836769e66569658da0331231de13c91eeb66948cb035b91f8971

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
etag: "5e4d36b2-11d"
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 285
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bg_img.jpg
vsim.ua/html/20min-page/web/img/ 285 B
461 B 76ms
76ms Image
image/jpeg 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/bg_img.jpg?73e4da98
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 976781a6b69b836769e66569658da0331231de13c91eeb66948cb035b91f8971

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
etag: "5e4d36b2-11d"
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 285
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 login_button.php Show response
www.facebook.com/v12.0/plugins/ Frame E1E7 31 KB
12 KB 173ms
173ms Document
text/html 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v12.0/plugins/login_button.php?app_id=178301089580185&auto_logout_link=false&button_type=continue_with&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfafd6a3c34bd34%26domain%3Dvsim.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fvsim.ua%252Ff14c5b442050c44%26relation%3Dparent.parent&container_width=0&layout=rounded&locale=uk_UA&login_text=&sdk=joey&size=medium&use_continue_as=true&width=250

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/uk_UA/sdk.js?hash=49185baa79f95883eff9d16fa18a326e

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

48c8e7393c5f468c13852c70cddd1d6d1986fd7e03fa810f2724a07fb32150af

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-origin
date: Thu, 19 May 2022 08:44:40 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v12.0
pragma: no-cache
priority: u=3,i
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 9lmjijaLwKNvDKQxkS03/4dtjt629ZDAtRJoLeM/tB5EwaeCHSmDN+aWYzw3leEcy/d1alKtxz4ETMOk8+vqmg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 style
accounts.google.com/gsi/ 533 B
328 B 195ms
110ms Stylesheet
text/css 2a00:1450:4001:802::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/style

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/gsi/client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-yuMRnOPmP8aLi__CQJduMw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: text/css; charset=utf-8
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-yuMRnOPmP8aLi__CQJduMw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Thu, 19 May 2022 08:44:40 GMT

GET
H2 200 0.bundle.js Show response
cdn.gravitec.net/modules/ 9 KB
4 KB 29ms
28ms Script
application/javascript 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/modules/0.bundle.js
Requested by: Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/d9345397765ace7e36f5036f718db82e/client.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 0a91fbed903c7ee569d116adee58d579d0c64775a469ee86d3cc4281f913bda1

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
content-encoding: gzip
last-modified: Wed, 02 Feb 2022 09:01:35 GMT
server: nginx
etag: W/"61fa486f-2550"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 02 Feb 2022 09:06:29 GMT
cache-control: max-age=10
x-proxy-cache: HIT

GET
H2 200 1.bundle.js Show response
cdn.gravitec.net/modules/ 32 KB
8 KB 32ms
32ms Script
application/javascript 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/modules/1.bundle.js
Requested by: Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/d9345397765ace7e36f5036f718db82e/client.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 23b89bb3578573b474d7a69e2df32e8f0ee7839a44392edb040e4117a07ce6fa

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
content-encoding: gzip
last-modified: Wed, 02 Feb 2022 09:01:35 GMT
server: nginx
etag: W/"61fa486f-8092"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 02 Feb 2022 09:06:29 GMT
cache-control: max-age=10
x-proxy-cache: HIT

GET
H2 200 2643623-fotokonkurs-moya-vishivanka-dlya-tih-hto-tsinue-ukrayinski-traditsiyi-nadsilayte-svitlini-ta-otrimayte-klasni-podarunki.jpeg
vsim.ua/img/cache/competition_photos_rtp_small/competition_photos/0027/44/ 71 KB
71 KB 108ms
107ms Image
image/jpeg 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/competition_photos_rtp_small/competition_photos/0027/44/2643623-fotokonkurs-moya-vishivanka-dlya-tih-hto-tsinue-ukrayinski-traditsiyi-nadsilayte-svitlini-ta-otrimayte-klasni-podarunki.jpeg?hash=2022-05-18-15-50-12
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 1bad75c1d6135309fd1dd27dec5d2168e550d495abb21f46255e0638b03326e5

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
last-modified: Wed, 18 May 2022 12:50:12 GMT
server: nginx
accept-ranges: bytes
etag: "6284eb84-11ae1"
content-length: 72417
content-type: image/jpeg

GET
H2 200 85684b60739df2807efe7725c215e9cf36f80ad3.webp
vsim.ua/img/cache/news_rtp_small/news/0027/45/ 27 KB
28 KB 230ms
228ms Image
image/webp 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_small/news/0027/45/85684b60739df2807efe7725c215e9cf36f80ad3.webp?hash=2022-05-19-09-34-03
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 75e834c8f170c7bdcfb50300cfd6fa1c2143627728f6e9877d24c0ee8e86daeb

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
last-modified: Thu, 19 May 2022 08:04:40 GMT
server: nginx
accept-ranges: bytes
etag: "6285fa18-6dc8"
content-length: 28104
content-type: image/webp

GET
H2 200 02e0db7412d3a0a2110543010f5d548fd0298758.webp
vsim.ua/img/cache/news_rtp_small/news/0027/45/ 30 KB
30 KB 231ms
229ms Image
image/webp 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_small/news/0027/45/02e0db7412d3a0a2110543010f5d548fd0298758.webp?hash=2022-05-18-17-03-24
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: bef6e2290e60f17ed792fe077e93f9d0f804e037fc426a72fa608c3788019cab

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
last-modified: Thu, 19 May 2022 06:18:59 GMT
server: nginx
accept-ranges: bytes
etag: "6285e153-772c"
content-length: 30508
content-type: image/webp

GET
H2 200 fd7df9ddafa9fabdb6c38edbaca96d8119f61650.webp
vsim.ua/img/cache/news_rtp_small/news/0027/45/ 16 KB
16 KB 304ms
303ms Image
image/webp 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_small/news/0027/45/fd7df9ddafa9fabdb6c38edbaca96d8119f61650.webp?hash=2022-05-18-21-56-23
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 711f8414fbf36dfc08f1e5b7e087fbedfaccf7f67a391d12a5b2dde02b5b2559

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
last-modified: Thu, 19 May 2022 08:04:40 GMT
server: nginx
accept-ranges: bytes
etag: "6285fa18-3f8c"
content-length: 16268
content-type: image/webp

GET
H2 200 ba3663fbaa55e03f274aa2bca150a5b161904c1f.webp
vsim.ua/img/cache/news_rtp_small/news/0027/43/ 18 KB
18 KB 305ms
303ms Image
image/webp 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_small/news/0027/43/ba3663fbaa55e03f274aa2bca150a5b161904c1f.webp?hash=2022-05-17-18-22-59
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 3b9e03a2bdeef6f5da38618f4ffe81e48fa97009e74af34039d642fab1394cd5

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
last-modified: Thu, 19 May 2022 06:20:00 GMT
server: nginx
accept-ranges: bytes
etag: "6285e190-4820"
content-length: 18464
content-type: image/webp

GET
H2 200 4b492c7758236344ed57f7034e931e94ae5ededc.webp
vsim.ua/img/cache/news_rtp_small/news/0027/45/ 29 KB
29 KB 305ms
304ms Image
image/webp 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_small/news/0027/45/4b492c7758236344ed57f7034e931e94ae5ededc.webp?hash=2022-05-18-20-08-39
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 1ea700bb9f94701521db3abdec6ec0c87d13d8d67c3f4b92363a35f26fd12375

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
last-modified: Thu, 19 May 2022 08:04:41 GMT
server: nginx
accept-ranges: bytes
etag: "6285fa19-7404"
content-length: 29700
content-type: image/webp

GET
H2 200 b3414b33ef7b9f87389ea4904243be2e15669cb0.webp
vsim.ua/img/cache/news_rtp_small/news/0027/45/ 32 KB
32 KB 306ms
305ms Image
image/webp 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_small/news/0027/45/b3414b33ef7b9f87389ea4904243be2e15669cb0.webp?hash=2022-05-18-17-38-08
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 879394d77f8b58e4c77d1cd95de5f60315952b96f8351568897e9d1822e30b34

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
last-modified: Thu, 19 May 2022 06:11:06 GMT
server: nginx
accept-ranges: bytes
etag: "6285df7a-7fa2"
content-length: 32674
content-type: image/webp

GET
H2 200 aebf13007d84271ecf882aa7e4f52b59b896dff9.webp
vsim.ua/img/cache/news_rtp_small/news/0027/44/ 27 KB
27 KB 307ms
306ms Image
image/webp 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/img/cache/news_rtp_small/news/0027/44/aebf13007d84271ecf882aa7e4f52b59b896dff9.webp?hash=2022-05-18-15-44-40
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: aa3c02ef2fe83961ba99ce0da6295c1caf44fa8a313626355df94bd0338b8c7f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
last-modified: Wed, 18 May 2022 18:56:34 GMT
server: nginx
accept-ranges: bytes
etag: "62854162-6d2a"
content-length: 27946
content-type: image/webp

GET
H2 200 ps3LEjFUMch.png
static.xx.fbcdn.net/rsrc.php/v3/y4/r/ Frame E1E7 441 B
716 B 40ms
39ms Image
image/png 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y4/r/ps3LEjFUMch.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v12.0/plugins/login_button.php?app_id=178301089580185&auto_logout_link=false&button_type=continue_with&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfafd6a3c34bd34%26domain%3Dvsim.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fvsim.ua%252Ff14c5b442050c44%26relation%3Dparent.parent&container_width=0&layout=rounded&locale=uk_UA&login_text=&sdk=joey&size=medium&use_continue_as=true&width=250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

17b988bc33e2b6c542f866ef473aaa3d20a9d4536a1ca636c061c5011a5ac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
x-content-type-options: nosniff
content-md5: bIdClDVUx2JypSkH1jl0jQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 441
x-fb-rlafr: 0
x-fb-debug: JcXw+/vcs0swDWvGBTO5SL79S6zSEoqrLaS/vwFq5Ru3TFyvWw+zaDSjoUy6HPueHLPnMyg5QV6NLnDdzC/fGw==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sat, 06 May 2023 09:28:42 GMT

GET
H2 200 QUXS7DOdKdi.js Show response
static.xx.fbcdn.net/rsrc.php/v3ixCr4/yp/l/uk_UA/ Frame E1E7 526 KB
139 KB 40ms
40ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3ixCr4/yp/l/uk_UA/QUXS7DOdKdi.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

df86c53a697dc444ab5a6ff5633e8234c2f970a3879b720c2725a950d7afaef9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: YrNIpwZ6ibzjI04Tfc97pw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 141647
x-fb-rlafr: 0
x-fb-debug: YyalPnCUHB9iL6S9hJlNx27YNg2LSRETm1TKaLierQKwtnzovdue3gFR5YRzsogN0rBN8TMjp2ZyeKeFE2i1iA==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Wed, 17 May 2023 05:44:27 GMT

GET
H3 200 cavalry_endpoint.php
www.facebook.com/platform/ Frame E1E7 67 B
99 B 150ms
150ms Image
image/png 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/platform/cavalry_endpoint.php?t_cstart=1652949880830&t_start=1652949880830&t_domcontent=1652949880834&t_layout=1652949880941&t_onload=1652949880941&t_paint=1652949880941&t_creport=1652949880941&t_tti=1652949880834&lid=7099365677472341348-0

Requested by

Host: vsim.ua
URL: https://vsim.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.facebook.com/v12.0/plugins/login_button.php?app_id=178301089580185&auto_logout_link=false&button_type=continue_with&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfafd6a3c34bd34%26domain%3Dvsim.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fvsim.ua%252Ff14c5b442050c44%26relation%3Dparent.parent&container_width=0&layout=rounded&locale=uk_UA&login_text=&sdk=joey&size=medium&use_continue_as=true&width=250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: br
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: no-cache
x-fb-debug: R4vYDsNxzF7PMcJQ8H5yhM3R7YyMJl9oH7uJhHPAIiAmmii9onjR7cI+X6hL2p+OHcAkkGrMPjtVEQQ/IVAr9g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 19 May 2022 08:44:41 GMT
strict-transport-security: max-age=15552000; preload
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: image/png
vary: Accept-Encoding
cache-control: private, no-store, no-cache, must-revalidate
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
10 KB 55ms
55ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022051601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4caf850dd964ffe1da2c513d125111faf14bb12e7c8ec637dd60c33958b77e03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 08:44:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10451
x-xss-protection: 0

GET
H3 200 status Show response
accounts.google.com/gsi/ 40 B
94 B 83ms
83ms XHR
application/json 2a00:1450:4001:802::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/status?client_id=218226485810-uqk03eati6qp5glmb6e91f2u24152enh.apps.googleusercontent.com&as=6gMkVITnCUwCwCrIre8qag

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/gsi/client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f493fc125a9ecb2fb148db9c991008b762c3ebdcfe57d1211324d7f5430a5bc7

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-OOKzaO9SudhU-UEIhrI5BA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://vsim.ua
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-OOKzaO9SudhU-UEIhrI5BA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lato.woff2
cdn.gravitec.net/fonts/ 14 KB
14 KB 37ms
37ms Font
application/octet-stream 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/fonts/lato.woff2
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6

Request headers

Referer: https://vsim.ua/
Origin: https://vsim.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:40 GMT
last-modified: Wed, 02 Feb 2022 09:01:35 GMT
server: nginx
etag: "61fa486f-36dc"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
expires: Wed, 02 Feb 2022 09:06:28 GMT
cache-control: max-age=10
accept-ranges: bytes
content-length: 14044
x-proxy-cache: HIT

GET
H2 200 sourcesanspro.woff2
cdn.gravitec.net/fonts/ 8 KB
8 KB 33ms
33ms Font
application/octet-stream 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/fonts/sourcesanspro.woff2
Requested by: Host: vsim.ua
URL: https://vsim.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 2bc69c1c1c4bf49e80a77f83010c01e575fd6922229943b9feb8864a492ac441

Request headers

Referer: https://vsim.ua/
Origin: https://vsim.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:41 GMT
last-modified: Wed, 02 Feb 2022 09:01:35 GMT
server: nginx
etag: "61fa486f-1e44"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
expires: Wed, 02 Feb 2022 09:06:29 GMT
cache-control: max-age=10
accept-ranges: bytes
content-length: 7748
x-proxy-cache: HIT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 19 May 2022 08:44:41 GMT

GET
H2 200 362437226.jpeg
cdn.gravitec.net/images/users/1651162056492056576/ 4 KB
4 KB 29ms
29ms Image
image/jpeg 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.gravitec.net/images/users/1651162056492056576/362437226.jpeg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 4a7ba87ff08127253564f6d997be58f8e11109edf659f6677f6af8f8459a69d7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: public
date: Thu, 19 May 2022 08:44:41 GMT
last-modified: Wed, 05 Feb 2020 13:46:42 GMT
server: nginx
etag: "5e3ac742-e67"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 3687
x-proxy-cache: HIT

GET
H2 200 bg_img.jpg
vsim.ua/html/20min-page/web/img/ 285 B
461 B 76ms
76ms Image
image/jpeg 31.41.220.94
BESTHOSTING-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vsim.ua/html/20min-page/web/img/bg_img.jpg
Requested by: Host: vsim.ua
URL: https://vsim.ua/js/ed8d0db.js?73e4da98
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.41.220.94 , Ukraine, ASN42655 (BESTHOSTING-AS, UA),
Reverse DNS: dedic.dc.besthosting.ua
Software: nginx /
Resource Hash: 976781a6b69b836769e66569658da0331231de13c91eeb66948cb035b91f8971

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:41 GMT
last-modified: Wed, 19 Feb 2020 13:22:58 GMT
server: nginx
etag: "5e4d36b2-11d"
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 285
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4F1D 13 KB
5 KB 41ms
41ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:42:08 GMT
expires: Fri, 19 May 2023 08:42:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8BD6 783 B
533 B 54ms
54ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8a3c218728f620f977c51b26f53dce5795a26204cb5966559ea048c73e59644b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Tcb0s791tgoCq6dziyff4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://vsim.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-Tcb0s791tgoCq6dziyff4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 08:44:41 GMT
expires: Thu, 19 May 2022 08:44:41 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js Show response
pagead2.googlesyndication.com/bg/ Frame 4F1D 35 KB
13 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/NhRng2ZenZRcaPRuU0zAmqgyTOhBGXWeehn8uWk0bEI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36146783665e9d945c68f46e534cc09aa8324ce84119759e7a19fcb969346c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 18 May 2022 17:04:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56435
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13698
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 17:04:06 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8BD6 0
0 91ms
90ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022051601&jk=675877923270752&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4F1D 0
9 B 41ms
40ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?WqCdsA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 19 May 2022 08:44:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2F78 43 B
215 B 179ms
178ms Image
image/gif 52.11.84.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1019383&asId=728c4d7a-4233-30fb-95e4-923cb0857c83&tv=%7Bc:d32CQf,pingTime:5,time:6348,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:275%7D,%7Bpiv:100,vs:i,r:,t:1347%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5001,o:1347,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:275,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1083~0,0~100%5D,as:%5B1083~300.250%5D%7D%7D,%7Bsl:i,t:1347,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5001~100%5D,as:%5B5001~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:184,fm:t6gFdXZ+11%7C12%7C13%7C14*.1019383-62538988%7C141%7C142%7C1431,idMap:14*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.84.32 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-84-32.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:41 GMT
x-server-name: dt02.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2F78 43 B
215 B 178ms
177ms Image
image/gif 52.11.84.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1019383&asId=728c4d7a-4233-30fb-95e4-923cb0857c83&tv=%7Bc:d32CQf,pingTime:5,time:6348,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:275%7D,%7Bpiv:100,vs:i,r:,t:1347%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5001,o:1347,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:275,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1083~0,0~100%5D,as:%5B1083~300.250%5D%7D%7D,%7Bsl:i,t:1347,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5001~100%5D,as:%5B5001~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:184,fm:t6gFdXZ+11%7C12%7C13%7C14*.1019383-62538988%7C141%7C142%7C1431,idMap:14*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.11.84.32 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-11-84-32.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 08:44:41 GMT
x-server-name: dt03.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 92ms
92ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022051601&jk=675877923270752&bg=!kZKlktbNAAZL3OSAa9w7ACkAdvg8Wo_Ja0YYMQLhycS9X1cwH4bhK40w-USkJAXv36R5GZTp213cSwIAAABVUgAAAAJoAQeZAp3jlJf8HbpHrvk3KpufOYUGGLPcXH27Tr0ddhFBrOGb84ZedtLauJTZiiwq_iBUgmjHvOTpOOpIZa8JVNIcYje12Qf5QhTtQgt_WjMaNcqG2zFEGEecXrFqAvp0HBydNcQjdwPBtsZ9EIDwWivjj-rSqDBoqDq8INiuxwYgHjwR0BO35Ek9tFixU-RafbP1bJBhNqYHyogD_Vnnhf3eTQL4Ew5seu7igF4hRuxlnaOJZAXBtUhCEGqRRzOowkq25N6cJrq3UQc_3-OBaVWi8Yt29Y8mMfHYsfKWY-OIGVkoComiMx1Z4sW8zon60dsXCtO5p2k0T0YQZruKtdtwg52pFJ0XdWJkN2Wto3W45sPFWMZX6YU-ir6gLZlOjeWdPl9OcIQUAwTN2oTxSS4mO8KEaewWqRLlRyukd45Ldgm311K72Y9UWHa5IQ3RWYsBAy6u2vBaa4B-eSU52x7DvcfmoBO3o47BAk7vGyqdDB6feN47cQbuJj2ljtEpftDEY3F_FelsBNsLKeN02a_jZWnTspGdUobXKc1QFn0o5mhHufRS56MDxlB4XEDB2IVH1tSpl1Tjn5aLxqVDu2c2qqR7DM_p6Cq1XR5R1_wa7f8J5-whusPrEfZt_DqX6JvcGNUTIOXn2CXmXp1nLoUD4Ms4vT0OaIzMQQgKjHsGAQ_Z7akNs899iEyp2mjehj2-7HwzyFJiUeV6FmsjmNLIXDxAsNFoqGVGVD8WDE8f9uz_owfIcPzd_Vy0Qt8NqMqqlRa7UBXNfPtfmnAlUJjok9GIC2Cj-SqXkgW4Pxl16cP8A1cabn3qAT9JkTvt0xinuLh8cQsru2IlcusKt9B9RXqa51FuLgdbNsWiL8oYqbhujvRgw01c7jtDFWgIezs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://vsim.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEFtQInY0NEh7kLnoMUvYvjs&google_cver=1&google_push=AYg5qPLlH4N9-U8K0rTYWdcWOK90-ed6PDFhFdryJKY9nDO5f8oWHmozm6H_POK5vTkwI9VseKbQZOQKtXtX9MSgy0YEOScPGsSigm4

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEFtQInY0NEh7kLnoMUvYvjs&google_cver=1&google_push=AYg5qPIl_63Jsf-hFw2WawtwH7Oz4cWOHWSPFWg6AQVpXRIrgTgsPJ4qAWPBv-kO6Y0C1uv1QfzbjDW9XL_hdJv58OnIq2Mu0HrQOQ

Verdicts & Comments Add Verdict or Comment

122 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

47 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
vsim.ua/	1970-01-20 03:09:10	Name: Value: undefined
.vsim.ua/	1970-01-20 05:18:45	Name: _fbp Value: fb.1.1652949874236.85221478
vsim.ua/	1970-01-20 20:40:21	Name: GN_USER_ID_KEY Value: 06ea298b-7ee1-415f-93f2-4b49eabaef98
vsim.ua/	1970-01-20 03:09:11	Name: GN_SESSION_ID_KEY Value: b7cccfcc-7b14-42ba-9fc1-ce569da0432d
.vsim.ua/	1970-01-20 03:09:13	Name: AMP_TOKEN Value: %24NOT_FOUND
.vsim.ua/	1970-01-20 03:10:36	Name: _gid Value: GA1.2.753912524.1652949874
.vsim.ua/	1970-01-20 03:09:09	Name: _gat Value: 1
vsim.ua/	1970-01-20 03:09:10	Name: browser_id Value: 84b63b71-dc85-4921-84a5-844ecd19e374
vsim.ua/	1970-01-20 03:09:10	Name: remp_session_id Value: 6883b17e-df3c-43cb-9bf9-910b870bef0c
.facebook.com/	1970-01-20 05:18:45	Name: fr Value: 0ufdempiY9I45g9yF..BihgNy...1.0.BihgNy.
.vsim.ua/	1970-01-20 20:40:21	Name: _ga_0CS1NTGGLB Value: GS1.1.1652949874.1.0.1652949874.60
.vsim.ua/	1970-01-20 20:40:21	Name: _ga Value: GA1.1.1381145664.1652949874
vsim.ua/	1970-01-20 03:52:21	Name: _pbjs_userid_consent_data Value: 3524755945110770
.vsim.ua/	1970-01-20 11:54:45	Name: _pubcid Value: b510f659-ef44-4219-a70f-c36b2409c207
pbjs.e-planning.net/	1969-12-31 23:59:59	Name: CT Value: 1
.e-planning.net/	1970-01-22 16:28:21	Name: E Value: AJH8cyy4LMQ6KSQW
a4p.adpartner.pro/	1970-01-20 04:35:33	Name: apuid Value: 5a33ee0d-75be-4bbc-aaaa-b155c60e1b76
.adnxs.com/	1970-01-20 05:18:45	Name: icu Value: ChgIq9pcEAoYASABKAEw8oaYlAY4AUABSAEQ8oaYlAYYAA..
.adnxs.com/	1970-01-20 05:18:45	Name: uuid2 Value: 2124761623664854620
.casalemedia.com/	1970-01-20 05:18:45	Name: CMPS Value: 711
.casalemedia.com/	1970-01-20 11:54:45	Name: CMID Value: YoYDc5Iw7O0z-PH3ey.YOQAA
.casalemedia.com/	1970-01-20 05:18:45	Name: CMPRO Value: 287
.adtelligent.com/	1970-01-20 04:38:26	Name: vmuid Value: aadb9d2efc2c7440
.adtelligent.com/	1970-01-20 04:38:26	Name: a307558 Value: 5a33ee0d-75be-4bbc-aaaa-b155c60e1b76
.doubleclick.net/	1970-01-20 12:30:45	Name: IDE Value: AHWqTUmJMTq2WXxAuAnwYn7xn3mflZbycrTpOLGx5rvR1KIdNfUTBZK1w4ceQg2_tTc
.vsim.ua/	1970-01-20 12:30:45	Name: __gads Value: ID=bdc06791f94c1f56:T=1652949874:S=ALNI_MYkKxfNo8AaeDt6aoFyIYhjrKF4pQ
.casalemedia.com/	1970-01-20 03:10:36	Name: CMST Value: YoYDc2KGA3QA
.adnxs.com/	1970-01-20 05:18:45	Name: anj Value: dTM7k!M41.D>6NRF']wIg2ImSKNfg2!A#Ex.TOKKnyW<U1`VROYQM-:=:Gq%a>M7NK(IA2?P/.BYPFrXDGIy@`Qe$w/X%W#.wL4W1Qw1@-$8xe
.casalemedia.com/	1970-01-20 11:54:45	Name: CMRUM3 Value: 2d628603742760CAESELwIjqi5JGmv1SOO7Kd28kk
.rlcdn.com/	1970-01-20 11:54:45	Name: rlas3 Value: oV2gW94wXPTHiQHKBcO6LOPLinkFk3qHkVAqWftIpz4=
.pubmatic.com/	1970-01-20 03:10:36	Name: KTPCACOOKIE Value: YES
.quantserve.com/	1970-01-20 05:18:45	Name: d Value: ECgBCQGWJoEA
.quantserve.com/	1970-01-20 12:39:24	Name: mc Value: 62860374-503b4-a1c8f-6c02a
.pubmatic.com/	1970-01-20 05:18:45	Name: KADUSERCOOKIE Value: 37497CBF-DBE3-4314-96C0-0E2109BE50EB
.rlcdn.com/	1970-01-20 04:35:33	Name: pxrc Value: CPSGmJQGEgUI6AcQABIGCOndKhAA
.e.dlx.addthis.com/	1970-01-20 12:39:24	Name: na_tc Value: Y
.addthis.com/	1970-01-20 12:39:24	Name: na_id Value: 2022051908443600076314763951
.addthis.com/	1970-01-20 12:39:24	Name: na_tc Value: Y
.addthis.com/	1970-01-20 12:39:24	Name: uid Value: 628603741d566224
.addthis.com/	1970-01-20 12:39:24	Name: ouid Value: 628603740001df4391e87e0d5f851fdb2ab7e00b69a3808a5000
.dlx.addthis.com/	1970-01-20 03:52:21	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 03:52:21	Name: na_sr Value: 20220519
.dlx.addthis.com/	1970-01-20 03:09:09	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 03:52:21	Name: na_sc_e Value: 0
.vsim.ua/	1970-01-20 12:30:45	Name: cto_bundle Value: 1H7Bul92JTJCUGZtQXAxa2NWQmJJSG5zQzNocWpzQ014ZE1Pbk9JMG9YTzBSNDV1cmhiWmltTE0wZmk0QzNkS3NVNWFMT3BpNHdtZ0VvQXJ1ZzAyV2hrbDlrMEVUUjEyNTNwSTc5RDklMkJhUEduREVYQTQlM0Q
.vsim.ua/	1970-01-20 12:30:45	Name: cto_bidid Value: oXevRl9CQW9jNFVGbU5yb2s3RlU4dElwUjd6Q1hFZnZuTllhRHNVcE1QSCUyQjJsN1VBaU4waVlsJTJCMWlGQVl6djd4bXJhT2l2UFZOMU02WGpSa0h5ejZ0MGxvWnclM0QlM0Q
vsim.ua/	1978-01-11 21:31:40	Name: subscriber_life Value: %7B%22order%22%3A%5B%22modal_mail%22%5D%2C%22modal_mail%22%3Afalse%7D

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEFtQInY0NEh7kLnoMUvYvjs&google_cver=1&google_push=AYg5qPLlH4N9-U8K0rTYWdcWOK90-ed6PDFhFdryJKY9nDO5f8oWHmozm6H_POK5vTkwI9VseKbQZOQKtXtX9MSgy0YEOScPGsSigm4 Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEFtQInY0NEh7kLnoMUvYvjs&google_cver=1&google_push=AYg5qPIl_63Jsf-hFw2WawtwH7Oz4cWOHWSPFWg6AQVpXRIrgTgsPJ4qAWPBv-kO6Y0C1uv1QfzbjDW9XL_hdJv58OnIq2Mu0HrQOQ Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
network	error	URL: https://leokross.com/vAW/aGeq.js Message: Failed to load resource: the server responded with a status of 504 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9eaf5bb1d291e4031a8ef3c37829dff2.safeframe.googlesyndication.com
a4p.adpartner.pro
accounts.google.com
adservice.google.co.uk
adservice.google.com
adtelligent-d.openx.net
ampcid.google.com
analytics.google.com
api.gravitec.media
cdn.gravitec.media
cdn.gravitec.net
cm.g.doubleclick.net
cms.quantserve.com
code.createjs.com
connect.facebook.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e.dlx.addthis.com
fonts.googleapis.com
fw.adsafeprotected.com
ghb.adtelligent.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
googlecm.hit.gemius.pl
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id.gravitec.net
id.rlcdn.com
id5-sync.com
image6.pubmatic.com
leokross.com
mug.criteo.com
odr.mookie1.com
pagead2.googlesyndication.com
pbjs.e-planning.net
pixel.everesttech.net
pixel.rubiconproject.com
player.adtelligent.com
prebid-eu.creativecdn.com
rtb.openx.net
s0.2mdn.net
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.xx.fbcdn.net
stats.g.doubleclick.net
sync.adtelligent.com
tpc.googlesyndication.com
tracker_beam.20minut.ua
unpkg.com
vsim.ua
www.facebook.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googleoptimize.com
www.googletagmanager.com
www.googletagservices.com
googlecm.hit.gemius.pl
104.36.115.111
141.95.98.70
142.250.185.226
172.217.16.130
178.250.2.146
185.184.8.90
198.47.127.19
23.32.59.34
23.35.236.247
2600:9000:214f:2600:8:48e:53c0:93a1
2606:4700::6810:7eaf
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:802::200d
2a00:1450:4001:803::2002
2a00:1450:4001:808::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2006
2a00:1450:4001:811::2004
2a00:1450:4001:812::2002
2a00:1450:4001:812::200e
2a00:1450:4001:813::2001
2a00:1450:4001:813::200e
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2003
2a00:1450:4001:830::2001
2a00:1450:400c:c08::9a
2a02:2638::1c
2a02:26f0:3500:11::215:14dc
2a02:6ea0:c700::16
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a0c:5c81:5142::2
31.41.216.82
31.41.220.94
34.98.67.61
35.186.253.211
35.244.159.8
35.244.174.68
37.252.173.38
45.133.44.3
5.178.65.245
51.83.220.94
52.11.84.32
52.174.47.89
52.214.225.206
54.171.106.179
62.149.0.72
69.173.144.138
69.192.160.219
79.171.117.17
0351eef55e48244d3adae2b701dc82e6696074e872889aa2b4587448a2339671
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
08d6666758af18eced874d9bd0e8e02cba994d43afa9ed5c6f57ff165fa36e79
0a91fbed903c7ee569d116adee58d579d0c64775a469ee86d3cc4281f913bda1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127971f0d7e0ac5bc266c81c7a858e1ecf84e318238f2d36d2aec12dc6b6d211
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14bc39992af81455e79ae64d1f18aaf5e686a71abeb36a67c2ed8a0d72d237f4
14e4699a9706867363ccdfcc60f64545b6529ff6eb4ce7b0072183b2acb20816
17b988bc33e2b6c542f866ef473aaa3d20a9d4536a1ca636c061c5011a5ac5a1
1bad75c1d6135309fd1dd27dec5d2168e550d495abb21f46255e0638b03326e5
1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae
1d0dcf41a597f0a35c102fe48214216f472ed68dc297683a72c8e2ddf799a9fc
1ea700bb9f94701521db3abdec6ec0c87d13d8d67c3f4b92363a35f26fd12375
1f0c2b0a2c352645b53399aff7d600aef3a1d49377280b4dbe6d6d8cc291a935
1fdc5ad77a7b9f2c97350a74abdb8b75f8295a6ef1a9d5ec29597c83776f8a28
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
23b89bb3578573b474d7a69e2df32e8f0ee7839a44392edb040e4117a07ce6fa
25f5ff8d1cb122dff56ec587a2940fd208c29833bd87ffe04f8606268f09379e
270afa1b13087c609baef1d8a4f7652ac5be30b175ff7f78822f8a2d9be5dee1
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2bc69c1c1c4bf49e80a77f83010c01e575fd6922229943b9feb8864a492ac441
2c52fea16ae623e19906e32d276be5f40a95f6ca014e31ce41d61268fc925c97
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f42c410eba2c4dc22b4c39f686000a1a7093a01b84551a19ffc30b26c72a86a
2f76ba226994ecb7176fab779e3029596942490adf9c4b3368403deb3f6f7438
31c108c32113ea7639aaed085b54a2fad04574040934daf5ae2a5c2c1c7a7b3d
34b32035c62caeb6ba158476cdc55287421596f7db6cfc52ca84d7a7bede75aa
35059cdc43401fbcf730189eb26b53bbda8e45d58f16b89c2d236b6bbe6d839b
35d962f44b1208c783395315f2793914f30a7df4aed795e62885e30675532830
36146783665e9d945c68f46e534cc09aa8324ce84119759e7a19fcb969346c42
37593767f544317c9c3e032830d3ee92b32efb73404c3f6cee45c97690ec5acd
3ad0f2e6c3d471a65e17b9a6a7ed1b86dd843096660baec11ce2ba27914e8a3d
3b9e03a2bdeef6f5da38618f4ffe81e48fa97009e74af34039d642fab1394cd5
3bbbbfcf8b9551e755dee25db502c6b040bb60e8264a8213f572eea26889f423
3c1117aaad8ef421ac3e57c032005f20f76a986d48e1e44edc5bcecebad711e0
3edf37b09fb42709603ac5c23b5377ad1ff8e4dc92cb71fb8004c883176fd803
3f7395272e337bd77d47ff9ba8f42f01348f039527171842d0cd2f802e322721
437b62002b3aa74ee137d19b391dca8654b56dae86142648176149bc0d7b823c
455899bd49233704c86395d399949322bc482fb0a71a390940b80a806914f7d5
47002fd3e92215dc6f0048d84786de980335e02e8074248194ed138e51ca3c56
4712dc32650c53d35a9d9b6e7502c6ee32f834edab73b0499c68f59c67e317d3
48a44694aa812da949e13193b5f53b358bccae267beb63b7edf0b53f9a72f9a6
48c8e7393c5f468c13852c70cddd1d6d1986fd7e03fa810f2724a07fb32150af
4a7ba87ff08127253564f6d997be58f8e11109edf659f6677f6af8f8459a69d7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4caf850dd964ffe1da2c513d125111faf14bb12e7c8ec637dd60c33958b77e03
4da109652beb80164727827c8876b26b430623a344908162f4fbfd4133e589bb
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
54d90cc66e9a68dee4852224da6009bec7ebaae5b9525a725c35df30b18a812e
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
562a8a15e1881723d0fa7826cbaf1ca561428ab33b7ef214b6894449e9a76a34
5922146b2e06c28e1e0d74320e45416f67d6367dfe9871344ae0b0cfa7af3ec5
5cd68545132b7f79bc60bfa1926da295eb73eeb7ec2f172026bab079794937b6
5ee58d63b466de0f67a216954ad930f8cfa99fcb23b97c3c27e9c714520d2fa6
5f303a0de1cfe53713218d7f8b6d58cb3a85e0946f81cf0e4b79d1ce76e3a97b
605ff3cbddb9a4113dea8cee7a27034a03dfd09a3cf7fb3cb3e338d6d4cdf580
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61eeccfd65fea910982729c57a04eee5d5eafe0935ea6a3635c576324e404073
622afe30d9d537bb21391e4f105d06c26c7dccf215b663de982606ff4441d0e2
65807d3cd98d4d6ddb468c2c1be8e292aec87b9385bfb84598e303e6ee88988a
65ac8994c1c17920b580a1d55d69bd021a3f35fba06c228f47733751a18d2a16
67656b202a63c834a0a072643bad67ecd2b25edf681a8ec7e762d734af2a14fb
6aebc5eb8375e4849e698cbd39f9581b605750448dfcc61d6efce39b6273dbdc
6aed3a238eccdba51ccad99da44ae89e563a5e561cff593bdaa35982b8cc16f5
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6fd122f2f006c30c2cfdca346e270fc954a42458750fe0b6b28e96de4421da64
711f8414fbf36dfc08f1e5b7e087fbedfaccf7f67a391d12a5b2dde02b5b2559
7379d47cbf147b3d98794cfc82cbe49bc0bff579e48af5de2c3370f7df1192fe
75e834c8f170c7bdcfb50300cfd6fa1c2143627728f6e9877d24c0ee8e86daeb
7674f053b59fb4b16609b643eb244e9be19901123383a7f41909c8bdae1fffb8
76d7c81bff643d6341543d4f1164a7a113c900e99de7feb1fffa78a96d3df495
76e9a6570fc2330985d8b8608b9bc0bcf7824655cb183109975e38b4a207139c
76f10504ce520bf48b39afca88dc6ff8cc5c5cbe7dc08c6bf76ee9e31fd82d63
7d55d36ab7029a3ac11096692671cdfc36fa8446e8cf7584fc23de06074b0f85
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499
818bf842cf97d4f34b69c7713391a957dcd7d093b48b27c47ad286657e68c319
8460aaf36b73e229c6b0fcaf7bac791e23c3145e87de6a04d0d91541e39289b6
879394d77f8b58e4c77d1cd95de5f60315952b96f8351568897e9d1822e30b34
87e36f6113145798fd0bef9811d421b555449f0f3a6499d70fec815c081afaa2
88b263a05e0fa2a8084852de8152c02ade2b1cb33a2d9bbb780a2d9561e48c63
8977214b71e8dabd6c4fa6e5279934952253435fbed6e2f1c0c9bd1e5ebd2dee
8a3c218728f620f977c51b26f53dce5795a26204cb5966559ea048c73e59644b
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8e4119a95b3df87dd503f7ecf26abb56c09a4cfd57fc81064f693422791f2ecf
8f60710f6e068b35323439bfa0c7db81caf2796d43b9edc5d5cffadfcc7b80dc
91c51f424031f6d025726982227527bc60cdc06c4bbe948cda46c66c54c2a695
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
976781a6b69b836769e66569658da0331231de13c91eeb66948cb035b91f8971
9976a53c60fa10eebb92eb813e79d085205a151a4c7cf2c11d715cc3fcabc5d9
9a14b003ffe0e950c19ee590ea71d46f6ba7faa8412ac5442f95ec9df010751d
9a1aee92d80d7f5ddb88956411664d95f0dfc2b36bf2dd12038a314d85de3bb7
9a62693b523955f6ddca2965c2e8be1a7bcb1d41e6e98f6834abf23f0090bed6
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ace55ef9b43ad6845d7106ee0e3a7d42207e5968e008511f9472e1c11ba3b42
9d1cb86ec27e86dfdefab39206fb510070d00b81d91f11ddc6720e3c62629d32
9ddc95507676c16045fd509f101f5dfe5e57b1c28a5b55cebe9b857deb7f7d49
9f2e24b95c962fffb41eede228d0c5c7681cf9bc3dd3ece2440412ec4246d84e
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2299a314e1ca18806d528a5add67c5555a4df7a3a1d473ce3e91ab005f2c874
a325579c10c9e8fddfb15e7bbbcdbc9918970d29b3d30c8a7aceb566d5533830
a36bfd3fedc4de53ba1257df64af6651b37393ea12bc3311194de3182cd392c0
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726
a8fad7ea6d56c85bc473f0091aa9870e4a7db6609c037eac826ed00c68ea3fb3
a94d8c0bf7975d1691e8d89713ad936f9a18bb8f0f2b0a3bca3464ddc6e51b3c
aa3c02ef2fe83961ba99ce0da6295c1caf44fa8a313626355df94bd0338b8c7f
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1
ae45377af9d89238bdd28995edb79dc857c596ee256268874c5478e020807211
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aef231caad9876f19aba7e2abc99353c2a2f45b4fee982fd2ca7edc59978a8f4
b062a3c1ac11d9923abd92b5eaa4d8fc510fe74793f3d58bf2fb863610d1124b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f484070f3a01a04875ffb1e467f31eac8336a3456c807400b47f1c51f53a58
b50736d5ec0097525d6ff80d1b680bbbec44ada253b9f2c8171d76ec1350c28e
b56c21f94c846431e5d7471a8be28840608cfdb35658a50e292fb8a685e6dbcf
b8b9e3e8e1276c694f2cb8c6957a36d9d8ec542a8fd8d2166ed58d6897aaaa30
bb81a3f6452967a392101c3127a76d8b5f22cafd70f8baa1046cc753aa5a0824
bb8633b051440ef4e2ff524c488cd4e4659c1e8fdf81afa3caa1808a7a2180b5
bc36c65f1dc213532add7eda26bfcf948894764eb17f1ef9c7ca14a296d3534c
bc3e663c04457b01b6c7e1b312f78d1ef65fa48c26263e42ecd4969820b95e54
bc9c2a692b2e51f7452889365de85134341d53f8d36539cdaef3a8277db2edd1
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
bef6e2290e60f17ed792fe077e93f9d0f804e037fc426a72fa608c3788019cab
c0f3f63b8aa81276ab867ee8172db9e3f7a03df59f3c868670c35cd7c635c762
c142c158c0c54c6bb7b77c7e53932236d43357d485853538dd2b95ceaad9378c
c1ed6275c2a0f787c8ae949b03c8466508def84e4b926f9643dd5068c254069e
c27892bd71384adac683da0fa31b1eb7d2133448b8b03dc247e0a4c6cf965f30
c58d94b6df595658e089161d76109eafa31730cc53de93109368095b74608e2f
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc4c519935729ddf40ee4d358df251dc9e836ad9e83de489db85e649b2e0bf22
cd2056d3c5a5f9a087647154dc26dbed362a61b733a6cbc8d9e5330b4f4d4284
d354dc3c7f109d586d212e930038bc915348b2d46e7cd49ddf23cd14ccb11c2c
d4616c3cfb6c66cebc96943b97e3393b3c4dfa6f74062fbd2cdba56050445252
dd6bfabd983e40a92cd350180c9a98cd9e3f282335f73b2c2537ba3d4c9332d8
de0f922c37bac368d601b9acfc027ac49467d360144a082aff399e29d34a8641
df86c53a697dc444ab5a6ff5633e8234c2f970a3879b720c2725a950d7afaef9
e248ccf39aee781866abb6a97023d16144fb3394017395b0594174c9f1904a2b
e2b2bdeae208e22fa3caab9049518f24db02568033e6083aa733029723ea1ce4
e2b7b9272f1017729c3e558079374c7e3b8cee5e47d5115b0a52544e41fccf8d
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e2fa9f11d8500691a31d8d2c4edcdcce235325f668ec0540de3c7a988d44ca92
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e51999eebc0b9e4ac7b5387bf86f7c05970eb7b77df960003955d399e232c5c1
e7214401936859098670a5142026ce776d3565a9ba81eb2525c04b066044d322
e81753a8f9689cc6359d1219ef65e37e7827db414e82711378357de5377c18a7
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
e98501745c1500c02ede59eb329ac24f220509633741250b371199ecc9020ea8
eaa8ed6fa427f2e003afef9cda40e58504987efa459bce2ac97f46be448a6db7
eaf2c9137e521e1f030246115b742374c4594cc7facea8f516f19f44ffe05571
eccd88565d076df2201301bafbec831407665672e90f547f4de6c0cf850be75a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0fe0dabaf5e69e88b98234e97cdd6b5dd26560b787c051167a3e9eddfbc284c
f38ce7391432873bb0c5fb3213b9778672e660d94aeb1ede0ba5b59d2625305c
f3def127bfa2537ced4c73a8a4efbe687f8428326e7e7d6872311d590a2fe6b0
f415cb6a326034f8bb0bf49096a985573631a3d79f31dd9981bb412a86bfae05
f493fc125a9ecb2fb148db9c991008b762c3ebdcfe57d1211324d7f5430a5bc7
f4ea04f63940e148b7e1d4a6cd96a531e06fdc1f6dca8b136edc37c8d84630f0
f6d1d4579c1f95c98b7d9a09e3fdc5b39489e01c57551640a15a3dc5517626c0
f8943f1dd74d07f839966b22be8d8202b4e5a7d2011ea9dd8b39130de88abbb5
fa058ce5fd598607573ff9194857267322682a83b3547840b211bce2ef4bd5c0
fa790aa2667f45ccaceb5fdc2f784c856eb3d4ac5a3e8ba5b2aacec8c8b2722b

vsim.ua Open in urlscan Pro 31.41.220.94 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

314 Requests

88 %HTTPS

48 %IPv6

38 Domains

60 Subdomains

47 IPs

9 Countries

5161 kBTransfer

11974 kBSize

47 Cookies

13 Outgoing links

Page URL History

Redirected requests

314 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

vsim.ua Open in urlscan Pro
31.41.220.94 Public Scan

Screenshot
Live screenshot

Full Image

314
Requests

88 %
HTTPS

48 %
IPv6

38
Domains

60
Subdomains

47
IPs

9
Countries

5161 kB
Transfer

11974 kB
Size

47
Cookies

314 HTTP transactions
7 data transactions