paint-online.ru Open in urlscan Pro
144.76.112.100 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://paint-online.ru/
Submission: On December 14 via api (December 14th 2023, 6:08:21 am UTC) from US — Scanned from DE

Summary HTTP 200 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 39 IPs in 10 countries across 59 domains to perform 200 HTTP transactions. The main IP is 144.76.112.100, located in Dottingen, Germany and belongs to HETZNER-AS, DE. The main domain is paint-online.ru.
TLS certificate: Issued by R3 on November 24th 2023. Valid for: 3 months.

This is the only time paint-online.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	144.76.112.100 144.76.112.100	24940 (HETZNER-AS) (HETZNER-AS)
17	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
10 18	2a02:6b8:a::a 2a02:6b8:a::a	208722 (GLOBAL_DC) (GLOBAL_DC)
1	2.17.190.170 2.17.190.170	16625 (AKAMAI-AS) (AKAMAI-AS)
5 17	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
4 20	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
9	2a02:6b8:20::215 2a02:6b8:20::215	208722 (GLOBAL_DC) (GLOBAL_DC)
23	2a02:6b8::90 2a02:6b8::90	208722 (GLOBAL_DC) (GLOBAL_DC)
1	2a02:6b8::184 2a02:6b8::184	208722 (GLOBAL_DC) (GLOBAL_DC)
1	2a02:6b8::36 2a02:6b8::36	208722 (GLOBAL_DC) (GLOBAL_DC)
1 1	35.177.4.157 35.177.4.157	16509 (AMAZON-02) (AMAZON-02)
3 3	142.132.138.212 142.132.138.212	24940 (HETZNER-AS) (HETZNER-AS)
1 1	193.3.184.219 193.3.184.219	50214 (QWARTA) (QWARTA)
3 4	203.195.121.141 203.195.121.141	7979 (SERVERS-COM) (SERVERS-COM)
1 2	54.75.61.252 54.75.61.252	16509 (AMAZON-02) (AMAZON-02)
1	52.45.175.185 52.45.175.185	14618 (AMAZON-AES) (AMAZON-AES)
1 8	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1148:db0... 2a00:1148:db00::17	47764 (VK-AS) (VK-AS)
1 1	144.126.246.116 144.126.246.116	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	18.158.157.189 18.158.157.189	16509 (AMAZON-02) (AMAZON-02)
1	82.145.213.8 82.145.213.8	39832 (NO-OPERA) (NO-OPERA)
1	77.245.57.72 77.245.57.72	36057 (WEBAIR-IN...) (WEBAIR-INTERNET-MTL)
1 1	2001:6d0:4001... 2001:6d0:4001::226	52016 (ADFACT) (ADFACT)
1 2	34.111.129.221 34.111.129.221	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	37.230.131.21 37.230.131.21	200197 (HYBRID-PO...) (HYBRID-POLAND)
2 2	185.15.175.130 185.15.175.130	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
1 1	84.38.189.44 84.38.189.44	49505 (SELECTEL) (SELECTEL)
1	34.255.40.44 34.255.40.44	16509 (AMAZON-02) (AMAZON-02)
1 1	159.69.141.123 159.69.141.123	24940 (HETZNER-AS) (HETZNER-AS)
3 3	217.199.220.44 217.199.220.44	61400 (NETRACK-AS) (NETRACK-AS)
2 2	185.40.31.213 185.40.31.213	61400 (NETRACK-AS) (NETRACK-AS)
2 2	217.66.147.33 217.66.147.33	29209 (SPBMTS-AS...) (SPBMTS-AS Malaya Monetnaya Street 2-A)
3 3	217.66.147.38 217.66.147.38	29209 (SPBMTS-AS...) (SPBMTS-AS Malaya Monetnaya Street 2-A)
2 2	213.87.44.187 213.87.44.187	13174 (MTSNET Mo...) (MTSNET Moscow)
1 1	130.193.58.13 130.193.58.13	200350 (YANDEXCLOUD) (YANDEXCLOUD)
1 1	217.65.2.150 217.65.2.150	3175 (CITYTELEC...) (CITYTELECOM-MSK)
1 2	167.235.186.113 167.235.186.113	24940 (HETZNER-AS) (HETZNER-AS)
1 1	91.192.150.30 91.192.150.30	42481 (BEGUN-AS) (BEGUN-AS)
2 2	193.232.148.146 193.232.148.146	48061 (UMA-TECH-AS) (UMA-TECH-AS)
1	2606:4700:20:... 2606:4700:20::681a:e45	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	185.98.54.153 185.98.54.153	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1 2	77.244.216.90 77.244.216.90	49505 (SELECTEL) (SELECTEL)
1 2	95.217.109.66 95.217.109.66	24940 (HETZNER-AS) (HETZNER-AS)
1 1	88.212.202.52 88.212.202.52	39134 (UNITEDNET) (UNITEDNET)
2	81.222.128.214 81.222.128.214	20597 (ELTEL-AS) (ELTEL-AS)
2 3	31.172.81.172 31.172.81.172	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1	195.201.106.117 195.201.106.117	24940 (HETZNER-AS) (HETZNER-AS)
2 2	188.42.105.220 188.42.105.220	7979 (SERVERS-COM) (SERVERS-COM)
2 2	178.63.75.168 178.63.75.168	24940 (HETZNER-AS) (HETZNER-AS)
2 2	89.108.120.76 89.108.120.76	197695 (AS-REG) (AS-REG)
1 1	45.9.27.120 45.9.27.120	208677 (CLOUDRU-AS) (CLOUDRU-AS)
1 1	87.242.93.185 87.242.93.185	208677 (CLOUDRU-AS) (CLOUDRU-AS)
41	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
8	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2 2	52.57.12.239 52.57.12.239	16509 (AMAZON-02) (AMAZON-02)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 2	2.19.104.4 2.19.104.4	16625 (AKAMAI-AS) (AKAMAI-AS)
200	39

11 144.76.112.100 (Dottingen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.100.112.76.144.clients.your-server.de

paint-online.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a02:6b8:a::a (Moscow, Russian Federation) 10 redirects

ASN208722 (GLOBAL_DC, FI)

yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.17.190.170 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-17-190-170.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a02:6b8::1:119 (Moscow, Russian Federation) 5 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:6b8:20::215 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

yastatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a02:6b8::90 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8::184 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

avatars.mds.yandex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8::36 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

favicon.yandex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.177.4.157 (London, United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-177-4-157.eu-west-2.compute.amazonaws.com

px.arcspire.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.132.138.212 (Falkenstein, Germany) 3 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.212.138.132.142.clients.your-server.de

acint.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.3.184.219 (Russian Federation) 1 redirects

ASN50214 (QWARTA, RU)

ssp-rtb.sape.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 203.195.121.141 (Singapore) 3 redirects

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.75.61.252 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-75-61-252.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.175.185 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-175-185.compute-1.amazonaws.com

im.bluevoox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.184.194 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1148:db00::17 (Russian Federation)

ASN47764 (VK-AS, RU)

ad.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.126.246.116 (Frankfurt am Main, Germany) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

yandex.digital-services.solutions	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.158.157.189 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-157-189.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.145.213.8 (Norway)

ASN39832 (NO-OPERA, NO)
PTR: n-sysadmin-jumpbox-03.feednews.opera.technology

t.adx.opera.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.245.57.72 (United States)

ASN36057 (WEBAIR-INTERNET-MTL, US)

sync.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:6d0:4001::226 (Russian Federation) 1 redirects

ASN52016 (ADFACT, RU)

cm.tns-counter.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.129.221 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 221.129.111.34.bc.googleusercontent.com

cr.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.230.131.21 (Amsterdam, Netherlands)

ASN200197 (HYBRID-POLAND, PL)

dm.hybrid.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.15.175.130 (Russian Federation) 2 redirects

ASN43226 (SAFEDATA Uplinks, RU)

dmg.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 84.38.189.44 (St Petersburg, Russian Federation) 1 redirects

ASN49505 (SELECTEL, RU)

dsp.mpartner.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.255.40.44 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-40-44.eu-west-1.compute.amazonaws.com

euw-ice.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.69.141.123 (Nuremberg, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.123.141.69.159.clients.your-server.de

exchange.buzzoola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 217.199.220.44 (Russian Federation) 3 redirects

ASN61400 (NETRACK-AS, RU)
PTR: s4.kimberlite.io

kimberlite.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.40.31.213 (Moscow, Russian Federation) 2 redirects

ASN61400 (NETRACK-AS, RU)

sync.dsp.solta.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.66.147.33 (St Petersburg, Russian Federation) 2 redirects

ASN29209 (SPBMTS-AS Malaya Monetnaya Street 2-A, RU)
PTR: host-33-147-66-217.spbmts.ru

sm.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 217.66.147.38 (St Petersburg, Russian Federation) 3 redirects

ASN29209 (SPBMTS-AS Malaya Monetnaya Street 2-A, RU)
PTR: host-38-147-66-217.spbmts.ru

vma.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.87.44.187 (Russian Federation) 2 redirects

ASN13174 (MTSNET Moscow, Russia, RU)
PTR: infrastructure-187-44.mts.ru

tech.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.193.58.13 (Russian Federation) 1 redirects

ASN200350 (YANDEXCLOUD, RU)

pixel.konnektu.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.65.2.150 (Moscow, Russian Federation) 1 redirects

ASN3175 (CITYTELECOM-MSK, RU)

match.new-programmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 167.235.186.113 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.113.186.235.167.clients.your-server.de

nr.bidderstack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.192.150.30 (Russian Federation) 1 redirects

ASN42481 (BEGUN-AS, RU)
PTR: zvezda.ssp.rambler.ru

profile.ssp.rambler.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.232.148.146 (Russian Federation) 2 redirects

ASN48061 (UMA-TECH-AS, RU)
PTR: smtp7.sender.ltmse.com

px.adhigh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:e45 (United States)

ASN13335 (CLOUDFLARENET, US)

rtb-eu-warsaw.intent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.98.54.153 (Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

s.uuidksinc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.244.216.90 (St Petersburg, Russian Federation) 1 redirects

ASN49505 (SELECTEL, RU)

shopnetic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.217.109.66 (Helsinki, Finland) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.66.109.217.95.clients.your-server.de

sonar.semantiqo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.212.202.52 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host152.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 81.222.128.214 (Russian Federation)

ASN20597 (ELTEL-AS, RU)
PTR: ad14.adriver.ru

ssp.adriver.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.172.81.172 (Germany) 2 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync.bumlam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.201.106.117 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.117.106.201.195.clients.your-server.de

sync.dmp.otm-r.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.42.105.220 (Luxembourg) 2 redirects

ASN7979 (SERVERS-COM, US)

sync.gonet-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.63.75.168 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: prod-hzeu-bidder-20.community.moscow

sync.upravel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 89.108.120.76 (Russian Federation) 2 redirects

ASN197695 (AS-REG, RU)
PTR: d51804.reg.regrucolo.ru

x01.aidata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.9.27.120 (Russian Federation) 1 redirects

ASN208677 (CLOUDRU-AS, RU)
PTR: fr19.segmento.ru

yandex-dmp-sync.rutarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.242.93.185 (Russian Federation) 1 redirects

ASN208677 (CLOUDRU-AS, RU)
PTR: fr20.segmento.ru

yandex-sync.rutarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.12.239 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-12-239.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Loerrach, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.19.104.4 (Düsseldorf, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-104-4.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
58	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	856 KB
45	yandex.ru 11 redirects yandex.ru — Cisco Umbrella Rank: 2221 mc.yandex.ru — Cisco Umbrella Rank: 4182 an.yandex.ru — Cisco Umbrella Rank: 5624 ysa-static.passport.yandex.ru Failed	240 KB
23	doubleclick.net 5 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219	231 KB
14	gstatic.com www.gstatic.com fonts.gstatic.com	188 KB
13	yandex.com 4 redirects mc.yandex.com — Cisco Umbrella Rank: 8902	5 KB
11	paint-online.ru paint-online.ru	204 KB
9	yastatic.net yastatic.net — Cisco Umbrella Rank: 7053	246 KB
8	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138
7	mts.ru 7 redirects sm.rtb.mts.ru — Cisco Umbrella Rank: 35373 vma.mts.ru — Cisco Umbrella Rank: 38278 tech.rtb.mts.ru — Cisco Umbrella Rank: 41213	4 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	322 KB
4	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	4 KB
4	betweendigital.com 3 redirects ads.betweendigital.com — Cisco Umbrella Rank: 1601	3 KB
3	bumlam.com 2 redirects sync.bumlam.com — Cisco Umbrella Rank: 3569	2 KB
3	kimberlite.io 3 redirects kimberlite.io — Cisco Umbrella Rank: 31118	2 KB
3	acint.net 3 redirects acint.net — Cisco Umbrella Rank: 22820	1 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1299	451 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 818	2 KB
2	rutarget.ru 2 redirects yandex-dmp-sync.rutarget.ru — Cisco Umbrella Rank: 73748 yandex-sync.rutarget.ru — Cisco Umbrella Rank: 74165	837 B
2	aidata.io 2 redirects x01.aidata.io — Cisco Umbrella Rank: 13957	1 KB
2	upravel.com 2 redirects sync.upravel.com — Cisco Umbrella Rank: 39531	1 KB
2	gonet-ads.com 2 redirects sync.gonet-ads.com — Cisco Umbrella Rank: 27586	578 B
2	adriver.ru ssp.adriver.ru — Cisco Umbrella Rank: 28099	402 B
2	semantiqo.com 1 redirects sonar.semantiqo.com — Cisco Umbrella Rank: 71966	976 B
2	shopnetic.com 1 redirects shopnetic.com — Cisco Umbrella Rank: 65820	545 B
2	adhigh.net 2 redirects px.adhigh.net — Cisco Umbrella Rank: 19855	811 B
2	bidderstack.com 1 redirects nr.bidderstack.com — Cisco Umbrella Rank: 41428	566 B
2	solta.io 2 redirects sync.dsp.solta.io — Cisco Umbrella Rank: 42530	428 B
2	digitaltarget.ru 2 redirects dmg.digitaltarget.ru — Cisco Umbrella Rank: 23862	1 KB
2	hybrid.ai dm.hybrid.ai — Cisco Umbrella Rank: 33009	518 B
2	weborama.fr 1 redirects cr.frontend.weborama.fr — Cisco Umbrella Rank: 24651	535 B
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 208	1 KB
2	yandex.net avatars.mds.yandex.net — Cisco Umbrella Rank: 8323 favicon.yandex.net — Cisco Umbrella Rank: 11065	6 KB
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1428	587 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 711	98 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 1618	173 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 49153	612 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 331	149 B
1	otm-r.com sync.dmp.otm-r.com — Cisco Umbrella Rank: 25004	69 B
1	yadro.ru 1 redirects counter.yadro.ru — Cisco Umbrella Rank: 12199	332 B
1	uuidksinc.net 1 redirects s.uuidksinc.net — Cisco Umbrella Rank: 9014	203 B
1	intent.ai rtb-eu-warsaw.intent.ai — Cisco Umbrella Rank: 69865	828 B
1	rambler.ru 1 redirects profile.ssp.rambler.ru — Cisco Umbrella Rank: 49143	228 B
1	new-programmatic.com 1 redirects match.new-programmatic.com — Cisco Umbrella Rank: 40078	262 B
1	konnektu.ru 1 redirects pixel.konnektu.ru — Cisco Umbrella Rank: 74565	212 B
1	buzzoola.com 1 redirects exchange.buzzoola.com — Cisco Umbrella Rank: 21833	178 B
1	360yield.com euw-ice.360yield.com — Cisco Umbrella Rank: 12955	199 B
1	mpartner.digital 1 redirects dsp.mpartner.digital — Cisco Umbrella Rank: 56852	374 B
1	tns-counter.ru 1 redirects cm.tns-counter.ru — Cisco Umbrella Rank: 71171	386 B
1	adkernel.com sync.adkernel.com — Cisco Umbrella Rank: 1750	202 B
1	opera.com t.adx.opera.com — Cisco Umbrella Rank: 1072	466 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 336	146 B
1	digital-services.solutions 1 redirects yandex.digital-services.solutions — Cisco Umbrella Rank: 37161	273 B
1	mail.ru ad.mail.ru — Cisco Umbrella Rank: 11550	766 B
1	bluevoox.com im.bluevoox.com — Cisco Umbrella Rank: 35324	241 B
1	sape.ru 1 redirects ssp-rtb.sape.ru — Cisco Umbrella Rank: 26803	698 B
1	arcspire.io 1 redirects px.arcspire.io — Cisco Umbrella Rank: 68345	317 B
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 3351	361 B
0	whiteboxdigital.ru Failed mitdmp.whiteboxdigital.ru Failed
200	59

	Domain	Requested by
41	tpc.googlesyndication.com	pagead2.googlesyndication.com paint-online.ru googleads.g.doubleclick.net tpc.googlesyndication.com www.gstatic.com
23	an.yandex.ru	yandex.ru paint-online.ru
18	yandex.ru	10 redirects paint-online.ru yandex.ru yastatic.net
17	pagead2.googlesyndication.com	paint-online.ru pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
15	googleads.g.doubleclick.net	4 redirects pagead2.googlesyndication.com paint-online.ru googleads.g.doubleclick.net
13	mc.yandex.com	4 redirects paint-online.ru mc.yandex.ru
11	paint-online.ru	paint-online.ru
9	www.gstatic.com	paint-online.ru googleads.g.doubleclick.net
9	yastatic.net	yandex.ru yastatic.net paint-online.ru
8	www.googleadservices.com	googleads.g.doubleclick.net
8	cm.g.doubleclick.net	1 redirects paint-online.ru googleads.g.doubleclick.net
5	fonts.gstatic.com	fonts.googleapis.com
5	www.googletagservices.com	paint-online.ru googleads.g.doubleclick.net
4	www.google.com	2 redirects tpc.googlesyndication.com googleads.g.doubleclick.net
4	fonts.googleapis.com	googleads.g.doubleclick.net paint-online.ru
4	ads.betweendigital.com	3 redirects
4	mc.yandex.ru	1 redirects paint-online.ru yastatic.net
3	sync.bumlam.com	2 redirects paint-online.ru
3	vma.mts.ru	3 redirects
3	kimberlite.io	3 redirects
3	acint.net	3 redirects
2	sync.teads.tv	1 redirects
2	pm.w55c.net	2 redirects
2	x01.aidata.io	2 redirects
2	sync.upravel.com	2 redirects
2	sync.gonet-ads.com	2 redirects
2	ssp.adriver.ru	paint-online.ru
2	sonar.semantiqo.com	1 redirects paint-online.ru
2	shopnetic.com	1 redirects paint-online.ru
2	px.adhigh.net	2 redirects
2	nr.bidderstack.com	1 redirects paint-online.ru
2	tech.rtb.mts.ru	2 redirects
2	sm.rtb.mts.ru	2 redirects
2	sync.dsp.solta.io	2 redirects
2	dmg.digitaltarget.ru	2 redirects
2	dm.hybrid.ai	paint-online.ru
2	cr.frontend.weborama.fr	1 redirects paint-online.ru
2	dpm.demdex.net	1 redirects paint-online.ru
1	dsp.adfarm1.adition.com	1 redirects
1	id.rlcdn.com	googleads.g.doubleclick.net
1	tr.blismedia.com	googleads.g.doubleclick.net
1	gcm.ctnsnet.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	yandex-sync.rutarget.ru	1 redirects
1	yandex-dmp-sync.rutarget.ru	1 redirects
1	sync.dmp.otm-r.com	paint-online.ru
1	counter.yadro.ru	1 redirects
1	s.uuidksinc.net	1 redirects
1	rtb-eu-warsaw.intent.ai	paint-online.ru
1	profile.ssp.rambler.ru	1 redirects
1	match.new-programmatic.com	1 redirects
1	pixel.konnektu.ru	1 redirects
1	exchange.buzzoola.com	1 redirects
1	euw-ice.360yield.com	paint-online.ru
1	dsp.mpartner.digital	1 redirects
1	cm.tns-counter.ru	1 redirects
1	sync.adkernel.com	paint-online.ru
1	t.adx.opera.com	paint-online.ru
1	x.bidswitch.net	paint-online.ru
1	yandex.digital-services.solutions	1 redirects
1	ad.mail.ru	paint-online.ru
1	im.bluevoox.com	paint-online.ru
1	ssp-rtb.sape.ru	1 redirects
1	px.arcspire.io	1 redirects
1	favicon.yandex.net	paint-online.ru
1	avatars.mds.yandex.net	paint-online.ru
1	s7.addthis.com	paint-online.ru
0	mitdmp.whiteboxdigital.ru Failed	paint-online.ru
0	ysa-static.passport.yandex.ru Failed	paint-online.ru
200	69

This site contains links to these domains. Also see Links.

Domain
toolster.net
fringster.com

Subject Issuer	Validity	Valid
paint-online.ru R3	`2023-11-24` - `2024-02-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.xn--d1acpjx3f.xn--p1ai GlobalSign ECC OV SSL CA 2018	`2023-10-26` - `2024-04-24`	6 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-09` - `2024-12-11`	a year	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-08-14` - `2024-01-24`	5 months	crt.sh
*.yastatic-net.ru GlobalSign ECC OV SSL CA 2018	`2023-07-10` - `2024-01-07`	6 months	crt.sh
bs.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-09-24` - `2024-03-24`	6 months	crt.sh
*.avatars.yandex.net GlobalSign RSA OV SSL CA 2018	`2023-09-11` - `2024-04-12`	7 months	crt.sh
favicon.yandex.net GlobalSign ECC OV SSL CA 2018	`2023-10-19` - `2024-03-19`	5 months	crt.sh
*.hybrid.ai Sectigo RSA Domain Validation Secure Server CA	`2023-09-14` - `2024-09-13`	a year	crt.sh
*.360yield.com Amazon RSA 2048 M01	`2023-05-29` - `2024-06-26`	a year	crt.sh
intent.ai GTS CA 1P5	`2023-12-02` - `2024-03-01`	3 months	crt.sh
*.adriver.ru GlobalSign GCC R3 DV TLS CA 2020	`2023-03-07` - `2024-04-07`	a year	crt.sh
*.bumlam.com R3	`2023-10-16` - `2024-01-14`	3 months	crt.sh
*.dmp.otm-r.com AlphaSSL CA - SHA256 - G4	`2023-06-19` - `2024-07-20`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-12-02` - `2024-03-01`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh

This page contains 23 frames:

Primary Page: https://paint-online.ru/
Frame ID: 4EC8190D61FD33C810AC13F11F78D00E
Requests: 46 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_nohtml_fy2021.html?hello=world
Frame ID: AB6CF89E8EED4AFDBF543E71AF253EA9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4641805436478605&output=html&adk=1812271804&adf=3025194257&lmt=1702534096&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x1080_r&format=0x0&url=https%3A%2F%2Fpaint-online.ru%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702534096344&bpp=4&bdt=198&idt=180&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7690269452739&frm=20&pv=2&ga_vid=40257644.1702534097&ga_sid=1702534097&ga_hid=216383189&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080114%2C44795921%2C44809005%2C95320885&oid=2&pvsid=1113691055292759&tmod=2042568237&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=195
Frame ID: 959DEF7565CBFBA13A6BFD62271745E1
Requests: 1 HTTP requests in this frame

Frame: https://yastatic.net/safeframe-bundles/0.83/1-1-0/render.html
Frame ID: DFA86D33D1AEF2170603BFB4A8416B05
Requests: 52 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4641805436478605&output=html&h=280&adk=1887799433&adf=3667902397&pi=t.aa~a.2588967359~i.9~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1702534097&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=2752915235&ad_type=text_image&format=900x280&url=https%3A%2F%2Fpaint-online.ru%2F&ea=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702534097766&bpp=1&bdt=1620&idt=2&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7690269452739&frm=20&pv=1&ga_vid=40257644.1702534097&ga_sid=1702534097&ga_hid=216383189&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1259&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080114%2C44795921%2C44809005%2C95320885&oid=2&pvsid=1113691055292759&tmod=2042568237&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=4
Frame ID: FC1E7AD1C8D21A141F992714F5942028
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Frame ID: EB0AB6CEFC40CD3BEACA0F363F8B26BE
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Frame ID: 02D5EDEC092751C621E9300F5F95E89C
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Frame ID: 743AF726201E46161D233F2F1F61C27F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Frame ID: 8A3C3B27875AACAB718B0DD8E525271F
Requests: 16 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 741638ECB2A17F472B51F7FF985DD583
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 2278E1812DA04DBEAAA875ADCADD8C70
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17254773253399419294/index.html
Frame ID: 68FCAF50208C960F676C29C66D429274
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js
Frame ID: 1D232A843CE93E4ED4F403AE68E8E687
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 8D52CC5E32D21D9883E82BCDA805275B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 43B1F91F042E1B3F4461910F209711BB
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 260E66A60514D6D892EFA6DBA6F62F4F
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Frame ID: 9886FBA7105FEC05D6756DB7B3F15ECC
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Frame ID: 7039E2F199890E2184267739AE8A938B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Frame ID: 8866861611B3D029599B05E92D09D9C4
Requests: 1 HTTP requests in this frame

Frame: https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019
Frame ID: EC912705AA2DBDC638F8431B5A65B95E
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1080109078312561619/index.html
Frame ID: 22BB9B8743287C19FDD0F7185BD2B402
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 48BFE6BC7D18E13D1EB88CED0ABE4D5A
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Frame ID: 19170C0EDF9CA20F80187F9C23792D7E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Paint онлайн – виртуальная рисовалка, рисовать бесплатно.

Detected technologies

AddThis (Widgets) Expand

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Yandex.Direct (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://an\.yandex\.ru/

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui[.-]([\d.]*\d)[^/]*\.js
jquery-ui.*\.js

Page Statistics

200
Requests

77 %
HTTPS

25 %
IPv6

59
Domains

69
Subdomains

39
IPs

10
Countries

2305 kB
Transfer

6746 kB
Size

76
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://toolster.net/
Title: Toolster.net

Search URL Search Domain Scan URL

URL: https://fringster.com/get_ringtones.php?lang=ru
Title: Рингтоны

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10217.7xCy7i3L4hL8djPbwhbjDprbblT5O2-DW4LSkqFuzcfeGOMcxPKA4hIgQ_DyZ0st.siwZ-mLB_cnDLokq8q4cAv2TGkE%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=10217.v9551zbEF14A5hKmAB_UxQsdIzr1hqGxtDE5NQBZ3FN-QpAl0qBIoZPVnjlAwEMBemmx92PBYOvwTX1ZXfIUNeDK-NT1qu2yp8QVXZDO8_YBViJ9eI05sDcy-5Y6ulcgnu8aVNfiQlqsBdyyS7dhdeRJcmNtteEa4sHNmS6ng2Pqz4X0vqpi30sOBCajVhSFHimb25YEd4A54TIqYBNf4u5YVg7BlHJ1ls8Oos6K-Ys%2C.eS5107sClovBLR-D5rjlnY5b04s%2C HTTP 302
https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10217.LtQFeuTojLvzQa6_wdgpT-OH1UMD8PL9zZhm6aGB4LBGXl6U29HSUG66OaIjBwJco7Bz0XYAjpuMGhhOE-zQOgLyZb9IVRQJvXXaPhZu3WIEKlO6FORY9RVVewm__8F3h2d2VPGmNijl4fo62R4KX5X6xZKnHpRKKL0ld6z23A-hiWuj6D5gjJkd3yJUlJP-JBmhnWRJbkEAGLH0OdhPDQ%2C%2C.T1JU89Fz9RjTx2Z-D5IBLPKbOag%2C

Request Chain 31

https://mc.yandex.com/watch/28857340?wmode=7&page-url=https%3A%2F%2Fpaint-online.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afp%3A376%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A1%3Adp%3A0%3Als%3A540851385590%3Ahid%3A464545009%3Az%3A60%3Ai%3A20231214070816%3Aet%3A1702534097%3Ac%3A1%3Arn%3A549757770%3Arqn%3A1%3Au%3A1702534097872876584%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C29%2C18%2C1%2C%2C0%2C%2C129%2C1%2C%2C%2C%2C382%3Aco%3A0%3Acpf%3A1%3Ans%3A1702534095893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702534097%3At%3APaint%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%E2%80%93%20%D0%B2%D0%B8%D1%80%D1%82%D1%83%D0%B0%D0%BB%D1%8C%D0%BD%D0%B0%D1%8F%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D0%BB%D0%BA%D0%B0%2C%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE.&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)ti(1) HTTP 302
https://mc.yandex.com/watch/28857340/1?wmode=7&page-url=https%3A%2F%2Fpaint-online.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afp%3A376%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A1%3Adp%3A0%3Als%3A540851385590%3Ahid%3A464545009%3Az%3A60%3Ai%3A20231214070816%3Aet%3A1702534097%3Ac%3A1%3Arn%3A549757770%3Arqn%3A1%3Au%3A1702534097872876584%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C29%2C18%2C1%2C%2C0%2C%2C129%2C1%2C%2C%2C%2C382%3Aco%3A0%3Acpf%3A1%3Ans%3A1702534095893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702534097%3At%3APaint%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%E2%80%93%20%D0%B2%D0%B8%D1%80%D1%82%D1%83%D0%B0%D0%BB%D1%8C%D0%BD%D0%B0%D1%8F%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D0%BB%D0%BA%D0%B0%2C%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE.&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

Request Chain 34

https://mc.yandex.com/watch/2267699?wmode=7&page-url=https%3A%2F%2Fpaint-online.ru%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A2%3Adp%3A1%3Als%3A48659526057%3Ahid%3A464545009%3Az%3A60%3Ai%3A20231214070816%3Aet%3A1702534097%3Ac%3A1%3Arn%3A409075535%3Au%3A1702534097872876584%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1702534095893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702534097%3At%3APaint%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%E2%80%93%20%D0%B2%D0%B8%D1%80%D1%82%D1%83%D0%B0%D0%BB%D1%8C%D0%BD%D0%B0%D1%8F%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D0%BB%D0%BA%D0%B0%2C%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE.&t=mc(p-1)clc(0-0-0)aw(1)rcm(1)ti(1) HTTP 302
https://mc.yandex.com/watch/2267699/1?wmode=7&page-url=https%3A%2F%2Fpaint-online.ru%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A2%3Adp%3A1%3Als%3A48659526057%3Ahid%3A464545009%3Az%3A60%3Ai%3A20231214070816%3Aet%3A1702534097%3Ac%3A1%3Arn%3A409075535%3Au%3A1702534097872876584%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1702534095893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702534097%3At%3APaint%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%E2%80%93%20%D0%B2%D0%B8%D1%80%D1%82%D1%83%D0%B0%D0%BB%D1%8C%D0%BD%D0%B0%D1%8F%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D0%BB%D0%BA%D0%B0%2C%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE.&t=mc%28p-1%29clc%280-0-0%29aw%281%29rcm%281%29ti%281%29

Request Chain 45

https://px.arcspire.io/yndx?id=9d4cd41a-f59d-4815-8a89-9d30806f5389 HTTP 307
https://an.yandex.ru/mapuid/arcspireis/a5d4aeff8c6324ad4e2f01

Request Chain 46

https://acint.net/rmatch/?dp=151&r=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fsapeis%2F%24%7BUSER_ID%7D HTTP 302
https://acint.net/rmatch/?r=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fsapeis%2F$%7BUSER_ID%7D&dp=151&tc=1 HTTP 302
https://ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fan.yandex.ru%252Fmapuid%252Fsapeis%252F$%257BUSER_ID%257D&dp=14 HTTP 302
https://acint.net/rmatch?dp=14&euid=3303420AD19B7A65B600A62F0278D9CE&r=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fsapeis%2F$%7BUSER_ID%7D HTTP 302
https://an.yandex.ru/mapuid/sapeis/0100007FD19B7A656E10561A02A1AC55

Request Chain 47

https://ads.betweendigital.com/match?bidder_id=43554&callback_url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fbetweendigitalis%2F%24%7BUSER_ID%7D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43554&callback_url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fbetweendigitalis%2F%24%7BUSER_ID%7D&crf=1&rts=4780362484448876936 HTTP 302
https://an.yandex.ru/mapuid/betweendigitalis/99d6ea7d-b431-545c-9e5d-23edfb27b83f

Request Chain 48

https://yandex.ru/an/mapuid/adobedmp/ HTTP 302
https://dpm.demdex.net/ibs:dpid=423652&dpuuid=18A4EF0870399811 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=423652&dpuuid=18A4EF0870399811

Request Chain 49

https://yandex.ru/an/mapuid/betweenx/ HTTP 302
https://ads.betweendigital.com/match?bidder_id=161&external_user_id=9D43464B536E9AE7 HTTP 302
https://ads.betweendigital.com/match?bidder_id=161&external_user_id=9D43464B536E9AE7&crf=1&rts=-1895880067887996723

Request Chain 50

https://yandex.ru/an/mapuid/blueseaxcom/ HTTP 302
https://im.bluevoox.com/pixel?s1=1&s2=1315&s3=vldyrx2shs82pv9o&cm=1&rd=1&puid=B6FD18974EFFD719

Request Chain 51

https://yandex.ru/an/mapuid/google/?partner-tag=yandex_llc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandex_llc&google_hm=DDE78A65AB669C41&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif

Request Chain 52

https://yandex.ru/an/mapuid/google/?partner-tag=yandexcom HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandexcom&google_hm=DDE78A65AB669C41&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif

Request Chain 53

https://yandex.ru/an/mapuid/google/?partner-tag=yandexru HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandexru&google_hm=DDE78A65AB669C41&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif

Request Chain 54

https://yandex.ru/an/mapuid/mailweb/ HTTP 302
https://ad.mail.ru/cm.gif?p=155&id=ED3111F119AAED36

Request Chain 55

https://yandex.ru/an/mapuid/minimobww/ HTTP 302
https://yandex.digital-services.solutions/api/sync?demand=YANV2EU&userid=539C7A90F5A51BC&expires=1&usergroup=1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=469&user_id=539C7A90F5A51BC&expires=1&user_group=1

Request Chain 56

https://yandex.ru/an/mapuid/operacom/ HTTP 302
https://t.adx.opera.com/sync?vendor=60143&uid=D818A95816647E2A

Request Chain 58

https://yandex.ru/an/mapuid/xapadsssp/ HTTP 302
https://sync.adkernel.com/user-sync?dsp=94&t=image&uid=17E2A3BBD72199DB

Request Chain 60

https://cm.tns-counter.ru/yacm HTTP 302
https://an.yandex.ru/mapuid/mediascope/bcbbfdfc4c8a27cec1f12c5b58e9fe929d3a2955e9927868796cbc7e7d281dac

Request Chain 61

https://cr.frontend.weborama.fr/cr?key=yandex&url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fdmpweborama%2F{WEBO_CID} HTTP 307
https://cr.frontend.weborama.fr/cr?key=yandex&url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fdmpweborama%2F%7BWEBO_CID%7D&bounce=1&random=1696893171

Request Chain 64

https://dmg.digitaltarget.ru/1/119/i/i?i=1702534096 HTTP 307
https://dmg.digitaltarget.ru/awg/custom/119/i/i?call_source=awg&ts=1702534097116&i=1702534096 HTTP 307
https://an.yandex.ru/mapuid/dmpamberdata/jzFM4-mtuu4vEOK7TzTZ

Request Chain 65

https://dsp.mpartner.digital/dmp/syncsspdmp?sspid=4 HTTP 301
https://an.yandex.ru/mapuid/mediasurferis/cPxFweTHLHLhiKjCLJNmROpDNDMYhKyA

Request Chain 67

https://exchange.buzzoola.com/cookiesync/redirect/yandex?redirect_url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fbuzzooladspis%2F%24%7BUUID%7D HTTP 301
https://an.yandex.ru/mapuid/buzzooladspis/07c3f40f-84db-42ea-6c0f-a4f5dede150a

Request Chain 68

https://kimberlite.io/rtb/sync/yandex HTTP 307
https://sync.dsp.solta.io/match/kimberlite?id=ZXqb0SmHxpI HTTP 302
https://sync.dsp.solta.io/match/kimberlite?id=ZXqb0SmHxpI&chk=1 HTTP 302
https://kimberlite.io/rtb/sync/iage?u=YTcwMGY5ZWRjMmM2Y2Zl HTTP 307
https://sm.rtb.mts.ru/p?ssp=toptraffic&id=ZXqb0SmHxpI HTTP 301
https://vma.mts.ru/match/second?ssp=59&exu=ZXqb0SmHxpI HTTP 301
https://tech.rtb.mts.ru/?dsp_uid=7e4a598e-7307-46a0-ac62-1758f4a85cf9&return_url=https%3A%2F%2Fpixel.konnektu.ru%2Fredirect%2Fmts%3Fcallback_url%3Dhttps%253A%252F%252Fvma.mts.ru%252Fem%253Fnext%253D59%2526em%253D1%2526ssp%253Dkonnektu%2526id%253D%257BUSER_ID%257D HTTP 302
https://pixel.konnektu.ru/redirect/mts?callback_url=https%3A%2F%2Fvma.mts.ru%2Fem%3Fnext%3D59%26em%3D1%26ssp%3Dkonnektu%26id%3D%7BUSER_ID%7D HTTP 302
https://vma.mts.ru/em?next=59&em=1&ssp=konnektu&id= HTTP 301
https://kimberlite.io/rtb/sync/mts?u=7e4a598e-7307-46a0-ac62-1758f4a85cf9 HTTP 307
https://an.yandex.ru/mapuid/soltadspis/ZXqb0SmHxpI

Request Chain 69

https://match.new-programmatic.com/userbind?src=yandex&pbf=1&gi=1 HTTP 302
https://an.yandex.ru/mapuid/targetrtbis/

Request Chain 71

https://nr.bidderstack.com/yandex/cm?user_id={partner_user_id} HTTP 302
https://nr.bidderstack.com/yandex/cm?user_id={partner_user_id}&pupa=1

Request Chain 72

https://profile.ssp.rambler.ru/sync3.302?pid=188 HTTP 302
https://an.yandex.ru/mapuid/ramblerssp/

Request Chain 73

https://px.adhigh.net/p/cm/yandexssp HTTP 302
https://px.adhigh.net/p/cm/yandexssp?bounced=1 HTTP 302
https://an.yandex.ru/mapuid/getintentis/Ll6hh6OUHmh.AikABlGMZvCqcA

Request Chain 75

https://s.uuidksinc.net/match/501 HTTP 302
https://an.yandex.ru/mapuid/kadamis/caQUP5DC553Nf5dVhayg

Request Chain 76

https://shopnetic.com/api/rtb/dmp/pixel?partner=yandex HTTP 302
https://shopnetic.com/api/rtb/dmp/pixel?partner=yandex&tc=1

Request Chain 77

https://sm.rtb.mts.ru/p?ssp=yandex&id=map HTTP 301
https://vma.mts.ru/match/second?ssp=55 HTTP 301
https://tech.rtb.mts.ru/?dsp_uid=7e4a598e-7307-46a0-ac62-1758f4a85cf9&return_url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fmtsdspis%2F7e4a598e-7307-46a0-ac62-1758f4a85cf9 HTTP 302
https://an.yandex.ru/mapuid/mtsdspis/7e4a598e-7307-46a0-ac62-1758f4a85cf9

Request Chain 78

https://sonar.semantiqo.com/dmp/scr.php HTTP 302
https://counter.yadro.ru/id127/reff-id.gif?sid=79279548babf46fa8ad09866d619529d HTTP 302
https://sonar.semantiqo.com/fbfli/data_sess_sync.php?spid=&sid=79279548babf46fa8ad09866d619529d

Request Chain 82

https://sync.bumlam.com/?src=yandex2 HTTP 302
https://sync.bumlam.com/?src=yandex2&s_data=CAIQARjRt-qrBqIBECyDov6aRxHuu7EAJZDIJDY* HTTP 302
https://an.yandex.ru/mapuid/adsniperis/2c83a2fe-9a47-11ee-bbb1-002590c82436

Request Chain 84

https://sync.gonet-ads.com/match/yandex?id=[buyerUid] HTTP 302
https://sync.gonet-ads.com/match/yandex?id=%5BbuyerUid%5D&chk=1 HTTP 302
https://an.yandex.ru/mapuid/gonetisnew/NzM4MzI5M2NhNTYzYjVlMg

Request Chain 85

https://sync.upravel.com/yandex/sync HTTP 302
https://sync.upravel.com/yandex/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly95YXN0YXRpYy5uZXQvIl19fQ HTTP 302
https://an.yandex.ru/mapuid/upravelis/9fd3c711-ef6f-42c7-be77-0f327f8ab4de

Request Chain 86

https://x01.aidata.io/0.gif?pid=YANDEX HTTP 302
https://x01.aidata.io/0.gif?pid=YANDEX&bounce=1 HTTP 302
https://an.yandex.ru/mapuid/dmpaidatame/ag9WCllN6dOD16O4NmkuzQ?sign=71400506

Request Chain 87

https://yandex-dmp-sync.rutarget.ru/sync HTTP 302
https://an.yandex.ru/mapuid/dmpsegmento/2CjwXe7JlU7G?sign=1031053832

Request Chain 88

https://yandex-sync.rutarget.ru/sync HTTP 302
https://an.yandex.ru/mapuid/rutargetis/ZN1g4WIPxUWE

Request Chain 125

https://googleads.g.doubleclick.net/pagead/adview?ai=CsD590Jt6ZeDSIsS09fgP9aCTgAPuj4vKdPnvgM6-Eu_WjKjqQRABIJDW5x5gleKQgqAHoAGDrI2qKsgBCakCVYKMewxDsj6oAwHIA8sEqgTwAU_QxW12TBCgyStSv5sKsUal2ruL5Dd_uOdUCELRrBDu-BfGO3TwvrWMql5OSseg_wMEom8jWLuebbtLH2bOPe1QQvOQeUWtaJGVtg8vpUsdqtLKybGyFFg9hqtMsyoYnHmkJR4J-43hfPbH-Tk9AkZ1mIguh1DLliyKjdIrRujQZltcJK7io-UrdrLS28-TlLxWR73gP9qCCEk8vcXq63teYyPtrGscE-1hPPpM1cU23xS3JsMoW0N_gIP1_XUef1XRLO6gwlI5_ru2CO_Ge5Hr5WBWLBBEs8UC7rMzpxokDhbylCV6i4kOmcf3jmMaPcAErvHNj8kEiAXbsILMTaAGLoAHg-TdiQWoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCiqSPSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WJ6yrOChjoMDmgk2aHR0cHM6Ly9ub3ZhcG9zdC5jb20vdWstZGUvaW50ZXJuYXRpb25hbC9zaGlwcGluZy1jb3N0gAoByAsBogwYKhYKFOS0sQLutbECtbixAqy6sQK7u7EC2BMD0BUBmBYBgBcBshccChoIABIUcHViLTQ2NDE4MDU0MzY0Nzg2MDUYAA&sigh=UeJvIK83ut0&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwAvHhf_uu2MZv7GQhS2Va3Ld4aTYRpuTxh9VGxqxzat-XTEXdeY59aETicF_PbiMc5jsffKqtHtuv2n-7E4QWsUEaZN7WFleb474SuVd-MYAQ&template_id=5000&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228907451650476996835%22,%22debug_reporting%22:true,%22destination%22:%22https://novapost.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211362588163%22],%2222%22:[%22true%22],%224%22:[%2212-14%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222131303104384975921%22}&andc=true

Request Chain 139

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 140

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 155

https://googleads.g.doubleclick.net/pagead/adview?ai=CBkLv0Jt6Zd7SIsS09fgP9aCTgAPuj4vKdPnvgM6-Eu_WjKjqQRABIJDW5x5gleKQgqAHoAGDrI2qKsgBCakCVYKMewxDsj6oAwHIA8sEqgTvAU_QRN_jn0VH-FxnKXFwvRugMXN1FMMR-_yM0Kj7SpP-OfHJ6DTf24yNrfZVZ2x4pT3MV3wOMaDcUqZW8RcIK8PMtHhKzRvjKgyToWVjlwrXo4FP6WE4SVrCGbEAdXURLEs1ZxKFdsDV6n-ym95yCuMdhNb5dMTOHyfMLs7B8jL22iOwOLakcMfQ_ECsJLe63RflQyZCMD4xKTXa76n-rCpxzgycISBOQWrqWrZU4SwpPfzbQEXuutFNRVMgbIRvQhXrWpg16-KLKJV63mijQTivdLIKDn2ut8CIiRBkvBDdVe8Q-hk9sz5rk0NZPiMwwASu8c2PyQSIBduwgsxNoAYugAeD5N2JBagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEPGKI9IIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYnrKs4KGOgwOaCTZodHRwczovL25vdmFwb3N0LmNvbS91ay1kZS9pbnRlcm5hdGlvbmFsL3NoaXBwaW5nLWNvc3SACgHICwGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQK4E-QD2BMD0BUBmBYBgBcBshccChoIABIUcHViLTQ2NDE4MDU0MzY0Nzg2MDUYAA&sigh=ALB3DU-6mLY&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwAvHhf_uu2MZv7GQhS2Va3Ld4aTYRpuTxh9VGxqxzat-XTEXdeY59aETicF_PbiMc5jsffKqtHtuv2n-7E4QWsUEaZN7WFleb474SuVd-MYAQ&template_id=484&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211292648871810909566%22,%22debug_reporting%22:true,%22destination%22:%22https://novapost.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211362588163%22],%2222%22:[%22true%22],%224%22:[%2212-14%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225926072945695741073%22}&andc=true

Request Chain 158

https://googleads.g.doubleclick.net/pagead/adview?ai=Ct8Kn0Jt6Zd_SIsS09fgP9aCTgAOZv9nmdIeV-fyUEv7DqeGVDhABIJDW5x5gleKQgqAHoAHW29r8AsgBCakC_k4j37gugT6oAwHIA0iqBN0BT9AD68rydzIxUbAnFviQJN1Ty4ADVWoi-Vxl5HRhSIZvH2ShAMXU3_5d-s58R2SU99i__wzHKEouOaKTwvFDL6w9v5eWjxYCofurCL3bfufc9p2INse5dr0XX7fX1amkcIH8A7X2i6MiGubAo_WAcqB5i7Gvp5h3rpXeXFbcI7BAucsy4BM9mgASDm4FxjI8AURqe2lFm9WOqejSsG-XHCGW9XHsBiU9y2KsYeUkp6b0T5a_zlY5cl-xpA6LCEXatIpWyRNZUm1HA0R369GFy_8ILgoo4IGWInJBJL7ABNzg5sjLBIgFn7egwE2SBQQIBBgBkgUECAUYBKAGLoAHyezqzAOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAemvhvYBwDyBwQQp84Z0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOliesqzgoY6DA5oJGWh0dHBzOi8vNGt6Z2FtZS5jb20vc2hhcmWACgHICwGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQLYEw3QFQGAFwGyFxwKGggAEhRwdWItNDY0MTgwNTQzNjQ3ODYwNRgA&sigh=HQWk7sWXeMQ&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwAvHhf_uu2MZv7GQhS2Va3Ld4aTYRpuTxh9VGxqxzat-XTEXdeY59aETicF_PbiMc5jsffKqtHtuv2n-7E4QWsUEaZN7WFleb474SuVd-MYAQ&template_id=531&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225957389089809665859%22,%22debug_reporting%22:true,%22destination%22:%22https://4kzgame.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22798404054%22],%2222%22:[%22true%22],%224%22:[%2212-14%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221153093253038776113%22}&andc=true

Request Chain 187

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEKdkRYuGbnJSmKdguVcA68A&google_cver=1&google_push=AXcoOmS3sXncgeijmiQOU1CRyxZAXAoEEQg65U2WnTYf_EQTE1VrZiGvMLNzyXyCZc89R0lHQxY8CjGLj0QCJ2zDlZgGl7eTW3xWc94 HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEKdkRYuGbnJSmKdguVcA68A&google_cver=1&google_push=AXcoOmS3sXncgeijmiQOU1CRyxZAXAoEEQg65U2WnTYf_EQTE1VrZiGvMLNzyXyCZc89R0lHQxY8CjGLj0QCJ2zDlZgGl7eTW3xWc94 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHh4TDROTUIxUmRFVG81&google_gid=CAESEKdkRYuGbnJSmKdguVcA68A&google_cver=1&google_push=AXcoOmS3sXncgeijmiQOU1CRyxZAXAoEEQg65U2WnTYf_EQTE1VrZiGvMLNzyXyCZc89R0lHQxY8CjGLj0QCJ2zDlZgGl7eTW3xWc94

Request Chain 189

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEPSBuUmneJppZ_WxXzlNlzI&google_cver=1&google_push=AXcoOmTkhfDHgDZOrEGaTCnnk5gU3qa6Z94xAYamAK9BOTnJbVCLZtRIub7FC97lFKADLJbUzwwnhXPDfl9iGV2PeyagoQK5pO9SqWw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTkhfDHgDZOrEGaTCnnk5gU3qa6Z94xAYamAK9BOTnJbVCLZtRIub7FC97lFKADLJbUzwwnhXPDfl9iGV2PeyagoQK5pO9SqWw&google_hm=jSz1YS9gRs6fpPcNiTl4w0k

Request Chain 192

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESELPwDij_2n2Qu4YXVMFWiGA&google_cver=1&google_push=AXcoOmSWrL5bmkE0jKYlz2TSz4umQGvjTkKiTUzgJpwshRJerhLPeZClfNkW5RUnY46L0VY2RnX2jj_CMNlWyaGFtbukFK8lEDDP28k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMjMyODI3MTI0NTM0Mjg3Mg%3D%3D&google_push=AXcoOmSWrL5bmkE0jKYlz2TSz4umQGvjTkKiTUzgJpwshRJerhLPeZClfNkW5RUnY46L0VY2RnX2jj_CMNlWyaGFtbukFK8lEDDP28k

Request Chain 193

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESENsnBhovQ23LfPj6S1U-PBY&google_cver=1&google_push=AXcoOmRvHxxBnF_xiYFRK1_ZhUv1c9J-eli1pnGPVKw-HVxPynLMdwePD3lz0Wh1O64FfllFrsaMgHXN46rtiLN7uFpjVWlNLz5Vbrz2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRvHxxBnF_xiYFRK1_ZhUv1c9J-eli1pnGPVKw-HVxPynLMdwePD3lz0Wh1O64FfllFrsaMgHXN46rtiLN7uFpjVWlNLz5Vbrz2 HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 195

https://googleads.g.doubleclick.net/pagead/adview?ai=C5FzD0Zt6ZdzJMMuE9fgP7ZuUyATonobgdPbb957oEZjU5buLDhABIJDW5x5gleKQgqAHoAHW29r8AsgBCakC_k4j37gugT6oAwHIA0iqBO8BT9DuPUBsxI8eApBfX2o0pK9X3d9xMms24k5wDB5d4Bd3rhfHhJH3iq2ZlRdaXIdqoMfxE3G7101-PCVR-nRwXA9X29SpK5KKP32MUDhcXpxw58RacV8SgYdJ910K6VVr_E5ddf3RcmW-ljK3eGLi2-7gPnpmmGWuewAsF4rT4pgS_aagtY8-65YF5d910ZsXS_SUXaIcOxuazO1YNAOGxP778qymgF9An3_SzhpjNAy-EMroxQpfUXmKVNr84moioAydyjhUPYabgy5hXbDvFDK3BtENkmLkUYdcIKUok0jfnArwE6e3ln1DoSeOJ1_ABJuhsZfWBIgFr_vvik2SBQQIBBgBkgUECAUYBKAGLoAHp6qq9gOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCUvgrSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WICX9-ChjoMDmgkZaHR0cHM6Ly80a3pnYW1lLmNvbS9zaGFyZYAKAcgLAaIMFCoSChDktLEC7rWxArW4sQK7u7EC2BMM0BUBgBcBshccChoIABIUcHViLTQ2NDE4MDU0MzY0Nzg2MDUYAA&sigh=YpdzAzyOrzM&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSPAAvHhf_T74RaBmXw5JY08YW0reCDBCC0TbCv573TByQqv0y4NfKdgxqkp-J2YUtX1i05qs40Uo8EgZWQhgB&template_id=419&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%226624587865756958071%22,%22debug_reporting%22:true,%22destination%22:%22https://4kzgame.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22798404054%22],%2222%22:[%22true%22],%224%22:[%2212-14%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22796092207589252433%22}&andc=true

200 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
paint-online.ru/ 18 KB
7 KB 251ms
18ms Document
text/html 144.76.112.100
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://paint-online.ru/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.76.112.100 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.100.112.76.144.clients.your-server.de

Software

nginx / PHP/5.6.33

Resource Hash

3a0fa91da55d8ab8938407872de44918e4ddf87afd6ba83a7e5d0be2d6375c98

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 14 Dec 2023 06:08:16 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=60
Pragma: no-cache
Server: nginx
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/5.6.33

GET
H/1.1 200
OK jquery-1.10.2.min.js Show response
paint-online.ru/js/ 91 KB
32 KB 21ms
19ms Script
application/javascript 144.76.112.100
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://paint-online.ru/js/jquery-1.10.2.min.js
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 144.76.112.100 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.100.112.76.144.clients.your-server.de
Software: nginx /
Resource Hash: 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:16 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jul 2016 14:31:30 GMT
Server: nginx
ETag: W/"5784ff42-16bb3"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK jquery-ui-1.10.3.custom.js Show response
paint-online.ru/js/ 426 KB
104 KB 71ms
50ms Script
application/javascript 144.76.112.100
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://paint-online.ru/js/jquery-ui-1.10.3.custom.js
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 144.76.112.100 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.100.112.76.144.clients.your-server.de
Software: nginx /
Resource Hash: f13535d8a36a7e29cb8d05519229576c8c6b71df69742a679694906c11ee1fc8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:16 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jul 2016 14:31:30 GMT
Server: nginx
ETag: W/"5784ff42-6a663"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK for_domain_templates.css
paint-online.ru/css/ 4 KB
2 KB 33ms
11ms Stylesheet
text/css 144.76.112.100
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://paint-online.ru/css/for_domain_templates.css
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 144.76.112.100 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.100.112.76.144.clients.your-server.de
Software: nginx /
Resource Hash: 771a3e5acc35e7dda075b1e56c7c8c2ac2980c63ab62d4534773c70be9dc00c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:16 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 May 2019 11:05:46 GMT
Server: nginx
ETag: W/"5cefb90a-e96"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK header_style.css
paint-online.ru/css/ 783 B
712 B 32ms
10ms Stylesheet
text/css 144.76.112.100
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://paint-online.ru/css/header_style.css
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 144.76.112.100 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.100.112.76.144.clients.your-server.de
Software: nginx /
Resource Hash: 4f104ad8ff5b4f4a5953c4605715ee04be40decfb853783db75e538cc3f44fd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:16 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Apr 2019 13:44:44 GMT
Server: nginx
ETag: W/"5cc6ffcc-30f"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 77ms
57ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4641805436478605

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83f9ce91832615c90715227b16376f2f4bc9306d8d4efeb54f24aebbb24e425a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paint-online.ru/
Origin: https://paint-online.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51431
x-xss-protection: 0
server: cafe
etag: 14232320658037880434
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:08:16 GMT

GET
H2 200 context.js Show response
yandex.ru/ads/system/ 346 KB
98 KB 176ms
64ms Script
text/javascript 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/system/context.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

42acd338a57b2db78536cd0fc38c0508481acaac6934e186be2a59e88267c232

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1702534096383669-7105592076333853512-balancer-l7leveler-kubr-yp-vla-75-BAL-899
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 14 Dec 2023 07:08:16 GMT

GET
H/1.1 200
OK logo.png
paint-online.ru/images/ 10 KB
10 KB 38ms
16ms Image
image/png 144.76.112.100
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paint-online.ru/images/logo.png
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 144.76.112.100 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.100.112.76.144.clients.your-server.de
Software: nginx /
Resource Hash: 19ef1d2e0e8877ffb8ac6365d3f006b9ff0255b03e375152edba68ea94507f35

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:16 GMT
Last-Modified: Tue, 12 Jul 2016 14:31:21 GMT
Server: nginx
ETag: "5784ff39-2848"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 10312
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK drawingboard.js Show response
paint-online.ru/instruments/paint_two/ 38 KB
11 KB 37ms
15ms Script
application/javascript 144.76.112.100
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://paint-online.ru/instruments/paint_two/drawingboard.js
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 144.76.112.100 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.100.112.76.144.clients.your-server.de
Software: nginx /
Resource Hash: e3e21686313778c5d26114c9de744fbead6ef374fdaf99664d95d07126b9ea81

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:16 GMT
Content-Encoding: gzip
Last-Modified: Fri, 10 Mar 2023 13:46:12 GMT
Server: nginx
ETag: W/"640b34a4-9691"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK drawingboard.css
paint-online.ru/instruments/paint_two/ 11 KB
5 KB 13ms
12ms Stylesheet
text/css 144.76.112.100
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://paint-online.ru/instruments/paint_two/drawingboard.css
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 144.76.112.100 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.100.112.76.144.clients.your-server.de
Software: nginx /
Resource Hash: ad1ea654f4b4028f6e292679b833477001879314445a55c0503fec8f5118579d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:16 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 May 2019 11:22:59 GMT
Server: nginx
ETag: W/"5cd95393-2a43"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK jquery.tagsinput.js Show response
paint-online.ru/js/jquery_tags_input/ 12 KB
4 KB 14ms
12ms Script
application/javascript 144.76.112.100
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://paint-online.ru/js/jquery_tags_input/jquery.tagsinput.js
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 144.76.112.100 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.100.112.76.144.clients.your-server.de
Software: nginx /
Resource Hash: aa41104a854b7a41214f077eecbec396907a8a504e1c99991692c3769a50419a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:16 GMT
Content-Encoding: gzip
Last-Modified: Thu, 11 Jun 2015 16:46:22 GMT
Server: nginx
ETag: W/"5579bb5e-3039"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK jquery.tagsinput.css
paint-online.ru/js/jquery_tags_input/ 1 KB
841 B 11ms
11ms Stylesheet
text/css 144.76.112.100
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://paint-online.ru/js/jquery_tags_input/jquery.tagsinput.css
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 144.76.112.100 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.100.112.76.144.clients.your-server.de
Software: nginx /
Resource Hash: 5fa08f41534a8945353db77cb8f5f691c78136adf7b4b22ffbff2f7fd1d2d735

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:16 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 May 2019 13:40:58 GMT
Server: nginx
ETag: W/"5cd973ea-42e"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 0414353001480682399.png
paint-online.ru/images/articles_images/ 28 KB
28 KB 13ms
13ms Image
image/png 144.76.112.100
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paint-online.ru/images/articles_images/0414353001480682399.png
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 144.76.112.100 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.100.112.76.144.clients.your-server.de
Software: nginx /
Resource Hash: 6179a002bf142064d1ee936fd38dd4f357c9efa736527fb66131b606c94aa766

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:16 GMT
Last-Modified: Fri, 02 Dec 2016 12:39:59 GMT
Server: nginx
ETag: "58416b9f-6f67"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 28519
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 56 B
361 B 34ms
11ms Script
text/javascript 2.17.190.170
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.190.170 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-190-170.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 14 Dec 2023 06:08:16 GMT
server: Oracle API Gateway
opc-request-id: /6D64F37FC535E9D7C98B6EA71D7586FD/F3F55DB6689E8DF11167A52A65011961
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 watch.js Show response
mc.yandex.ru/metrika/ 156 KB
56 KB 242ms
122ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

f8ed7cb7ac6dc9850cffba6d02a3e222269f9ac3cdde0cfbead7734149281f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:16 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Tue, 12 Dec 2023 08:38:02 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65781bea-dcfc"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 56572
expires: Thu, 14 Dec 2023 07:08:16 GMT

GET
DATA 200
OK truncated
/ 589 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a8764d27280ea69c4ff75f94ad0eeb6308a78ec69ce125488a5688faf6ee8608

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 680 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e7d2ac9d0d0574c9b41e3f4b838a258d31f491f3ce616b695295b5754897528d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 721 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 632212186bdc63fd1571a8254f236acc9ed1f41a0a136f6e5d5847a2bb4af5a5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 734 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa03accc02d7e06cc84ce073306749210551ff3e482a03b8ed78f51154805b0d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 399 KB
135 KB 85ms
71ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4641805436478605&plah=paint-online.ru

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4641805436478605

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a240c16fbb787dbbc2abad20c574500723733ca9c4bcce12ccb81d60d694cd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137955
x-xss-protection: 0
server: cafe
etag: 2159581299213269583
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:08:16 GMT

GET
H2 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/ Frame AB6C 9 KB
4 KB 26ms
6ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_nohtml_fy2021.html?hello=world

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4641805436478605

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f71b692f2abd27afd1fc948dff479a3d93307f52cb7af5bb0b114615f5b85c1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paint-online.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 9894
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4114
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 03:23:22 GMT
etag: 12700215250743596434
expires: Thu, 28 Dec 2023 03:23:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 959D 721 KB
164 KB 1180ms
1180ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4641805436478605&output=html&adk=1812271804&adf=3025194257&lmt=1702534096&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x1080_r&format=0x0&url=https%3A%2F%2Fpaint-online.ru%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702534096344&bpp=4&bdt=198&idt=180&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7690269452739&frm=20&pv=2&ga_vid=40257644.1702534097&ga_sid=1702534097&ga_hid=216383189&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080114%2C44795921%2C44809005%2C95320885&oid=2&pvsid=1113691055292759&tmod=2042568237&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=195

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4641805436478605&plah=paint-online.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f5dc245f3699af7fb3c70a6d8fbaac6563f4ce4a078a2e2e239028cce069da99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paint-online.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 167289
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 06:08:17 GMT
expires: Thu, 14 Dec 2023 06:08:17 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

sync_cookie_image_finish
mc.yandex.ru/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10217.7xCy7i3L4hL8djPbwhbjDprbblT5O2-DW4LSkqFuzcfeGOMcxPKA4hIgQ_DyZ0st.siwZ-mLB_cnDLokq8q4cAv2TGkE%2C
https://mc.yandex.com/sync_cookie_image_decide?token=10217.v9551zbEF14A5hKmAB_UxQsdIzr1hqGxtDE5NQBZ3FN-QpAl0qBIoZPVnjlAwEMBemmx92PBYOvwTX1ZXfIUNeDK-NT1qu2yp8QVXZDO8_YBViJ9eI05sDcy-5Y6ulcgnu8aVNfiQl...
https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10217.LtQFeuTojLvzQa6_wdgpT-OH1UMD8PL9zZhm6aGB4LBGXl6U29HSUG66OaIjBwJco7Bz0XYAjpuMGhhOE-zQOgLyZb9IVRQJvXXaPhZu3WIEK...

43 B
581 B

60ms
60ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10217.LtQFeuTojLvzQa6_wdgpT-OH1UMD8PL9zZhm6aGB4LBGXl6U29HSUG66OaIjBwJco7Bz0XYAjpuMGhhOE-zQOgLyZb9IVRQJvXXaPhZu3WIEKlO6FORY9RVVewm__8F3h2d2VPGmNijl4fo62R4KX5X6xZKnHpRKKL0ld6z23A-hiWuj6D5gjJkd3yJUlJP-JBmhnWRJbkEAGLH0OdhPDQ%2C%2C.T1JU89Fz9RjTx2Z-D5IBLPKbOag%2C

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:16 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.ru/sync_cookie_image_finish?redirect_domain=mc.yandex.com&token=10217.LtQFeuTojLvzQa6_wdgpT-OH1UMD8PL9zZhm6aGB4LBGXl6U29HSUG66OaIjBwJco7Bz0XYAjpuMGhhOE-zQOgLyZb9IVRQJvXXaPhZu3WIEKlO6FORY9RVVewm__8F3h2d2VPGmNijl4fo62R4KX5X6xZKnHpRKKL0ld6z23A-hiWuj6D5gjJkd3yJUlJP-JBmhnWRJbkEAGLH0OdhPDQ%2C%2C.T1JU89Fz9RjTx2Z-D5IBLPKbOag%2C
date: Thu, 14 Dec 2023 06:08:16 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
473 B 67ms
67ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:16 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 12 Dec 2023 08:38:02 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65781bea-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Thu, 14 Dec 2023 07:08:16 GMT

GET
H2 200 202090db945b8471f966.js Show response
yastatic.net/partner-code-bundles/927387/ 14 KB
5 KB 165ms
90ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/927387/202090db945b8471f966.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

47f63a06a66e809eb45688c39f8ad6fe022e9a37308d7c9c134dea3cb2ccc3a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://paint-online.ru/
Origin: https://paint-online.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:16 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 4779
last-modified: Tue, 12 Dec 2023 15:25:35 GMT
server: nginx/1.17.9
etag: "51fb8a24dc7b9b0d85bdf42a3a73ae85"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Sat, 13 Dec 2053 12:41:37 GMT

GET
H2 200 458bb043e6481e9a08b8.js Show response
yastatic.net/partner-code-bundles/927387/ 24 KB
8 KB 172ms
98ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/927387/458bb043e6481e9a08b8.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

f32daa6d3ba4217cc5458d64c99d4e55dd3b0dbb258abf05d3b2732677ca4f42

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://paint-online.ru/
Origin: https://paint-online.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:16 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 7949
last-modified: Tue, 12 Dec 2023 15:25:35 GMT
server: nginx/1.17.9
etag: "e471dba3b8be8d0f755bcc8554d17ffb"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Sat, 13 Dec 2053 12:41:37 GMT

GET
H2 200 8900b34b2ef3bdf5c0a6.js Show response
yastatic.net/partner-code-bundles/927387/ 118 KB
25 KB 191ms
117ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/927387/8900b34b2ef3bdf5c0a6.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

53667ed57bc9fa78139b9abfa0eab1b971e720eacf3fc5a7dff9a0bea12530c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://paint-online.ru/
Origin: https://paint-online.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:16 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 24644
last-modified: Tue, 12 Dec 2023 15:25:36 GMT
server: nginx/1.17.9
etag: "d755b2cbf3c6e3c3333c571849c19831"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Sat, 13 Dec 2053 12:41:37 GMT

GET
H2 200 host.js Show response
yastatic.net/safeframe-bundles/0.83/ 33 KB
9 KB 204ms
130ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/safeframe-bundles/0.83/host.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://paint-online.ru/
Origin: https://paint-online.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:16 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 8878
last-modified: Wed, 03 Nov 2021 13:42:58 GMT
server: nginx/1.17.9
etag: "f80882bf67cf261aa08d636da095149a"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Sat, 13 Dec 2053 12:43:12 GMT

GET
H2 200 text-variable-full.woff2
yastatic.net/s3/home/fonts/ys/3/ 25 KB
26 KB 145ms
73ms Font
font/woff2 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/s3/home/fonts/ys/3/text-variable-full.woff2

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://paint-online.ru/
Origin: https://paint-online.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:16 GMT
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 26004
x-amz-meta-owner: {"role":"admin","login":"4eb0da"}
last-modified: Mon, 25 Apr 2022 14:02:39 GMT
server: nginx/1.17.9
etag: "7f0cdaf91230f9789ca4162aedff612e"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31556952
x-nginx-request-id: a5cc3d8a0c788fc8
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Dec 2024 11:56:24 GMT

GET
H2 200 bffcff605dbd4a4ab6f2.js Show response
yastatic.net/partner-code-bundles/927387/ 59 KB
15 KB 189ms
130ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/927387/bffcff605dbd4a4ab6f2.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

cf79db1604128c90575b6e4d7feae15f26efa0ca5038fb5cf43c771728c2845e

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://paint-online.ru/
Origin: https://paint-online.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:16 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 14839
last-modified: Tue, 12 Dec 2023 15:25:36 GMT
server: nginx/1.17.9
etag: "b0806585fb02ac8f226889acc5348666"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Sat, 13 Dec 2053 12:41:37 GMT

GET
H2 200 c92c69574a4153487935.js Show response
yastatic.net/partner-code-bundles/927387/ 599 KB
115 KB 63ms
63ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/927387/c92c69574a4153487935.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

d79e225d805439d50095ae99d93f578b6ef6e6be07361f51f9b0e5072330631e

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://paint-online.ru/
Origin: https://paint-online.ru
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:16 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 117467
last-modified: Tue, 12 Dec 2023 15:25:36 GMT
server: nginx/1.17.9
etag: "76b13e78a9bf33b72a40220d372ef22d"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Sat, 13 Dec 2053 12:41:37 GMT

GET
H2 200 2267699 Show response
yandex.ru/ads/meta/ 83 KB
23 KB 228ms
228ms XHR
application/json 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/meta/2267699?target-ref=https%3A%2F%2Fpaint-online.ru%2F&pcode-test-ids=913082%2C0%2C25%3B924423%2C0%2C65%3B909920%2C0%2C65%3B912471%2C0%2C99%3B925711%2C0%2C52%3B920184%2C0%2C68%3B922539%2C0%2C92%3B901183%2C0%2C90%3B917140%2C0%2C36%3B928078%2C0%2C50%3B919095%2C0%2C46%3B885978%2C0%2C76%3B882595%2C0%2C76%3B917805%2C0%2C93%3B892905%2C0%2C76%3B920052%2C0%2C48%3B910946%2C0%2C75%3B924941%2C0%2C86%3B923692%2C0%2C37%3B910552%2C0%2C51%3B886464%2C0%2C20%3B926241%2C0%2C89%3B924473%2C0%2C40%3B923614%2C0%2C18%3B925137%2C0%2C98%3B927387%2C0%2C73&pcode-flags-map=eJy1WWuX0zgS%2FS%2F5TLN%2BP%2Fim2HKibb9WlrsJHI5O6A6QPf3Y0zTMDBz%2B%2B1ZJchI7Pco0zPABYhNdSfW4davyfXZBOtktm0tJclmSOS1l0XDJajkndU357NXb77Ov65svm9mrmeA9nb2YPW4%2BP7JreI4i3w%2Fi2Y93L%2FYwLW%2FyPhOdbGrZkr6jVoTYTQNfI%2BSsI%2FOSyqzpayE5zRmnmYCTkLa1Y3hOEHi7U8CWsupLwXhTloBWC%2FxAubwkIlvSXApWUdkURUeFHdf3nHh%2FO04FX%2BGtaiouG34uKeeN3T5xGAVxukOA3bNzMPKq6YXsygb%2BYm%2BonMOFc8IZ7exgceIGrgLDGyBGy6m65P66FyynjTT%2FP4JzHfgzwkv9NHZO4M37ogDT0aoVK1myik1Bn4140RKW%2F%2F0nLHr4%2FLOoNcbq33zSP8H8Jf88jfnPWeBnvY%2FBvuBkLktaL8RytAiSNTlcljiJEwe7ZbRWJCA4gVS5YF1PSs0ryEr0taC8hjd5Z6eExPUi5ydA1YuOFFQWnFR26lJ7aHrgHHmmg28AYcGGAsm0JQgB2J1CJX3OGplxSgS7OJHqSeB4brg7%2FuAk0QAJdYJwgTRUMA4bZcu%2BPpcFYeUIMRx7PAm82NsDEiHQp91zEH0bINwVWDcrGQXqLukCrMnqopGXS6YYvb6gsIUOfrTPiduHTpIc8G6dQxCSOZqA5IjEOnjR8xIPfUnnzSlrxk6wZ%2BEFhTv2nWgqeVGRdmfdC1L2Y49Hk7xJotCP9oWGZgCRCaKDpiJlaT9GnARBcLxarZSXTCylgFh8Dsbgu6oXUNfAGMclKRwtTz3XidTyDqwqTcnNMVzFqqVY9tvmknJaFCwDZ2arEdjm9%2F%2BN4UapS%2FJ8yLSWLKDEtoJBVuhEwFBT5i5ZfW6%2FY5qmps4N5bymSp4MyYOut50rdR3QBAqhzZqc%2FiJGB7wA1FF3JUEzg99aUsPNAM6OkESJt0NQtIAHWRGI59eS1NbFnhu5ezIFN6NZIfY72Hi0MPUCJ3bHayM3cEaaymiprOO2TcPUhfhSC1UN0ApQ9jUrGFyc1UBmBcmoHSPxjGhCi0MkQZAuZdksWGZbF7mJH%2Bm9gS6AiSo5Xw25jwkG1WnOrAaPILg9d3RvsDeHUKyF0V5YIzsIAVrLblJCjs6TuibTMszPph54qAArSKbqA1yL5NR%2BqDhJI00%2B6PwCZF6dlytdXzDfpurWvn5%2BrjSjLimaTwEDQnLe2FHSwNQqRCkpZAIgVNY1URJE2pwHZltw0EQ57c5FYz93EgWuf2g%2FxU1QEQDkAK8GFawcvuhB8oPiQOmfUchQq1lj1wnicCi%2BOtJEz2vjHqhE4G2x5E2%2FWFrZJnbdoTiU5M1KeVQq1jhc9n32YfN49alaP3zc3s1euaHzYnZ7%2F357s%2Bmu1jfbu4%2BzV96PEWoIaaBzv0KG%2Fk9PewpSo5XzEkVIycZF8O3sdr29efnwBc72x%2FruevM7fP7X9nb9cfN59Orj%2Bla9uf62udNfX3%2FdPt7rj7cvDx6u77bmLSLvEODFw%2Frbzf23T%2Ba%2Fvz3of788rF%2FebX77fPSF%2F67vb7dq6bunr1hrRq0oX%2BDfOSNSkEVn9Z%2FveSa4VFpQ8D0wc6Yqhn1h6DuGVaGQ57QgQFW64NR9NadWhotD1zcaVfWmqrvEUgXtLs10RoI%2BZMAdJ2BiJ9xRO8krJLiFohyWF%2BQJ9%2Fq%2Bd%2BW%2B94Oz6%2FTD%2B7Mg9uKzJPTXZ1c%2B6Ob3qet9WG%2FG9k3CMDUVYJTnh9kjmj5b6hwqm07dQysCTv8NhH8ihyBFg2TIIVO5d6XKiDYrQBoNFW4FSyAKMu3JedlAjANRgP4T9Alr8DN25gVwayc4w9p1%2BOxNnv3Jc6CeyZkXQmMTe7D%2B0GyJk0auljgFgyqbk1YFp%2B60%2B4VVz7hhEAYHWYtSkVUYWmgWHeZWgNANUg1QdBASDTQU7LV9he8bmjRZBDmA7QmyM1GqHCcYoAshsereDhWkg2LRvlDVSc1yThS7JPLCRJ9iSXiuNJM%2BQAcZJki2tK6GZI6iXclftEJCeLLWGju4yJhK6Qq8fYNd2LPPDho08p8Aavs5VAFgBmE%2F%2FX79fgJVYVJrXT%2Fe%2FW2aIvHF3osUPBc4fvQi8lOoRX44isIESCodgZquKMM%2B65dwfW21g3xFKZ%2BB3%2ByyOgljkxicVg1GGtDW3Eq2CQSGkQ1FN1T9oWuQkNuyItgyQIbY%2BwTXSdITVKb6ugzb8EYRGnYTnC2W8AmuV9JC6MacQJk4sVlkVGBNe442xwy23xPWmPjfJzpIHUWxmHukmw4Lp3rdccLQOXTM0PQ2LYBwMQe1RiTwbDGhwsHxgDa4fkRoqeNFqb4PoqjpKIryTsVppQhCvRodb31zMz6eD2JOqzElhPGanIIqAaYHnY2PdnGdQpNhdJL6smJFVOiYbmbYu8DqNzL0Wz%2BCdU46vhC0CM4QVJxeQuRS3X%2FaOyLPcXS1Mn0Jq9WWaAlSmswHtzVzEP1gemASOBxdWFtYQA3N7Njo%2B10BVB05EhrOSrD1s%2BP4Xrifh%2BzG5wCHEyYrg8HaIEzGDKT0q2mEFKHZAULfhC8aYwAZBhtIN3mT9RX2QYNRdmayA%2BMoxtZ8FFDk%2BKlGGCq1mw5TB0IvRl8G44y7V9d3kv2QBR3QgmLulsAJpeIDsaQV1TO1A7c%2F1RsXpOzo5EKB5x%2FNFoYNrAQ6WTs62DQGnzrMc%2FDwcjiSxSHRXwUZDRlqrN44DhYQCEigQN6qJp8KJScdRAQeqmDlrpAqDuzsc9hjg7teEGv2InmXn08DDmIDOrBJtOAbvaJoXkvWqXowlQFXj2OG8xzXzC6G%2BCe9aFCJ4CQbTdCVELJ67ntBOCP12N%2Bfb7bXm7PPn%2B5%2FO7tbP26%2FbqY84ad%2FEf4U4finaiF6cDeVVf0IK5nY5azVDo7rGi4wZf4At%2BBNBVRQKVmJDYN9fhUPY6Ql3qyFxY1mxZazjGo0LZTFgtidAyIrGaXdEkyGqojV54btVELnoq9PnApC1LRey6Yvc517udGLJ8Yik3OBJkrNuUzVzt%2FgTMIksWY4QFw2nL0BGU7MDzgnRJMXmhNaQXeC51mQeNuWrBSXK%2BnFxXjpx4f19XZz9zhxZWL61SF6L1kOjoSMFqy2t%2BpJ6qXOyOLqlyblNF2shpGqGvIdxhuQDlvUe4dMw%2BT%2B7uYP%2BXXz8Li9Wt%2FIr5B%2F95OcdkLvcGdj0OMtRn6fbnOUgjvYSQqqvEM1PackmxDlNKRB1RhFNQExZxzm%2B%2Fa8CIZRt84ubHd0QrHJBOL%2Bw4fNw0Q1RKm%2BxTAEgWIP5Z2S6rge7TlkJwDo66zsIa8rTibS7%2Fiq4dP2OvDDsWf0%2BN98ubKXHWg0AjP9Vb%2Fn4OwA1i4nPzgemS%2Fygv0QadCzg17DupHbyRKqZ%2ByPVft%2BuK97q7F2e%2FtUV4aucINDEbnsySVlRvLbT4ATqf1PFcf1MfaTeLxCvfnx7sf%2FAe1e2W0%3D&pcode-icookie=7a8HLgY%2BP%2FwoVGPHeO6DyaGyHe6bhSn2KFkzh4%2FVT0YfaUOZmOdw8zEFXy7ny%2FX8jmtbs0f7T829oBTWJCnGHP7ccUc%3D&duid=MTcwMjUzNDA5Nzg3Mjg3NjU4NA%3D%3D&imp-id=1&enable-flat-highlight=1&charset=utf-8&comboblock-unencoded-vast=1&test-tag=366687127863298&ad-session-id=6652261702534096595&target-id=62878775&tga-with-creatives=1&top-ancestor=https%3A%2F%2Fpaint-online.ru&top-ancestor-undetermined=0&pcode-version=927387&pcodever=927387&flash-ver=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A9.9%2C%22isInIframe%22%3Afalse%2C%22w%22%3A700%2C%22h%22%3A100%2C%22width%22%3A700%2C%22height%22%3A0%2C%22visible%22%3A1%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A450%2C%22top%22%3A133%2C%22ad_no%22%3A0%2C%22safeArea%22%3A%7B%22top%22%3A0%2C%22bottom%22%3A0%2C%22left%22%3A0%2C%22right%22%3A0%7D%2C%22req_no%22%3A0%7D&grab-orig-len=2396&grab=eyJncmFiX3ZlcnNpb24iOjJ9ClqnspAkue8C1ORgks6Kf1_y5-q6AL_wQvhLMiW9mjZvF1tGtqmj2Hfk_LJ8CW3LQgszN527gq6AngboBbTFEBJt3drVui-852QjYmKGDBkyUyJsH0umiLCDEFcR-XJfFihADOVSvxa70AuzeIVd6BVgIZRaeMWxhBa6xW9oTAulwXgWcrWEDUXQVHiHUljFI9JCbPIotYAvbkOnPZ-F3sRsZRRnLCOswA-rNMQK4BHjBiI8sRzTl0ukxBVPIvUDqQ-PuEAqXrWAboJ2YVdL0OmEjSm9MQemuB2oBa0WRoMD13ijHzI5lrWBtslC5an6ahdG3fvKWoBsooKBohX6ceZ1frc2Rrxh6tVFzW36SMUhqu2BM_IoDcyxaGCKU1gNJGcPO01u7zbsuNIOZJ_SNBnFPeaNFZQBYd_P-7NIGvtTYJlu3df7bKEZn89b-jOy7nuhWSgW1P9tCTsXYA3x_nGo_3cq5Odu-jteMCf0-P-3wnn47h00X2gPnOIoiWNFFOcd40twYeXtBmJFhCuHo4jCDADZZqN4IOKmn4GlhMcUwGlhWsypcMwGi0k63-D4GL4vkVY8WSgS9S7FIWy5FIcQXxKKcQk_S7FERigN4chxwk-QED_EA464E2aSYEICeIkYdoMF4OnFgSjwdQRi0ncP7of411o_G97vg_02dXw4GfDxQcSJUpxIkWcbHJtA3X7wv0-vV0eur5Zgevn5WtA_QVOTkPKkmsR1GZS2HMGNOTUp3A0o66FBV1VRIlFfK8VRkOmNdqGJaj02FmpWa_TF87REZghXAeZ20or42DsTfe3caix8LFNTxvXMwGWXG7i3pgLRxLqTHzttis2dMngdJHN5vCqT-0Fdnws7FEe1zHKLTxWmn8iUSnIfH5JjwdgzD7Q73n2NCxYK7yX-lkXrWuemLx82b6FncJ2XnnWn6eZCRl8dQ1q7PdKGehWhGa34aNF3I_zOkd-gGtcoxE5SIwyF0akJRIdmwVjhsqMYQ7GF99YLK7tp8ffer3Hbqs_iGs2z9f8thoWcPsp25s1D7vx0TpPbhJH_DucgOhBm44T2aGfi52IjXr_3GCFS3qnyNWlzPB-FtDeNhNaZ3C14tnRv0PVQLqjN1Mnx6n9s6pB_zA_n7Hhh6qPGnTkRyz_pdcr1dqZ9ddBn913afjOyFjL7_Ev1Sf-JHW9S76C39bR5xuNIJdBb-vc_XR-F2s8_ssMBJAvAKVfLdmchmLGpV__Dd7dTqmhKvzInRoUWNKKcktMAr-nutIA9cdmBeJNb7gNJ0pE3OSRMoFnH--rISwLLeKdtb1oBQu-Wm4pZb_2HpzvW62eoHmsEh9awemVK5UjSjhsfY5pL1SBVaxpBATqXm01v4QG9MWEkJRa0Yj8VX79Zdbuq8uMpqLHqejBezm0vj_CwjbvxeU-BNx3IxZS6ceumjtbgd7dFSlxzB80LtUFfffXNSb7y4iqpSpQYW5MjdvKspn8LZpAeITtVoJPn1ip2BliQg9OwruSLQk0Z392JF75Du3difM-_HOyaccgztEkp5CuXV6kk_zSqOVSKOoe81ThZ_D2O082F9ejTVLI4Mjxd3Oc2UJOsiwIsdbHGGbYrryhu6kRJJOabTZVkmBhmpbwDpvaDIYPF0sdLmskiUulzz1QA3ZkGK_PjsyQzcxmKt2p6wYEfuVn_a__vrF972dPGRt7ODRt1WO0l4BTEsnz-lUjTUHCaHVkwhxUjS9GKKcXZJvXdvkUiABU0YBEiQHTP-r030ebMzjtpnrcARYHw3kmJBzUF5Mix1yTd3yjFQWywrSQ5BFNyalGMy0T4MPVykjFumJ9rLPO3OoF1NtbkXA1B9UlB_EP0NJocO8vk2LfUJoi6jaan00F65HfdMQw9S5hZPW2lTeq7a19oRypmqDQKRzL_DjbVbcZ68YCFc8PIMmF9eQPB2JT5Zhmv9Jkj4m5z3g62EzfU3ptMk57B9rYKjUK6m2iqypb_JFCVunOHwjz7ZEHtvtLwtF8KfzZnrfpVETwOWNCIK_kpPH1bc6YDPAPRMgU2bO-My78Mh5lraAnsaTZ_sNXOYxvztAJB06vMkDcHgDO9YD7HDk1SBSkVFs-U8XbSOE4uPkPjjrGdZecq2DE4hgNSv2nmKPOU-eusLLhTQ9JNAby9bPNatmyG0rEQ9MnnXL0qgLTXi-EkN0mjHanw0EDZSbBaq-BihjgBXAyxjDgpRrI4yywseh_h5Mg0vGl2lQJRAqAZyDR2p9lZ5c4WM6fw6Wp9hlgV5QCSBBOWWI6D7VcCRKAjJCRARICwRqECBIlEJvIDsVIa-M-urCDLZHX0RPUoIDGcAFd5agXCzIy0tfQayfGLE6JpgDQF6A%3D%3D&uniformat=true&callback=Ya%5B5071509163639%5D

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

dd36568581f000903bd4f53bb081001cae98b22a0914612e09d35e01ea068744

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://paint-online.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 14 Dec 2023 06:08:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
ssr: true
x-yandex-req-id: 1702534096627270-6686187808178529496-balancer-l7leveler-kubr-yp-vla-75-BAL-8630
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
uniformat-product-type: Direct
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Thu, 14 Dec 2023 06:08:16 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
uniformat: true
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: application/json
access-control-allow-origin: https://paint-online.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:08:16 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/28857340/
Redirect Chain

https://mc.yandex.com/watch/28857340?wmode=7&page-url=https%3A%2F%2Fpaint-online.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afp%3A376%3Afu%3A0%3Aen%3Aut...
https://mc.yandex.com/watch/28857340/1?wmode=7&page-url=https%3A%2F%2Fpaint-online.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afp%3A376%3Afu%3A0%3Aen%3A...

427 B
519 B

60ms
60ms

Fetch
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/28857340/1?wmode=7&page-url=https%3A%2F%2Fpaint-online.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afp%3A376%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A1%3Adp%3A0%3Als%3A540851385590%3Ahid%3A464545009%3Az%3A60%3Ai%3A20231214070816%3Aet%3A1702534097%3Ac%3A1%3Arn%3A549757770%3Arqn%3A1%3Au%3A1702534097872876584%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C29%2C18%2C1%2C%2C0%2C%2C129%2C1%2C%2C%2C%2C382%3Aco%3A0%3Acpf%3A1%3Ans%3A1702534095893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702534097%3At%3APaint%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%E2%80%93%20%D0%B2%D0%B8%D1%80%D1%82%D1%83%D0%B0%D0%BB%D1%8C%D0%BD%D0%B0%D1%8F%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D0%BB%D0%BA%D0%B0%2C%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE.&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

87dc05168f325edace17f04a1c83a17afebecd736e4948a041dcdaeb3c33259a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:16 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Thu, 14-Dec-2023 06:08:16 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paint-online.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 427
x-xss-protection: 1; mode=block
expires: Thu, 14-Dec-2023 06:08:16 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:16 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 14-Dec-2023 06:08:16 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/28857340/1?wmode=7&page-url=https%3A%2F%2Fpaint-online.ru%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afp%3A376%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A1%3Adp%3A0%3Als%3A540851385590%3Ahid%3A464545009%3Az%3A60%3Ai%3A20231214070816%3Aet%3A1702534097%3Ac%3A1%3Arn%3A549757770%3Arqn%3A1%3Au%3A1702534097872876584%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C29%2C18%2C1%2C%2C0%2C%2C129%2C1%2C%2C%2C%2C382%3Aco%3A0%3Acpf%3A1%3Ans%3A1702534095893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702534097%3At%3APaint%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%E2%80%93%20%D0%B2%D0%B8%D1%80%D1%82%D1%83%D0%B0%D0%BB%D1%8C%D0%BD%D0%B0%D1%8F%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D0%BB%D0%BA%D0%B0%2C%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE.&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29
access-control-allow-origin: https://paint-online.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Thu, 14-Dec-2023 06:08:16 GMT

OPTIONS
H2 200 event_confirmation
an.yandex.ru/ Frame 0
0 163ms
54ms Preflight 2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://an.yandex.ru/event_confirmation

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paint-online.ru
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://paint-online.ru
access-control-max-age: 1728000
content-encoding: gzip
date: Thu, 14 Dec 2023 06:08:16 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
strict-transport-security: max-age=31536000
timing-allow-origin: *
x-xss-protection: 1; mode=block

POST
H2 200 event_confirmation Show response
an.yandex.ru/ 0
51 B 163ms
61ms XHR
text/plain 2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://an.yandex.ru/event_confirmation

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://paint-online.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
access-control-allow-origin: https://paint-online.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/2267699/
Redirect Chain

https://mc.yandex.com/watch/2267699?wmode=7&page-url=https%3A%2F%2Fpaint-online.ru%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afu%3A0%3...
https://mc.yandex.com/watch/2267699/1?wmode=7&page-url=https%3A%2F%2Fpaint-online.ru%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afu%3A0...

256 B
292 B

64ms
64ms

Fetch
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/2267699/1?wmode=7&page-url=https%3A%2F%2Fpaint-online.ru%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A2%3Adp%3A1%3Als%3A48659526057%3Ahid%3A464545009%3Az%3A60%3Ai%3A20231214070816%3Aet%3A1702534097%3Ac%3A1%3Arn%3A409075535%3Au%3A1702534097872876584%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1702534095893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702534097%3At%3APaint%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%E2%80%93%20%D0%B2%D0%B8%D1%80%D1%82%D1%83%D0%B0%D0%BB%D1%8C%D0%BD%D0%B0%D1%8F%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D0%BB%D0%BA%D0%B0%2C%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE.&t=mc%28p-1%29clc%280-0-0%29aw%281%29rcm%281%29ti%281%29

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

67606f850815313c769dca1cf9d356d90241a91801505849f42c42cf204703c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:16 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Thu, 14-Dec-2023 06:08:16 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paint-online.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 256
x-xss-protection: 1; mode=block
expires: Thu, 14-Dec-2023 06:08:16 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:16 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 14-Dec-2023 06:08:16 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/2267699/1?wmode=7&page-url=https%3A%2F%2Fpaint-online.ru%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A2%3Adp%3A1%3Als%3A48659526057%3Ahid%3A464545009%3Az%3A60%3Ai%3A20231214070816%3Aet%3A1702534097%3Ac%3A1%3Arn%3A409075535%3Au%3A1702534097872876584%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1702534095893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702534097%3At%3APaint%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%E2%80%93%20%D0%B2%D0%B8%D1%80%D1%82%D1%83%D0%B0%D0%BB%D1%8C%D0%BD%D0%B0%D1%8F%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D0%BB%D0%BA%D0%B0%2C%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE.&t=mc%28p-1%29clc%280-0-0%29aw%281%29rcm%281%29ti%281%29
access-control-allow-origin: https://paint-online.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Thu, 14-Dec-2023 06:08:16 GMT

GET
H2 200 x150
avatars.mds.yandex.net/get-direct/5221618/7-KePvlmg1Xqp8iaStiCMg/ 5 KB
6 KB 179ms
64ms Image
image/webp 2a02:6b8::184
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avatars.mds.yandex.net/get-direct/5221618/7-KePvlmg1Xqp8iaStiCMg/x150
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6b8::184 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),
Reverse DNS
Software: nginx /
Resource Hash: 8c657693111685b7bfaa266d756ae449c489b478fcb25132fcbbb9df10f371e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:17 GMT
last-modified: Fri, 20 Jan 2023 09:37:20 GMT
server: nginx
nel: {"report_to": "network-errors", "max_age": 600, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: {"group": "network-errors", "max_age": 600, "endpoints": [ { "url": "https://dr.yandex.net/s3_nel?datacenter=SAS"}]}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000,immutable
access-control-allow-credentials: true
content-length: 5430
x-request-id: 6e4d185c911e5e83

GET
H/1.1 200
Ok ersplus.ru
favicon.yandex.net/favicon/ 448 B
661 B 165ms
58ms Image
image/png 2a02:6b8::36
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://favicon.yandex.net/favicon/ersplus.ru?size=32&stub=2

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::36 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

27d7d0c8a82dc337436690a18216ff6ac27bb141f19d604f2d88131684736ae4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: *
Cache-Control: max-age=691200
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block
Content-Type: image/png

GET
H2 200 render.html Show response
yastatic.net/safeframe-bundles/0.83/1-1-0/ Frame DFA8 24 KB
7 KB 109ms
36ms Document
text/html 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/safeframe-bundles/0.83/1-1-0/render.html

Requested by

Host: yastatic.net
URL: https://yastatic.net/safeframe-bundles/0.83/host.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

9c911ab93cf6099aeeddb19cb1903d0ef838329443c3a0549c754da47f90a70a

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://paint-online.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=946708560
content-encoding: br
content-length: 6262
content-type: text/html
date: Thu, 14 Dec 2023 06:08:16 GMT
etag: "eb77de48712912aadc9aa8171ac75ede"
expires: Sat, 13 Dec 2053 12:39:45 GMT
last-modified: Wed, 03 Nov 2021 13:42:58 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
server: nginx/1.17.9
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nofollow

POST
H2 200 1
mc.yandex.com/watch/28857340/ 43 B
86 B 60ms
60ms Ping
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/28857340/1?page-url=https%3A%2F%2Fpaint-online.ru%2F&charset=utf-8&uah=chm%0A%3F0&hittoken=1702534096_604f9c5cab7020949322752f13c44d989dd581ea47de55a53c42dbf7510ae698&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A1%3Adp%3A1%3Als%3A540851385590%3Ahid%3A464545009%3Az%3A60%3Ai%3A20231214070816%3Aet%3A1702534097%3Ac%3A1%3Arn%3A252011850%3Arqn%3A2%3Au%3A1702534097872876584%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Ans%3A1702534095893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702534097&t=gdpr(14)mc(p-2-h-1)clc(0-0-0)rqnt(2)aw(1)rcm(1)ti(0)&force-urlencoded=1&site-info=%7B%22__ym%22%3A%7B%22adSessionID%22%3A%226652261702534096595%22%7D%7D

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:16 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 14-Dec-2023 06:08:16 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://paint-online.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 14-Dec-2023 06:08:16 GMT

POST
H2 200 1Qid1e_k0K8200000000U9nJl93E7N1J9YJJyE5TbUVSBRhfbXTcLwKo084dJ2HKxAIZIApnB2M6L4QWUER3kmdtGUAb85xjLI3HofW293j1V21WOfZ96B48mbx8U4OKmbh9QCi1OUrbJ8jZO3WAvfzbP0QAN6K4QRtBo233mF2NSHOJ0yDS9f38KgO687ij4yZqi...
yandex.ru/an/rtbcount/ 43 B
394 B 60ms
60ms Ping
image/gif 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/an/rtbcount/1Qid1e_k0K8200000000U9nJl93E7N1J9YJJyE5TbUVSBRhfbXTcLwKo084dJ2HKxAIZIApnB2M6L4QWUER3kmdtGUAb85xjLI3HofW293j1V21WOfZ96B48mbx8U4OKmbh9QCi1OUrbJ8jZO3WAvfzbP0QAN6K4QRtBo233mF2NSHOJ0yDS9f38KgO687ij4yZqiqp_WU0Lay0fsSFb3-yoCCZvyyWKyR0n_6LY0Jc1cHL8zZ8h0icfp23DSvcPGDO2IGMmjHkPBp-h-d9qIc3CIMQOhw-2LTu5ap-P7Ppu8OvcoRTN1djc1SkD8qmxM9WEiFo70SOBB2jUd3zxT_lo2-8tMI0--c3_a6L6PSjETSCRzczPGFvQmCfvaZLxBIzO-YRhXSiF_xuHx2pwoWeoeeEjWMK2suNpQnkcpcvVbJc3xShXu0LiC_Vj-xftnxAT9nXNii4CEy3cSOAD-H4RhuMparLAi6UaaqbmdlbBDfYrFzdu7WLV_vR_sNuY-x_fJvSNshwpdyNEPcbaRcnXle6TQGSxumbsyGVi7ox-cjC_xz6Lh1_iF0iuW7vQmN56UmF7Ne4T78otE322z2dG1mtslPmWdqpb17bo0MS3ymhEhOmRE8LFS39Uu6HymSduWPFn1oSZ0CkHk-e0?pcode-active-testids=926241%2C0%2C89

Requested by

Host: yastatic.net
URL: https://yastatic.net/partner-code-bundles/927387/c92c69574a4153487935.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
x-yandex-req-id: 1702534097005005-7233613318869554807-balancer-l7leveler-kubr-yp-vla-75-BAL
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: image/gif
access-control-allow-origin: https://paint-online.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:08:17 GMT

POST
H2 200 event_confirmation Show response
an.yandex.ru/ 0
395 B 132ms
57ms XHR
text/plain 2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://an.yandex.ru/event_confirmation

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://paint-online.ru/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
access-control-allow-origin: https://paint-online.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

OPTIONS
H2 200 event_confirmation
an.yandex.ru/ Frame 0
0 54ms
54ms Preflight 2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://an.yandex.ru/event_confirmation

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paint-online.ru
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://paint-online.ru
access-control-max-age: 1728000
content-encoding: gzip
date: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
strict-transport-security: max-age=31536000
timing-allow-origin: *
x-xss-protection: 1; mode=block

POST
H2 200 1
mc.yandex.com/watch/2267699/ 43 B
74 B 66ms
65ms Ping
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/2267699/1?page-url=https%3A%2F%2Fpaint-online.ru%2F&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&hittoken=1702534096_56e80d42ece8f940cf7fbe9119383e4b4c61b0642a5d3f8bb5bb62587550a58c&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afp%3A376%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A2%3Adp%3A1%3Als%3A48659526057%3Ahid%3A464545009%3Az%3A60%3Ai%3A20231214070816%3Aet%3A1702534097%3Ac%3A1%3Arn%3A203159372%3Arqn%3A1%3Au%3A1702534097872876584%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C29%2C18%2C1%2C%2C0%2C%2C129%2C1%2C%2C%2C%2C382%3Aco%3A0%3Acpf%3A1%3Aeu%3A1%3Ans%3A1702534095893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702534097&t=mc(p-2-h-1)clc(0-0-0)rqnt(1)aw(1)rcm(1)ti(0)&force-urlencoded=1&site-info=%7B%22__ym%22%3A%7B%22adSessionID%22%3A%226652261702534096595%22%7D%7D

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 14-Dec-2023 06:08:17 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://paint-online.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 14-Dec-2023 06:08:17 GMT

GET
H2 200 2267699
mc.yandex.com/watch/ 43 B
0 57ms
57ms Fetch
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/2267699?page-url=https%3A%2F%2Fpaint-online.ru%2F&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&hittoken=1702534096_56e80d42ece8f940cf7fbe9119383e4b4c61b0642a5d3f8bb5bb62587550a58c&browser-info=pv%3A1%3Aar%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A2%3Adp%3A1%3Als%3A48659526057%3Ahid%3A464545009%3Az%3A60%3Ai%3A20231214070816%3Aet%3A1702534097%3Ac%3A1%3Arn%3A971503044%3Arqn%3A2%3Au%3A1702534097872876584%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Aco%3A0%3Acpf%3A1%3Aeu%3A1%3Ans%3A1702534095893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702534097%3At%3APaint%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%E2%80%93%20%D0%B2%D0%B8%D1%80%D1%82%D1%83%D0%B0%D0%BB%D1%8C%D0%BD%D0%B0%D1%8F%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D0%BB%D0%BA%D0%B0%2C%20%D1%80%D0%B8%D1%81%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE.&t=mc(p-2-h-1)clc(0-0-0)rqnt(2)aw(1)rcm(1)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 14-Dec-2023 06:08:17 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://paint-online.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 14-Dec-2023 06:08:17 GMT

GET d.png
ysa-static.passport.yandex.ru/static/1/d959d7e39d5067fad30d9c06204866e9/ Frame DFA8 0
0

GET
H2

200

a5d4aeff8c6324ad4e2f01
an.yandex.ru/mapuid/arcspireis/ Frame DFA8
Redirect Chain

https://px.arcspire.io/yndx?id=9d4cd41a-f59d-4815-8a89-9d30806f5389
https://an.yandex.ru/mapuid/arcspireis/a5d4aeff8c6324ad4e2f01

43 B
108 B

95ms
57ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/arcspireis/a5d4aeff8c6324ad4e2f01

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

location: https://an.yandex.ru/mapuid/arcspireis/a5d4aeff8c6324ad4e2f01
date: Thu, 14 Dec 2023 06:08:16 GMT
x-envoy-upstream-service-time: 0
server: envoy
content-length: 0

GET
H2

200

0100007FD19B7A656E10561A02A1AC55
an.yandex.ru/mapuid/sapeis/ Frame DFA8
Redirect Chain

https://acint.net/rmatch/?dp=151&r=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fsapeis%2F%24%7BUSER_ID%7D
https://acint.net/rmatch/?r=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fsapeis%2F$%7BUSER_ID%7D&dp=151&tc=1
https://ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fan.yandex.ru%252Fmapuid%252Fsapeis%252F$%257BUSER_ID%257D&dp=14
https://acint.net/rmatch?dp=14&euid=3303420AD19B7A65B600A62F0278D9CE&r=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fsapeis%2F$%7BUSER_ID%7D
https://an.yandex.ru/mapuid/sapeis/0100007FD19B7A656E10561A02A1AC55

43 B
80 B

56ms
56ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/sapeis/0100007FD19B7A656E10561A02A1AC55

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

date: Thu, 14 Dec 2023 06:08:17 GMT
server: openresty
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
location: https://an.yandex.ru/mapuid/sapeis/0100007FD19B7A656E10561A02A1AC55
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-length: 154
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2

200

99d6ea7d-b431-545c-9e5d-23edfb27b83f
an.yandex.ru/mapuid/betweendigitalis/ Frame DFA8
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=43554&callback_url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fbetweendigitalis%2F%24%7BUSER_ID%7D
https://ads.betweendigital.com/match?bidder_id=43554&callback_url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fbetweendigitalis%2F%24%7BUSER_ID%7D&crf=1&rts=4780362484448876936
https://an.yandex.ru/mapuid/betweendigitalis/99d6ea7d-b431-545c-9e5d-23edfb27b83f

43 B
152 B

56ms
55ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/betweendigitalis/99d6ea7d-b431-545c-9e5d-23edfb27b83f

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:19 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:19 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:19 GMT

Redirect headers

location: https://an.yandex.ru/mapuid/betweendigitalis/99d6ea7d-b431-545c-9e5d-23edfb27b83f
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame DFA8
Redirect Chain

https://yandex.ru/an/mapuid/adobedmp/
https://dpm.demdex.net/ibs:dpid=423652&dpuuid=18A4EF0870399811
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=423652&dpuuid=18A4EF0870399811

42 B
717 B

31ms
31ms

Image
image/gif

54.75.61.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=423652&dpuuid=18A4EF0870399811

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

54.75.61.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-75-61-252.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-0d743c645.edge-irl1.demdex.com 1 ms
pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: xXcfgS0AQ+E=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-1-v054-06164c850.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: fvJZJBryQwk=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=423652&dpuuid=18A4EF0870399811
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

match
ads.betweendigital.com/ Frame DFA8
Redirect Chain

https://yandex.ru/an/mapuid/betweenx/
https://ads.betweendigital.com/match?bidder_id=161&external_user_id=9D43464B536E9AE7
https://ads.betweendigital.com/match?bidder_id=161&external_user_id=9D43464B536E9AE7&crf=1&rts=-1895880067887996723

68 B
598 B

1223ms
1223ms

Image
image/png

203.195.121.141
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.betweendigital.com/match?bidder_id=161&external_user_id=9D43464B536E9AE7&crf=1&rts=-1895880067887996723
Protocol: H2
Server: 203.195.121.141 , Singapore, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

Redirect headers

location: /match?bidder_id=161&external_user_id=9D43464B536E9AE7&crf=1&rts=-1895880067887996723
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H/1.1

204
No Content

pixel
im.bluevoox.com/ Frame DFA8
Redirect Chain

https://yandex.ru/an/mapuid/blueseaxcom/
https://im.bluevoox.com/pixel?s1=1&s2=1315&s3=vldyrx2shs82pv9o&cm=1&rd=1&puid=B6FD18974EFFD719

0
241 B

297ms
95ms

Image
text/plain

52.45.175.185
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://im.bluevoox.com/pixel?s1=1&s2=1315&s3=vldyrx2shs82pv9o&cm=1&rd=1&puid=B6FD18974EFFD719
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Server: 52.45.175.185 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-45-175-185.compute-1.amazonaws.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Connection: close
Date: Thu, 14 Dec 2023 06:08:17 GMT
Server: openresty

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1702534097022868-16096218970661275421-balancer-l7leveler-kubr-yp-vla-75-BAL
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
location: https://im.bluevoox.com/pixel?s1=1&s2=1315&s3=vldyrx2shs82pv9o&cm=1&rd=1&puid=B6FD18974EFFD719
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DFA8
Redirect Chain

https://yandex.ru/an/mapuid/google/?partner-tag=yandex_llc
https://cm.g.doubleclick.net/pixel?google_nid=yandex_llc&google_hm=DDE78A65AB669C41&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif

170 B
232 B

50ms
16ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yandex_llc&google_hm=DDE78A65AB669C41&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1702534097023111-6753157891319055416-balancer-l7leveler-kubr-yp-vla-75-BAL
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=yandex_llc&google_hm=DDE78A65AB669C41&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DFA8
Redirect Chain

https://yandex.ru/an/mapuid/google/?partner-tag=yandexcom
https://cm.g.doubleclick.net/pixel?google_nid=yandexcom&google_hm=DDE78A65AB669C41&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif

170 B
409 B

48ms
14ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yandexcom&google_hm=DDE78A65AB669C41&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1702534097023366-6303297216819785440-balancer-l7leveler-kubr-yp-vla-75-BAL
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=yandexcom&google_hm=DDE78A65AB669C41&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DFA8
Redirect Chain

https://yandex.ru/an/mapuid/google/?partner-tag=yandexru
https://cm.g.doubleclick.net/pixel?google_nid=yandexru&google_hm=DDE78A65AB669C41&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif

170 B
232 B

48ms
16ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yandexru&google_hm=DDE78A65AB669C41&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1702534097023607-14202359499890039476-balancer-l7leveler-kubr-yp-vla-75-BAL
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=yandexru&google_hm=DDE78A65AB669C41&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H/1.1

200
OK

cm.gif
ad.mail.ru/ Frame DFA8
Redirect Chain

https://yandex.ru/an/mapuid/mailweb/
https://ad.mail.ru/cm.gif?p=155&id=ED3111F119AAED36

43 B
766 B

191ms
66ms

Image
image/gif

2a00:1148:db00::17
VK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mail.ru/cm.gif?p=155&id=ED3111F119AAED36
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Server: 2a00:1148:db00::17 , Russian Federation, ASN47764 (VK-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:17 GMT
Last-Modified: Thu, 14 Dec 2023 06:08:17 GMT
Server: nginx
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp
Content-Type: image/gif
Cache-Control: max-age=21600
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 43
Expires: Thu, 14 Dec 2023 12:08:17 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1702534097023871-4230277224149080183-balancer-l7leveler-kubr-yp-vla-75-BAL
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
location: https://ad.mail.ru/cm.gif?p=155&id=ED3111F119AAED36
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H2

200

sync
x.bidswitch.net/ Frame DFA8
Redirect Chain

https://yandex.ru/an/mapuid/minimobww/
https://yandex.digital-services.solutions/api/sync?demand=YANV2EU&userid=539C7A90F5A51BC&expires=1&usergroup=1
https://x.bidswitch.net/sync?dsp_id=469&user_id=539C7A90F5A51BC&expires=1&user_group=1

43 B
146 B

39ms
7ms

Image
image/gif

18.158.157.189
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=469&user_id=539C7A90F5A51BC&expires=1&user_group=1
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: H2
Server: 18.158.157.189 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-157-189.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/sync?dsp_id=469&user_id=539C7A90F5A51BC&expires=1&user_group=1
date: Thu, 14 Dec 2023 06:08:17 GMT
x-powered-by: Express
content-length: 108
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H2

200

sync
t.adx.opera.com/ Frame DFA8
Redirect Chain

https://yandex.ru/an/mapuid/operacom/
https://t.adx.opera.com/sync?vendor=60143&uid=D818A95816647E2A

35 B
466 B

51ms
16ms

Image
image/gif

82.145.213.8
NO-OPERA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.adx.opera.com/sync?vendor=60143&uid=D818A95816647E2A
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: H2
Server: 82.145.213.8 , Norway, ASN39832 (NO-OPERA, NO),
Reverse DNS: n-sysadmin-jumpbox-03.feednews.opera.technology
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
server: nginx
access-control-allow-methods: POST, GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1702534097024374-17478241452911129980-balancer-l7leveler-kubr-yp-vla-75-BAL
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
location: https://t.adx.opera.com/sync?vendor=60143&uid=D818A95816647E2A
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H2 404 /
yandex.ru/an/mapuid/targetads/ Frame DFA8 43 B
187 B 91ms
88ms Image
image/gif 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yandex.ru/an/mapuid/targetads/

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

d346801abbf9bb4e9e9a055239053d4ab5596514304f601a6c70604187acb744

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1702534097056043-15190033385362395252-balancer-l7leveler-kubr-yp-vla-75-BAL
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H/1.1

200
OK

user-sync
sync.adkernel.com/ Frame DFA8
Redirect Chain

https://yandex.ru/an/mapuid/xapadsssp/
https://sync.adkernel.com/user-sync?dsp=94&t=image&uid=17E2A3BBD72199DB

42 B
202 B

49ms
13ms

Image
image/gif

77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adkernel.com/user-sync?dsp=94&t=image&uid=17E2A3BBD72199DB
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:17 GMT
Cache-Control: no-store
Server: nginx
Connection: close
Content-Length: 42
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1702534097056316-12420804081510151-balancer-l7leveler-kubr-yp-vla-75-BAL
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
location: https://sync.adkernel.com/user-sync?dsp=94&t=image&uid=17E2A3BBD72199DB
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H2 200 /
yandex.ru/an/mapuid/yeahmobissp/ Frame DFA8 0
0 90ms
87ms Image
text/html 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://yandex.ru/an/mapuid/yeahmobissp/
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H2

200

bcbbfdfc4c8a27cec1f12c5b58e9fe929d3a2955e9927868796cbc7e7d281dac
an.yandex.ru/mapuid/mediascope/ Frame DFA8
Redirect Chain

https://cm.tns-counter.ru/yacm
https://an.yandex.ru/mapuid/mediascope/bcbbfdfc4c8a27cec1f12c5b58e9fe929d3a2955e9927868796cbc7e7d281dac

43 B
80 B

56ms
56ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/mediascope/bcbbfdfc4c8a27cec1f12c5b58e9fe929d3a2955e9927868796cbc7e7d281dac

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
server: ms-counter-4.0.4/1.22.1
content-type: text/html
location: https://an.yandex.ru/mapuid/mediascope/bcbbfdfc4c8a27cec1f12c5b58e9fe929d3a2955e9927868796cbc7e7d281dac
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
timing-allow-origin: *
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2

204

cr
cr.frontend.weborama.fr/ Frame DFA8
Redirect Chain

https://cr.frontend.weborama.fr/cr?key=yandex&url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fdmpweborama%2F{WEBO_CID}
https://cr.frontend.weborama.fr/cr?key=yandex&url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fdmpweborama%2F%7BWEBO_CID%7D&bounce=1&random=1696893171

0
45 B

15ms
14ms

Image
text/plain

34.111.129.221
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr.frontend.weborama.fr/cr?key=yandex&url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fdmpweborama%2F%7BWEBO_CID%7D&bounce=1&random=1696893171
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: H2
Server: 34.111.129.221 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 221.129.111.34.bc.googleusercontent.com
Software: Weborama Collect Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
via: 1.1 google
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
server: Weborama Collect Frontend
vary: Origin
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
via: 1.1 google
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
server: Weborama Collect Frontend
vary: Origin
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
location: https://cr.frontend.weborama.fr/cr?key=yandex&url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fdmpweborama%2F%7BWEBO_CID%7D&bounce=1&random=1696893171
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 204 match
dm.hybrid.ai/ Frame DFA8 0
280 B 58ms
17ms Image
text/plain 37.230.131.21
HYBRID-POLAND

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dm.hybrid.ai/match?id=182

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.230.131.21 Amsterdam, Netherlands, ASN200197 (HYBRID-POLAND, PL),

Reverse DNS

Software

Hybrid Web Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
server: Hybrid Web Server
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
access-control-allow-origin: https://yastatic.net
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-mode: 536
x-xss-protection: 1; mode=block
expires: -1

GET
H2 204 yandexdmp-match
dm.hybrid.ai/ Frame DFA8 0
238 B 61ms
20ms Image
text/plain 37.230.131.21
HYBRID-POLAND

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dm.hybrid.ai/yandexdmp-match

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.230.131.21 Amsterdam, Netherlands, ASN200197 (HYBRID-POLAND, PL),

Reverse DNS

Software

Hybrid Web Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
server: Hybrid Web Server
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
access-control-allow-origin: *
cache-control: no-cache, no-store
x-mode: 537
x-xss-protection: 1; mode=block
expires: -1

GET
H2

200

jzFM4-mtuu4vEOK7TzTZ
an.yandex.ru/mapuid/dmpamberdata/ Frame DFA8
Redirect Chain

https://dmg.digitaltarget.ru/1/119/i/i?i=1702534096
https://dmg.digitaltarget.ru/awg/custom/119/i/i?call_source=awg&ts=1702534097116&i=1702534096
https://an.yandex.ru/mapuid/dmpamberdata/jzFM4-mtuu4vEOK7TzTZ

43 B
80 B

55ms
55ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/dmpamberdata/jzFM4-mtuu4vEOK7TzTZ

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

Date: Thu, 14 Dec 2023 06:08:17 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Server: nginx
X-Permitted-Cross-Domain-Policies: master-only
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Location: https://an.yandex.ru/mapuid/dmpamberdata/jzFM4-mtuu4vEOK7TzTZ
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H2

200

cPxFweTHLHLhiKjCLJNmROpDNDMYhKyA
an.yandex.ru/mapuid/mediasurferis/ Frame DFA8
Redirect Chain

https://dsp.mpartner.digital/dmp/syncsspdmp?sspid=4
https://an.yandex.ru/mapuid/mediasurferis/cPxFweTHLHLhiKjCLJNmROpDNDMYhKyA

43 B
80 B

56ms
56ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/mediasurferis/cPxFweTHLHLhiKjCLJNmROpDNDMYhKyA

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

location: https://an.yandex.ru/mapuid/mediasurferis/cPxFweTHLHLhiKjCLJNmROpDNDMYhKyA
date: Thu, 14 Dec 2023 06:08:17 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-type: text/html; charset=utf-8
content-length: 109
p3p: policyref="//dsp.mpartner.digital/w3c/p3p.xml", CP="NON DSP COR CURa ADMa DEVa OUR BUS UNI COM NAV INT STA"

GET
H2 200 server_match
euw-ice.360yield.com/ Frame DFA8 43 B
199 B 113ms
34ms Image
image/gif 34.255.40.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://euw-ice.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fazerionis%2F{PUB_USER_ID}
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.255.40.44 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-40-44.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 14 Dec 2023 06:08:17 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

07c3f40f-84db-42ea-6c0f-a4f5dede150a
an.yandex.ru/mapuid/buzzooladspis/ Frame DFA8
Redirect Chain

https://exchange.buzzoola.com/cookiesync/redirect/yandex?redirect_url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fbuzzooladspis%2F%24%7BUUID%7D
https://an.yandex.ru/mapuid/buzzooladspis/07c3f40f-84db-42ea-6c0f-a4f5dede150a

43 B
80 B

59ms
59ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/buzzooladspis/07c3f40f-84db-42ea-6c0f-a4f5dede150a

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

location: https://an.yandex.ru/mapuid/buzzooladspis/07c3f40f-84db-42ea-6c0f-a4f5dede150a
date: Thu, 14 Dec 2023 06:08:17 GMT
server: nginx
content-length: 113
serverid: TODO
content-type: text/html; charset=utf-8

GET
H2

200

ZXqb0SmHxpI
an.yandex.ru/mapuid/soltadspis/ Frame DFA8
Redirect Chain

https://kimberlite.io/rtb/sync/yandex
https://sync.dsp.solta.io/match/kimberlite?id=ZXqb0SmHxpI
https://sync.dsp.solta.io/match/kimberlite?id=ZXqb0SmHxpI&chk=1
https://kimberlite.io/rtb/sync/iage?u=YTcwMGY5ZWRjMmM2Y2Zl
https://sm.rtb.mts.ru/p?ssp=toptraffic&id=ZXqb0SmHxpI
https://vma.mts.ru/match/second?ssp=59&exu=ZXqb0SmHxpI
https://tech.rtb.mts.ru/?dsp_uid=7e4a598e-7307-46a0-ac62-1758f4a85cf9&return_url=https%3A%2F%2Fpixel.konnektu.ru%2Fredirect%2Fmts%3Fcallback_url%3Dhttps%253A%252F%252Fvma.mts.ru%252Fem%253Fnext%253...
https://pixel.konnektu.ru/redirect/mts?callback_url=https%3A%2F%2Fvma.mts.ru%2Fem%3Fnext%3D59%26em%3D1%26ssp%3Dkonnektu%26id%3D%7BUSER_ID%7D
https://vma.mts.ru/em?next=59&em=1&ssp=konnektu&id=
https://kimberlite.io/rtb/sync/mts?u=7e4a598e-7307-46a0-ac62-1758f4a85cf9
https://an.yandex.ru/mapuid/soltadspis/ZXqb0SmHxpI

43 B
152 B

56ms
55ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/soltadspis/ZXqb0SmHxpI

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:18 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:18 GMT

Redirect headers

Date: Thu, 14 Dec 2023 06:08:18 GMT
referrer-policy: no-referrer
Server: nginx
access-control-allow-origin: *
location: https://an.yandex.ru/mapuid/soltadspis/ZXqb0SmHxpI
cache-control: no-store
access-control-allow-credentials: true
Connection: keep-alive
server-timing: app;srv=0;dur=0.0002
Content-Length: 0

GET
H2

200

/
an.yandex.ru/mapuid/targetrtbis/ Frame DFA8
Redirect Chain

https://match.new-programmatic.com/userbind?src=yandex&pbf=1&gi=1
https://an.yandex.ru/mapuid/targetrtbis/

43 B
80 B

56ms
56ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/targetrtbis/

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

Date: Thu, 14 Dec 2023 06:08:17 GMT
Server: nginx/1.22.1
Vary: Origin
Access-Control-Allow-Origin: *
Location: https://an.yandex.ru/mapuid/targetrtbis/
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET pixel
mitdmp.whiteboxdigital.ru/ Frame DFA8 0
0

GET
H/1.1

204
No Content

cm
nr.bidderstack.com/yandex/ Frame DFA8
Redirect Chain

https://nr.bidderstack.com/yandex/cm?user_id={partner_user_id}
https://nr.bidderstack.com/yandex/cm?user_id={partner_user_id}&pupa=1

0
194 B

15ms
15ms

Image
text/plain

167.235.186.113
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nr.bidderstack.com/yandex/cm?user_id={partner_user_id}&pupa=1
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Server: 167.235.186.113 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.113.186.235.167.clients.your-server.de
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 14 Dec 2023 06:08:17 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

Redirect headers

Location: /yandex/cm?user_id={partner_user_id}&pupa=1
Access-Control-Allow-Origin: *
Date: Thu, 14 Dec 2023 06:08:17 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

/
an.yandex.ru/mapuid/ramblerssp/ Frame DFA8
Redirect Chain

https://profile.ssp.rambler.ru/sync3.302?pid=188
https://an.yandex.ru/mapuid/ramblerssp/

43 B
80 B

56ms
56ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/ramblerssp/

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

date: Thu, 14 Dec 2023 06:08:17 GMT
strict-transport-security: max-age=0
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
location: //an.yandex.ru/mapuid/ramblerssp/
content-type: application/x-javascript
x-passed: 0bal2
content-length: 0

GET
H2

200

Ll6hh6OUHmh.AikABlGMZvCqcA
an.yandex.ru/mapuid/getintentis/ Frame DFA8
Redirect Chain

https://px.adhigh.net/p/cm/yandexssp
https://px.adhigh.net/p/cm/yandexssp?bounced=1
https://an.yandex.ru/mapuid/getintentis/Ll6hh6OUHmh.AikABlGMZvCqcA

43 B
80 B

57ms
57ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/getintentis/Ll6hh6OUHmh.AikABlGMZvCqcA

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
server: nginx
x-backend-id: f7-ru
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: *
location: https://an.yandex.ru/mapuid/getintentis/Ll6hh6OUHmh.AikABlGMZvCqcA
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 y
rtb-eu-warsaw.intent.ai/um/ Frame DFA8 68 B
828 B 45ms
29ms Image
image/png 2606:4700:20::681a:e45
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb-eu-warsaw.intent.ai/um/y

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:e45 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:17 GMT
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length: 68
pragma: no-cache
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
server: cloudflare
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Aj6CaT74pXvo%2B2rDhtBlOQAAnLkSE4cIkhN6BPZ3Zk94bPEXPGLtaglkVlYtCbq9r4z1Qs4yAy6eY4VuTb0V%2BZuPCvBfOGtR3XSRonAtRxAAXZvzC4pRpUG0hCqPcJ6TKn1R4UzaaJp2OgOBbhm9xWk93Aux"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials: true
cf-ray: 8354457bdc719b2d-FRA
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
expires: Wed, 11 Nov 1998 11:11:11 GMT

GET
H2

200

caQUP5DC553Nf5dVhayg
an.yandex.ru/mapuid/kadamis/ Frame DFA8
Redirect Chain

https://s.uuidksinc.net/match/501
https://an.yandex.ru/mapuid/kadamis/caQUP5DC553Nf5dVhayg

43 B
80 B

56ms
56ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/kadamis/caQUP5DC553Nf5dVhayg

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

location: https://an.yandex.ru/mapuid/kadamis/caQUP5DC553Nf5dVhayg
date: Thu, 14 Dec 2023 06:08:17 GMT
server: nginx/1.23.2
content-length: 0

GET
H2

200

pixel
shopnetic.com/api/rtb/dmp/ Frame DFA8
Redirect Chain

https://shopnetic.com/api/rtb/dmp/pixel?partner=yandex
https://shopnetic.com/api/rtb/dmp/pixel?partner=yandex&tc=1

43 B
406 B

71ms
71ms

Image
image/gif

77.244.216.90
SELECTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shopnetic.com/api/rtb/dmp/pixel?partner=yandex&tc=1

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

77.244.216.90 St Petersburg, Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: nginx
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS"
content-type: image/gif
cache-control: no-cache, private, max-age=0
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 01 Jan 1970 03:00:00 MSK

Redirect headers

location: https://shopnetic.com/api/rtb/dmp/pixel?partner=yandex&tc=1
date: Thu, 14 Dec 2023 06:08:17 GMT
server: nginx
content-length: 154
content-type: text/html

GET
H2

200

7e4a598e-7307-46a0-ac62-1758f4a85cf9
an.yandex.ru/mapuid/mtsdspis/ Frame DFA8
Redirect Chain

https://sm.rtb.mts.ru/p?ssp=yandex&id=map
https://vma.mts.ru/match/second?ssp=55
https://tech.rtb.mts.ru/?dsp_uid=7e4a598e-7307-46a0-ac62-1758f4a85cf9&return_url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fmtsdspis%2F7e4a598e-7307-46a0-ac62-1758f4a85cf9
https://an.yandex.ru/mapuid/mtsdspis/7e4a598e-7307-46a0-ac62-1758f4a85cf9

43 B
80 B

57ms
57ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/mtsdspis/7e4a598e-7307-46a0-ac62-1758f4a85cf9

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

Date: Thu, 14 Dec 2023 06:08:17 GMT
Server: nginx/1.20.2
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=utf-8
Location: https://an.yandex.ru/mapuid/mtsdspis/7e4a598e-7307-46a0-ac62-1758f4a85cf9
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H2

200

data_sess_sync.php
sonar.semantiqo.com/fbfli/ Frame DFA8
Redirect Chain

https://sonar.semantiqo.com/dmp/scr.php
https://counter.yadro.ru/id127/reff-id.gif?sid=79279548babf46fa8ad09866d619529d
https://sonar.semantiqo.com/fbfli/data_sess_sync.php?spid=&sid=79279548babf46fa8ad09866d619529d

0
355 B

40ms
40ms

Image
text/html

95.217.109.66
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sonar.semantiqo.com/fbfli/data_sess_sync.php?spid=&sid=79279548babf46fa8ad09866d619529d
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: H2
Server: 95.217.109.66 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.66.109.217.95.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
mode: no-cors
server: nginx/1.20.1
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, x-compress, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers

Redirect headers

Location: https://sonar.semantiqo.com/fbfli/data_sess_sync.php?spid=&sid=79279548babf46fa8ad09866d619529d
Date: Thu, 14 Dec 2023 06:08:17 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Connection: keep-alive
Content-Length: 364
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK sync.cgi
ssp.adriver.ru/cgi-bin/ Frame DFA8 42 B
201 B 312ms
74ms Image
image/gif 81.222.128.214
ELTEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssp.adriver.ru/cgi-bin/sync.cgi?dsp_id=109
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.222.128.214 , Russian Federation, ASN20597 (ELTEL-AS, RU),
Reverse DNS: ad14.adriver.ru
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:17 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

GET
H/1.1 200
OK sync.cgi
ssp.adriver.ru/cgi-bin/ Frame DFA8 42 B
201 B 324ms
80ms Image
image/gif 81.222.128.214
ELTEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=19
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.222.128.214 , Russian Federation, ASN20597 (ELTEL-AS, RU),
Reverse DNS: ad14.adriver.ru
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:08:17 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

GET
H/1.1 200
OK /
sync.bumlam.com/ Frame DFA8 43 B
390 B 39ms
7ms Image
image/gif 31.172.81.172
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bumlam.com/?src=yandex
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 31.172.81.172 , Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/gif
Date: Thu, 14 Dec 2023 06:08:17 GMT
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Server: nginx
Connection: keep-alive
Content-Length: 43
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2

200

2c83a2fe-9a47-11ee-bbb1-002590c82436
an.yandex.ru/mapuid/adsniperis/ Frame DFA8
Redirect Chain

https://sync.bumlam.com/?src=yandex2
https://sync.bumlam.com/?src=yandex2&s_data=CAIQARjRt-qrBqIBECyDov6aRxHuu7EAJZDIJDY*
https://an.yandex.ru/mapuid/adsniperis/2c83a2fe-9a47-11ee-bbb1-002590c82436

43 B
80 B

56ms
56ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/adsniperis/2c83a2fe-9a47-11ee-bbb1-002590c82436

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

Date: Thu, 14 Dec 2023 06:08:17 GMT
Server: nginx
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://an.yandex.ru/mapuid/adsniperis/2c83a2fe-9a47-11ee-bbb1-002590c82436
Access-Control-Allow-Origin: https://yastatic.net
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2 204 yandexortb
sync.dmp.otm-r.com/match/ Frame DFA8 0
69 B 52ms
17ms Image
text/plain 195.201.106.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.dmp.otm-r.com/match/yandexortb
Requested by: Host: paint-online.ru
URL: https://paint-online.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.201.106.117 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.106.201.195.clients.your-server.de
Software: nginx/1.15.9 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 14 Dec 2023 06:08:17 GMT
server: nginx/1.15.9

GET
H2

200

NzM4MzI5M2NhNTYzYjVlMg
an.yandex.ru/mapuid/gonetisnew/ Frame DFA8
Redirect Chain

https://sync.gonet-ads.com/match/yandex?id=[buyerUid]
https://sync.gonet-ads.com/match/yandex?id=%5BbuyerUid%5D&chk=1
https://an.yandex.ru/mapuid/gonetisnew/NzM4MzI5M2NhNTYzYjVlMg

43 B
80 B

56ms
56ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/gonetisnew/NzM4MzI5M2NhNTYzYjVlMg

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

date: Thu, 14 Dec 2023 06:08:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: nginx
x-frame-options: SAMEORIGIN
location: https://an.yandex.ru/mapuid/gonetisnew/NzM4MzI5M2NhNTYzYjVlMg
content-length: 0
x-xss-protection: 1; mode=block

GET
H2

200

9fd3c711-ef6f-42c7-be77-0f327f8ab4de
an.yandex.ru/mapuid/upravelis/ Frame DFA8
Redirect Chain

https://sync.upravel.com/yandex/sync
https://sync.upravel.com/yandex/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly95YXN0YXRpYy5uZXQvIl19fQ
https://an.yandex.ru/mapuid/upravelis/9fd3c711-ef6f-42c7-be77-0f327f8ab4de

43 B
80 B

56ms
56ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/upravelis/9fd3c711-ef6f-42c7-be77-0f327f8ab4de

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

date: Thu, 14 Dec 2023 06:08:17 GMT
server: nginx
access-control-allow-methods: GET, POST, OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://an.yandex.ru/mapuid/upravelis/9fd3c711-ef6f-42c7-be77-0f327f8ab4de
access-control-allow-origin: *
content-type: image/png
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: false
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length: 0

GET
H2

200

ag9WCllN6dOD16O4NmkuzQ
an.yandex.ru/mapuid/dmpaidatame/ Frame DFA8
Redirect Chain

https://x01.aidata.io/0.gif?pid=YANDEX
https://x01.aidata.io/0.gif?pid=YANDEX&bounce=1
https://an.yandex.ru/mapuid/dmpaidatame/ag9WCllN6dOD16O4NmkuzQ?sign=71400506

43 B
80 B

59ms
54ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/dmpaidatame/ag9WCllN6dOD16O4NmkuzQ?sign=71400506

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
last-modified: Thu, 14 Dec 2023 06:08:16 GMT
server: nginx
access-control-allow-methods: GET, POST
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'
location: https://an.yandex.ru/mapuid/dmpaidatame/ag9WCllN6dOD16O4NmkuzQ?sign=71400506
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
content-length: 0
expires: Thu, 14 Dec 2023 06:08:16 GMT

GET
H2

200

2CjwXe7JlU7G
an.yandex.ru/mapuid/dmpsegmento/ Frame DFA8
Redirect Chain

https://yandex-dmp-sync.rutarget.ru/sync
https://an.yandex.ru/mapuid/dmpsegmento/2CjwXe7JlU7G?sign=1031053832

43 B
80 B

59ms
57ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/dmpsegmento/2CjwXe7JlU7G?sign=1031053832

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

Location: https://an.yandex.ru/mapuid/dmpsegmento/2CjwXe7JlU7G?sign=1031053832
Date: Thu, 14 Dec 2023 06:08:17 GMT
Server: nginx
Connection: close
Content-Length: 0
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."

GET
H2

200

ZN1g4WIPxUWE
an.yandex.ru/mapuid/rutargetis/ Frame DFA8
Redirect Chain

https://yandex-sync.rutarget.ru/sync
https://an.yandex.ru/mapuid/rutargetis/ZN1g4WIPxUWE

43 B
80 B

60ms
58ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/rutargetis/ZN1g4WIPxUWE

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 14 Dec 2023 06:08:17 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 14 Dec 2023 06:08:17 GMT

Redirect headers

Location: https://an.yandex.ru/mapuid/rutargetis/ZN1g4WIPxUWE
Date: Thu, 14 Dec 2023 06:08:17 GMT
Server: nginx
Connection: close
Content-Length: 0
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 55ms
54ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231207&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4ca78a76bfc601dc3b5841fb23d2c9ba219fdd1431ffef6bce5fcdb59817e477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12227
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 160 KB
55 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e44128a2911dbcc9031a191b00018005dbde321e10a7c330fa6d603b02a07ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56011
x-xss-protection: 0
server: cafe
etag: 9336093937293375424
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FC1E 155 KB
45 KB 665ms
665ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4641805436478605&output=html&h=280&adk=1887799433&adf=3667902397&pi=t.aa~a.2588967359~i.9~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1702534097&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=2752915235&ad_type=text_image&format=900x280&url=https%3A%2F%2Fpaint-online.ru%2F&ea=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702534097766&bpp=1&bdt=1620&idt=2&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7690269452739&frm=20&pv=1&ga_vid=40257644.1702534097&ga_sid=1702534097&ga_hid=216383189&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1259&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080114%2C44795921%2C44809005%2C95320885&oid=2&pvsid=1113691055292759&tmod=2042568237&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b0be7739988d4d7c0cd761c4ba96f0edc96dff69d740b20974f3cfba2f0f554

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paint-online.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 45835
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 06:08:18 GMT
expires: Thu, 14 Dec 2023 06:08:18 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 54ms
34ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame EB0A 9 KB
4 KB 6ms
6ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f71b692f2abd27afd1fc948dff479a3d93307f52cb7af5bb0b114615f5b85c1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paint-online.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17931
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4114
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 01:09:26 GMT
etag: 12700215250743596434
expires: Thu, 28 Dec 2023 01:09:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 02D5 9 KB
4 KB 6ms
6ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f71b692f2abd27afd1fc948dff479a3d93307f52cb7af5bb0b114615f5b85c1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paint-online.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17931
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4114
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 01:09:26 GMT
etag: 12700215250743596434
expires: Thu, 28 Dec 2023 01:09:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 743A 9 KB
4 KB 6ms
6ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f71b692f2abd27afd1fc948dff479a3d93307f52cb7af5bb0b114615f5b85c1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paint-online.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17931
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4114
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 01:09:26 GMT
etag: 12700215250743596434
expires: Thu, 28 Dec 2023 01:09:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 8A3C 9 KB
4 KB 8ms
8ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f71b692f2abd27afd1fc948dff479a3d93307f52cb7af5bb0b114615f5b85c1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paint-online.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17931
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4114
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 01:09:26 GMT
etag: 12700215250743596434
expires: Thu, 28 Dec 2023 01:09:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame EB0A 4 KB
744 B 36ms
16ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 04:45:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 7416 14 KB
2 KB 27ms
15ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 05:19:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7416 2 KB
1 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 7416 24 KB
9 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25680
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 23:00:17 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2278 143 B
166 B 12ms
11ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2319
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 05:29:38 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7416 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 09:00:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76061
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 09:00:36 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7416 20 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7416 203 KB
65 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame 7416 37 KB
16 KB 35ms
7ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231094
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 10 Mar 2024 13:56:43 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame EB0A 16 KB
7 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6766
x-xss-protection: 0
server: cafe
etag: 14924840246271906451
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:43 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame EB0A 205 B
519 B 34ms
9ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:54:46 GMT
x-content-type-options: nosniff
age: 162811
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 11 Dec 2024 08:54:46 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame EB0A 604 B
696 B 35ms
9ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 02:54:34 GMT
x-content-type-options: nosniff
age: 184423
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 11 Dec 2024 02:54:34 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame EB0A 22 KB
9 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 02:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13882
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9210
x-xss-protection: 0
server: cafe
etag: 13914886398874665762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 02:16:55 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 02D5 6 KB
779 B 18ms
14ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 05:18:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 02D5 2 KB
822 B 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 02D5 24 KB
9 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25680
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 23:00:17 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 02D5 3 KB
1 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 09:00:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76061
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 09:00:36 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 02D5 20 KB
8 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 02D5 203 KB
64 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame 02D5 37 KB
15 KB 23ms
10ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231094
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 10 Mar 2024 13:56:43 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17254773253399419294/ Frame 68FC 165 KB
25 KB 7ms
7ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17254773253399419294/index.html

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

439793667b7db254a4c9d587b4ef7fc5f13f431d8f14f960bb0848d0245bf3c7

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 133143
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 25239
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 17:09:14 GMT
expires: Wed, 11 Dec 2024 17:09:14 GMT
last-modified: Fri, 17 Nov 2023 09:24:32 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 1D23 24 KB
9 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25680
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 23:00:17 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8D52 143 B
166 B 8ms
7ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2319
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 05:29:38 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 1D23 3 KB
1 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 09:00:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76061
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 09:00:36 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 1D23 20 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1D23 203 KB
64 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 8A3C 14 KB
1 KB 17ms
14ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 05:32:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 8A3C 2 KB
822 B 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8A3C
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CsD590Jt6ZeDSIsS09fgP9aCTgAPuj4vKdPnvgM6-Eu_WjKjqQRABIJDW5x5gleKQgqAHoAGDrI2qKsgBCakCVYKMewxDsj6oAwHIA8sEqgTwAU_QxW12TBCgyStSv5sKsUal2ruL5Dd_uOd...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228907451650476996835%22,%22debug_reporting%22:true,%22destination%22:%22https://novapost.com%22,%22event_report_window%22:%...

0
0

57ms
41ms

Fetch
text/css

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228907451650476996835%22,%22debug_reporting%22:true,%22destination%22:%22https://novapost.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211362588163%22],%2222%22:[%22true%22],%224%22:[%2212-14%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222131303104384975921%22}&andc=true

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:18 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"8907451650476996835","debug_reporting":true,"destination":"https://novapost.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11362588163"],"22":["true"],"4":["12-14"],"6":["true"]},"priority":"500","source_event_id":"2131303104384975921"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 14 Dec 2023 06:08:18 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 14 Dec 2023 06:08:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"8907451650476996835","debug_reporting":true,"destination":"https://novapost.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11362588163"],"22":["true"],"4":["12-14"],"6":["true"]},"priority":"500","source_event_id":"2131303104384975921"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 8A3C 24 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25680
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 23:00:17 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 8A3C 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 09:00:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76061
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 09:00:36 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 8A3C 20 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8A3C 203 KB
64 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:08:17 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame 8A3C 37 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231094
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 10 Mar 2024 13:56:43 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/2252126526056607533/ Frame 8A3C 22 KB
22 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2252126526056607533/14763004658117789537?w=400&h=209&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

275dc425badb2811ead827471ff6c61ba09da91e88383aab9969063dde77f25f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:06:20 GMT
x-content-type-options: nosniff
age: 111717
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22156
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 16:22:16 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 11 Dec 2024 23:06:20 GMT

GET
DATA 200
OK truncated
/ Frame 8A3C 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 8A3C 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 68FC 16 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17254773253399419294/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 20:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34717
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5660
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 14 Dec 2023 20:29:40 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 68FC 34 KB
13 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17254773253399419294/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 19:07:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39657
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:07:20 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 43B1 13 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paint-online.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 42363
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 13 Dec 2023 18:22:14 GMT
expires: Thu, 12 Dec 2024 18:22:14 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 260E 829 B
1 KB 39ms
17ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cc4e42ce911e38003c275c31701dea3098199d0267afeff3fb1bb5f4117cb128

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OMKcSJNu5ouN0YeWSJ4CGw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://paint-online.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-OMKcSJNu5ouN0YeWSJ4CGw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 06:08:18 GMT
expires: Thu, 14 Dec 2023 06:08:18 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 63ms
42ms Preflight
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 14 Dec 2023 06:08:18 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2278
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

17ms
16ms

Document
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 06:08:18 GMT
expires: Thu, 14 Dec 2023 06:08:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 06:08:18 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8D52
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

21ms
21ms

Document
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 06:08:18 GMT
expires: Thu, 14 Dec 2023 06:08:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 06:08:18 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 8A3C 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b27e49e8d699a2ce630bd7b709e47cb3df1677ee9fc6c61a1337ce32576ef92f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/2252126526056607533/ Frame 02D5 38 KB
39 KB 10ms
10ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2252126526056607533/2076313506083323656

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0114392b4c9309255573300c6f1010d18f483f522fcfe1967c5146536aa4c99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:02:22 GMT
x-content-type-options: nosniff
age: 111956
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39392
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 16:22:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 11 Dec 2024 23:02:22 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/4502247047325849301/ Frame 02D5 3 KB
3 KB 12ms
8ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4502247047325849301/14763004658117789537?w=100&h=100&tw=1&q=75

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf86d359d1531aee2e46233f03df7649a5ef3041f9550ff063ba329d25103229

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 21:15:08 GMT
x-content-type-options: nosniff
age: 204790
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3085
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 22:30:22 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 10 Dec 2024 21:15:08 GMT

GET
DATA 200
OK truncated
/ Frame 02D5 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 02D5 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7580a3c9a08db47e1d1a04308606fb6e625bbd91564c47711adb59727aef40ab

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 02D5 15 KB
16 KB 44ms
17ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 16:39:21 GMT
x-content-type-options: nosniff
age: 480537
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Dec 2024 16:39:21 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 02D5 15 KB
15 KB 40ms
14ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 00:01:51 GMT
x-content-type-options: nosniff
age: 194787
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 00:01:51 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 02D5 15 KB
16 KB 32ms
6ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:54:09 GMT
x-content-type-options: nosniff
age: 162849
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 08:54:09 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 260E 0
0 45ms
41ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231207&jk=1113691055292759&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 8A3C 33 KB
33 KB 29ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 21:01:51 GMT
x-content-type-options: nosniff
age: 32787
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Dec 2024 21:01:51 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjYUvaYr.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 8A3C 15 KB
15 KB 37ms
16ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjYUvaYr.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5825c88b68a498c8b3d8d34f0090a625f063a366c8f3cbebf51e7657623fb13b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 00:09:00 GMT
x-content-type-options: nosniff
age: 194358
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15352
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:34:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 00:09:00 GMT

GET
H3 200 1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js Show response
pagead2.googlesyndication.com/bg/ Frame 9886 51 KB
19 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:42:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 217549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19719
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Dec 2024 17:42:29 GMT

GET
H3 200 1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js Show response
pagead2.googlesyndication.com/bg/ Frame 7039 51 KB
19 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:42:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 217549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19719
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Dec 2024 17:42:29 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 43B1 39 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 17:17:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Dec 2024 17:17:29 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 02D5
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CBkLv0Jt6Zd7SIsS09fgP9aCTgAPuj4vKdPnvgM6-Eu_WjKjqQRABIJDW5x5gleKQgqAHoAGDrI2qKsgBCakCVYKMewxDsj6oAwHIA8sEqgTvAU_QRN_jn0VH-FxnKXFwvRugMXN1FMMR-_y...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211292648871810909566%22,%22debug_reporting%22:true,%22destination%22:%22https://novapost.com%22,%22event_report_window%22:...

0
0

41ms
41ms

Fetch
text/css

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211292648871810909566%22,%22debug_reporting%22:true,%22destination%22:%22https://novapost.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211362588163%22],%2222%22:[%22true%22],%224%22:[%2212-14%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225926072945695741073%22}&andc=true

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:18 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"11292648871810909566","debug_reporting":true,"destination":"https://novapost.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11362588163"],"22":["true"],"4":["12-14"],"6":["true"]},"priority":"500","source_event_id":"5926072945695741073"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 14 Dec 2023 06:08:18 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 14 Dec 2023 06:08:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"11292648871810909566","debug_reporting":true,"destination":"https://novapost.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11362588163"],"22":["true"],"4":["12-14"],"6":["true"]},"priority":"500","source_event_id":"5926072945695741073"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js Show response
pagead2.googlesyndication.com/bg/ Frame 68FC 51 KB
19 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:42:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 217549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19719
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Dec 2024 17:42:29 GMT

GET
DATA 200
OK truncated
/ Frame 1D23 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c9d314a7af888aaf6527007618480d6b2c3015348e76923503cdc64abb4f5fa1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 1D23
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Ct8Kn0Jt6Zd_SIsS09fgP9aCTgAOZv9nmdIeV-fyUEv7DqeGVDhABIJDW5x5gleKQgqAHoAHW29r8AsgBCakC_k4j37gugT6oAwHIA0iqBN0BT9AD68rydzIxUbAnFviQJN1Ty4ADVWoi-Vx...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225957389089809665859%22,%22debug_reporting%22:true,%22destination%22:%22https://4kzgame.com%22,%22event_report_window%22:%2...

0
0

42ms
42ms

Fetch
text/css

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225957389089809665859%22,%22debug_reporting%22:true,%22destination%22:%22https://4kzgame.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22798404054%22],%2222%22:[%22true%22],%224%22:[%2212-14%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221153093253038776113%22}&andc=true

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:18 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"5957389089809665859","debug_reporting":true,"destination":"https://4kzgame.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["798404054"],"22":["true"],"4":["12-14"],"6":["true"]},"priority":"500","source_event_id":"1153093253038776113"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 14 Dec 2023 06:08:18 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 14 Dec 2023 06:08:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"5957389089809665859","debug_reporting":true,"destination":"https://4kzgame.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["798404054"],"22":["true"],"4":["12-14"],"6":["true"]},"priority":"500","source_event_id":"1153093253038776113"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 42ms
41ms Preflight
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 14 Dec 2023 06:08:18 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js Show response
pagead2.googlesyndication.com/bg/ Frame 8866 51 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:42:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 217549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19719
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Dec 2024 17:42:29 GMT

GET
H3 200 4kz.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17254773253399419294/ Frame 68FC 4 KB
4 KB 10ms
10ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17254773253399419294/4kz.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4cbbe332bfbcaa28152a8fc1dcd07def4cfd24546e0b4a945a8c271cd12ee7af

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Tue, 12 Dec 2023 17:09:16 GMT
x-content-type-options: nosniff
age: 133142
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4257
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 09:24:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 11 Dec 2024 17:09:16 GMT

GET
DATA 200
OK truncated
/ Frame 68FC 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 1192156092766895602
tpc.googlesyndication.com/gpa_images/simgad/ Frame 68FC 36 KB
36 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/1192156092766895602

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8332dce7de3707950b8366f5ba756acaf369f69f79e31ffe2f8e0319375acb90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 05:47:00 GMT
x-content-type-options: nosniff
age: 174078
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36538
x-xss-protection: 0
last-modified: Sat, 14 Oct 2023 06:12:54 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 11 Dec 2024 05:47:00 GMT

GET
H3 200 4054299176570448243
tpc.googlesyndication.com/gpa_images/simgad/ Frame 68FC 22 KB
22 KB 18ms
17ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/4054299176570448243

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f54e3295a1aff669a8dc08d278d188ced5e2af185b8e8b29640f2e39735c07d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 06:15:06 GMT
x-content-type-options: nosniff
age: 172392
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22606
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 11:32:31 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 11 Dec 2024 06:15:06 GMT

GET
H3 200 11675753586759021596
tpc.googlesyndication.com/gpa_images/simgad/ Frame 68FC 38 KB
38 KB 16ms
15ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/11675753586759021596

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

556fd11206a5d765e416dc96399b618576293dbbd18027a95141f9b2f176766f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 04:55:31 GMT
x-content-type-options: nosniff
age: 177167
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39269
x-xss-protection: 0
last-modified: Thu, 21 Sep 2023 06:14:21 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 11 Dec 2024 04:55:31 GMT

GET
H3 200 308238448673974332
tpc.googlesyndication.com/gpa_images/simgad/ Frame 68FC 31 KB
31 KB 17ms
16ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/308238448673974332

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d56ea62f72131195b5ddc617f5e39fb50e80e1c7b0c14a62162436b8be7f365

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:38:27 GMT
x-content-type-options: nosniff
age: 217791
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31732
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 11:17:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 10 Dec 2024 17:38:27 GMT

GET
H3 200 2175102968473490838
tpc.googlesyndication.com/gpa_images/simgad/ Frame 68FC 27 KB
27 KB 13ms
13ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/2175102968473490838

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a8f81ce3db6218b4c815a7cafda3adccbc237cb908034e62c15756fc0684fb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 11:30:40 GMT
x-content-type-options: nosniff
age: 153458
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27448
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 11:15:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 11 Dec 2024 11:30:40 GMT

GET
H3 200 11575988889960128707
tpc.googlesyndication.com/gpa_images/simgad/ Frame 68FC 14 KB
14 KB 12ms
12ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/11575988889960128707

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4bbcf182aee9e60bae89bb62f2239986fc4a600ed0e4f10e099df49fcf2645ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 15:29:52 GMT
x-content-type-options: nosniff
age: 225506
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13835
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 11:22:02 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 10 Dec 2024 15:29:52 GMT

GET
H3 200 ___1____11.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17254773253399419294/ Frame 68FC 29 KB
29 KB 11ms
10ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17254773253399419294/___1____11.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f075dfb8b384bf48a60a3031fc3c5822bb1c6c56d0ea314abbf6e82d3568045

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sun, 10 Dec 2023 14:11:05 GMT
x-content-type-options: nosniff
age: 316633
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29469
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 09:24:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 09 Dec 2024 14:11:05 GMT

OPTIONS
H3 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 41ms
41ms Preflight
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 14 Dec 2023 06:08:18 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 43B1 0
12 B 6ms
6ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?796XkA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:18 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 e21910fd923a6283b5d44b2382eabc86.js Show response
www.gstatic.com/mysidia/ Frame EC91 9 KB
4 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4641805436478605&output=html&h=280&adk=1887799433&adf=3667902397&pi=t.aa~a.2588967359~i.9~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1702534097&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=2752915235&ad_type=text_image&format=900x280&url=https%3A%2F%2Fpaint-online.ru%2F&ea=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702534097766&bpp=1&bdt=1620&idt=2&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7690269452739&frm=20&pv=1&ga_vid=40257644.1702534097&ga_sid=1702534097&ga_hid=216383189&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1259&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080114%2C44795921%2C44809005%2C95320885&oid=2&pvsid=1113691055292759&tmod=2042568237&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 01:04:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 191039
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4064
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 11 Mar 2024 01:04:19 GMT

GET
H3 200 f3d12415f986ed3504122551351bc1d0.js Show response
www.gstatic.com/mysidia/ Frame EC91 42 KB
16 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f3d12415f986ed3504122551351bc1d0.js?tag=html5_display_upload/html5_exit_api

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5bcc597ce8a3ec0c0ef52ee8ece8f284ca9739c1bd1bbac380a3deb672d5446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 07:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169063
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16637
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 11 Mar 2024 07:10:35 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame EC91 2 KB
835 B 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15239
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H3 200 50459845d1cbd526a76ea757de42d266.js Show response
www.gstatic.com/mysidia/ Frame EC91 23 KB
10 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/50459845d1cbd526a76ea757de42d266.js?tag=exit_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9caffafcdae7b42e3d074103c18a33640d4edf81401c216e99dbb77a15dfa511

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 03:35:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 95584
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9842
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 12 Mar 2024 03:35:14 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame EC91 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25681
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 23:00:17 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame EC91 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 09:00:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76062
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 09:00:36 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame EC91 20 KB
8 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15239
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame EC91 0
0 14ms
14ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTYLXFPJC_NGt_lYPlrksoTRFPSl-IPkhEwHTTE9RjZ_LelMF7jp7rdJnonZaSVtM2nWurbNW_OlgR9hGaTlBsA93QfWw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4641805436478605&output=html&h=280&adk=1887799433&adf=3667902397&pi=t.aa~a.2588967359~i.9~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1702534097&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=2752915235&ad_type=text_image&format=900x280&url=https%3A%2F%2Fpaint-online.ru%2F&ea=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702534097766&bpp=1&bdt=1620&idt=2&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7690269452739&frm=20&pv=1&ga_vid=40257644.1702534097&ga_sid=1702534097&ga_hid=216383189&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1259&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080114%2C44795921%2C44809005%2C95320885&oid=2&pvsid=1113691055292759&tmod=2042568237&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame EC91 203 KB
64 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:08:18 GMT

GET
H3 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame EC91 37 KB
15 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231095
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 10 Mar 2024 13:56:43 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1080109078312561619/ Frame 22BB 163 KB
22 KB 7ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1080109078312561619/index.html

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/f3d12415f986ed3504122551351bc1d0.js?tag=html5_display_upload/html5_exit_api

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1de0a2b180d862974fdd4e928f1702f8e75ec0a6edb00ce603b961a0f3f0afb2

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 209815
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22575
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 19:51:23 GMT
expires: Tue, 10 Dec 2024 19:51:23 GMT
last-modified: Fri, 14 Jul 2023 08:05:05 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 48BF 1 KB
643 B 7ms
7ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 58728
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 13 Dec 2023 13:49:30 GMT
etag: 48472445140208031
expires: Thu, 14 Dec 2023 13:49:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame EC91 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82e6c735ef980ebbd58576569f1291ee6a68488086ab83e919d5ec6309f2002d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 22BB 16 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1080109078312561619/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1080109078312561619/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 20:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34718
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5660
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 14 Dec 2023 20:29:40 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 22BB 34 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1080109078312561619/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1080109078312561619/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 19:07:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39658
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 14 Dec 2023 19:07:20 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 48BF
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEKdkRYuGbnJSmKdguVcA68A&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEKdkRYuGbnJSmKdguVcA68A&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHh4TDROTUIxUmRFVG81&google_gid=CAESEKdkRYuGbnJSmKdguVcA68A&google_cver=1&google_push=AXcoOmS3sXncgeijmiQOU1CRyxZAXAoEEQg65U2WnTYf_EQ...

170 B
188 B

16ms
16ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHh4TDROTUIxUmRFVG81&google_gid=CAESEKdkRYuGbnJSmKdguVcA68A&google_cver=1&google_push=AXcoOmS3sXncgeijmiQOU1CRyxZAXAoEEQg65U2WnTYf_EQTE1VrZiGvMLNzyXyCZc89R0lHQxY8CjGLj0QCJ2zDlZgGl7eTW3xWc94

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 06:08:17 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-0f7f5cc7c951f6e61@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WHh4TDROTUIxUmRFVG81&google_gid=CAESEKdkRYuGbnJSmKdguVcA68A&google_cver=1&google_push=AXcoOmS3sXncgeijmiQOU1CRyxZAXAoEEQg65U2WnTYf_EQTE1VrZiGvMLNzyXyCZc89R0lHQxY8CjGLj0QCJ2zDlZgGl7eTW3xWc94
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 48BF 70 B
149 B 111ms
32ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEBs3E4eBqFYyDlxM6Lj7wpc&google_cver=1&google_push=AXcoOmQOdyY6NARD-y7Spx6bV5rZPQc9AyJmbd_fc5KKKjMBLfYgvbhwvWx_cwA6Zg2f2t0xyV86slqIYkfIbeGG6LtEfIR0GeIPYH8
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4641805436478605&output=html&h=280&adk=1887799433&adf=3667902397&pi=t.aa~a.2588967359~i.9~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1702534097&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=2752915235&ad_type=text_image&format=900x280&url=https%3A%2F%2Fpaint-online.ru%2F&ea=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702534097766&bpp=1&bdt=1620&idt=2&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7690269452739&frm=20&pv=1&ga_vid=40257644.1702534097&ga_sid=1702534097&ga_hid=216383189&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1259&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080114%2C44795921%2C44809005%2C95320885&oid=2&pvsid=1113691055292759&tmod=2042568237&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:18 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 48BF
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEPSBuUmneJppZ_WxXzlNlzI&google_cver=1&google_push=AXcoOmTkhfDHgDZOrEGaTCnnk5gU3qa6Z94xAYamAK9BOTnJbVCLZtRIub7FC97lFKADLJbUzwwnhXPDfl9...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTkhfDHgDZOrEGaTCnnk5gU3qa6Z94xAYamAK9BOTnJbVCLZtRIub7FC97lFKADLJbUzwwnhXPDfl9iGV2PeyagoQK5pO9SqWw&google_hm=jSz1YS9gRs6fpPcNi...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTkhfDHgDZOrEGaTCnnk5gU3qa6Z94xAYamAK9BOTnJbVCLZtRIub7FC97lFKADLJbUzwwnhXPDfl9iGV2PeyagoQK5pO9SqWw&google_hm=jSz1YS9gRs6fpPcNiTl4w0k

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:17 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTkhfDHgDZOrEGaTCnnk5gU3qa6Z94xAYamAK9BOTnJbVCLZtRIub7FC97lFKADLJbUzwwnhXPDfl9iGV2PeyagoQK5pO9SqWw&google_hm=jSz1YS9gRs6fpPcNiTl4w0k
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 48BF 0
173 B 37ms
16ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEN7hP5TChtXH9Ql1nAQ_SJY&google_cver=1&google_push=AXcoOmQqVn4zNIppg_5Nk3WzW_2ZPItvzRkLgbS61C2g8yp_-E2KtyvAuEA9uo1Rx7_HdDBrbMgKS8-OuxlDkaSwo_PK6HMveyNaXQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4641805436478605&output=html&h=280&adk=1887799433&adf=3667902397&pi=t.aa~a.2588967359~i.9~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1702534097&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=2752915235&ad_type=text_image&format=900x280&url=https%3A%2F%2Fpaint-online.ru%2F&ea=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702534097766&bpp=1&bdt=1620&idt=2&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7690269452739&frm=20&pv=1&ga_vid=40257644.1702534097&ga_sid=1702534097&ga_hid=216383189&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1259&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080114%2C44795921%2C44809005%2C95320885&oid=2&pvsid=1113691055292759&tmod=2042568237&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:18 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 451 466606.gif
id.rlcdn.com/ Frame 48BF 0
98 B 37ms
16ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAXcoOmQJm9BcmTHvfarvDoGyndXC2bI37Gqghgr2HcexQrKWGfnEPuOeXoUh7h_Crcbpt7ZuUaaIaVL8lPq4pVPPYVhe_DFoRg4a2U8&google_gid=CAESEHr2HU5PmB2Hgid0lz11_Eg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4641805436478605&output=html&h=280&adk=1887799433&adf=3667902397&pi=t.aa~a.2588967359~i.9~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1702534097&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=2752915235&ad_type=text_image&format=900x280&url=https%3A%2F%2Fpaint-online.ru%2F&ea=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702534097766&bpp=1&bdt=1620&idt=2&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7690269452739&frm=20&pv=1&ga_vid=40257644.1702534097&ga_sid=1702534097&ga_hid=216383189&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1259&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31080114%2C44795921%2C44809005%2C95320885&oid=2&pvsid=1113691055292759&tmod=2042568237&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:18 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 48BF
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESELPwDij_2n2Qu4YXVMFWiGA&google_cver=1&google_push=AXcoOmSWrL5bmkE0jKYlz2TSz4umQGvjTkKiTUzgJpwshRJerhLPeZClfNkW5RUnY46L0VY2RnX2jj_CMNlWya...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMjMyODI3MTI0NTM0Mjg3Mg%3D%3D&google_push=AXcoOmSWrL5bmkE0jKYlz2TSz4umQGvjTkKiTUzgJpwshRJerhLPeZClfNkW5RUnY46L0VY2RnX2jj_CMNlWyaGFtb...

170 B
188 B

19ms
19ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMjMyODI3MTI0NTM0Mjg3Mg%3D%3D&google_push=AXcoOmSWrL5bmkE0jKYlz2TSz4umQGvjTkKiTUzgJpwshRJerhLPeZClfNkW5RUnY46L0VY2RnX2jj_CMNlWyaGFtbukFK8lEDDP28k

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMxMjMyODI3MTI0NTM0Mjg3Mg%3D%3D&google_push=AXcoOmSWrL5bmkE0jKYlz2TSz4umQGvjTkKiTUzgJpwshRJerhLPeZClfNkW5RUnY46L0VY2RnX2jj_CMNlWyaGFtbukFK8lEDDP28k
Date: Thu, 14 Dec 2023 06:08:18 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2

200

report
sync.teads.tv/um/ Frame 48BF
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESENsnBhovQ23L...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRvHxxBnF_xiYFRK1_ZhUv1c9J-eli1pnGPVKw-HVxPynLMdwePD3lz0Wh1O64FfllFrsaMgHXN46rtiLN7uFpjVWlNLz5Vbrz2
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

53ms
53ms

Image
image/gif

2.19.104.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Protocol: H2
Server: 2.19.104.4 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-104-4.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Thu, 14 Dec 2023 06:08:18 GMT
pragma: no-cache
date: Thu, 14 Dec 2023 06:08:18 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:18 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 48BF 0
50 B 21ms
20ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KEWbV_tKUeNwfQAnBKuXmvoAtj3AU3AqCW9po47WapFf8PW1NmXnqiKwPqjxf28oRu4OvoQQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:18 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame EC91
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C5FzD0Zt6ZdzJMMuE9fgP7ZuUyATonobgdPbb957oEZjU5buLDhABIJDW5x5gleKQgqAHoAHW29r8AsgBCakC_k4j37gugT6oAwHIA0iqBO8BT9DuPUBsxI8eApBfX2o0pK9X3d9xMms24k5...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%226624587865756958071%22,%22debug_reporting%22:true,%22destination%22:%22https://4kzgame.com%22,%22event_report_window%22:%2...

0
0

42ms
42ms

Fetch
text/css

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%226624587865756958071%22,%22debug_reporting%22:true,%22destination%22:%22https://4kzgame.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22798404054%22],%2222%22:[%22true%22],%224%22:[%2212-14%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22796092207589252433%22}&andc=true

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:18 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"6624587865756958071","debug_reporting":true,"destination":"https://4kzgame.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["798404054"],"22":["true"],"4":["12-14"],"6":["true"]},"priority":"500","source_event_id":"796092207589252433"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 14 Dec 2023 06:08:18 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 14 Dec 2023 06:08:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"6624587865756958071","debug_reporting":true,"destination":"https://4kzgame.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["798404054"],"22":["true"],"4":["12-14"],"6":["true"]},"priority":"500","source_event_id":"796092207589252433"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js Show response
pagead2.googlesyndication.com/bg/ Frame 1917 51 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:42:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 217549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19719
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Dec 2024 17:42:29 GMT

GET
H3 200 1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js Show response
pagead2.googlesyndication.com/bg/ Frame 22BB 51 KB
19 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:42:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 217549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19719
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Dec 2024 17:42:29 GMT

OPTIONS
H3 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 41ms
41ms Preflight
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 14 Dec 2023 06:08:18 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 43ms
42ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231207&jk=1113691055292759&bg=!mJulm9TNAAY3kmNgF5I7ADQBe5WfOCT8ZO5AP0uPGaSZtAHdvFBJLp69BNlv6YhgZ63L0v092xg-rxCLndS1j5jjlaMjAgAAAGBSAAAAAmgBB5kC_y5f4QDPenN4k1mmfCYxhHyb4-ZYdB8FeumVsMlu1WtDHukUXNnLPHR0M65lp581ijLiMXcye0Una2WXlJp3yZz6FGP4FHL32r8Jwuru7ahPpGapy5HHviPW5s9bnD2Qe6arxEh4VwK7lwi0sY8Sp5kjzkwwOIstwKAnuLHhHH6CkfrN-pW_GSTVNiLGLkOYl9biv-0Ap_dTzvrQznEtHocGbOz7g_pt5nASm7gJQREtuQzRO4KkIj0MDAWntd8IJuEgbXyzYNdLd_BdFicg3BSCoBwgZIpXh2LnT5hikRScvwwJf3xpHo4DBQaxFDjQWNK79BVJwevyYmIQzbXbgTIW-eakUiePSahEttZlHE_65kJKUDtGX_taOBFAQVIfqqmLgKL8vSzeh-CAKbGs5KTzzmOmIpfYPzp37Ve7JyFkWsX664xdXH2CXG9rXKWT6G8iDul8-r0XS3-vvIGPxefaGj06kfqsJys8MoGzIoto-EapyYsGX4gBke6koTQNgZC-SuIwNFPP-Oe4PfdrMWToCnftGD9sRTxpuyKQ7eGa3d1Mizltv5SQeYepok6ELjytoPryNpF_ELPVBLDhErY9eFwGE1MFrZxxA0o1Krl7_PxAcccrDZL-AEAm-ApA6BTQj_1MYSJDoGJ1vxMCPi7ivh4S-wU7ZI46O622j3FgE7XHw2BVyMEKogShxgoV3BBsDFC_mVBIRrIM1p8k1FYon_NIFLw1GRt8vdsa5QiV568HsA1XV_sRspYNleUZZMiho81xpxJTJPOX_OaGRF32cXvCtVB880P7byasUeyM65rijzE-kcvnbkIxgru6xeWulzNUxB1TE4l2slUmPXPAWCe_jbdrlSJpHht8_zdbdJFZesyXFR6srINwKjrM2Q2vcwysj8kpxvPmz4-PvHWfbx_SZ4r92Z2mDSyX1wgOLMkTarwpO_Gl6uMvMKoZBRTI8eqpZzseSBDyuJ_ehpzmc7y_qxY6IRte__jD0mRstzhTi0aOyL8JeGo77kj4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H2 200 bundle.js Show response
yastatic.net/q/set/s/rsya-tag-users/ Frame DFA8 102 KB
35 KB 51ms
51ms Script
application/x-javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/q/set/s/rsya-tag-users/bundle.js

Requested by

Host: paint-online.ru
URL: https://paint-online.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

6faf9b3930c127b8bf7d97f22a50832b6cf0ac678e16ba6fa412e0a5ec06dc2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/safeframe-bundles/0.83/1-1-0/render.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:18 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
last-modified: Tue, 18 Jul 2023 19:47:42 GMT
server: nginx/1.17.9
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
etag: W/"fad15dadf56fc1d71be6b240cc30b915"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31556952
x-nginx-request-id: 4acf5d7339cf0c72
timing-allow-origin: *
expires: Sat, 16 Dec 2023 18:04:10 GMT

GET
H2 200 watch.js Show response
mc.yandex.ru/metrika/ Frame DFA8 156 KB
56 KB 159ms
159ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: yastatic.net
URL: https://yastatic.net/q/set/s/rsya-tag-users/bundle.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

f8ed7cb7ac6dc9850cffba6d02a3e222269f9ac3cdde0cfbead7734149281f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Tue, 12 Dec 2023 08:38:02 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65781bea-dcfc"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 56572
expires: Thu, 14 Dec 2023 07:08:19 GMT

GET
H2 200 data Show response
yandex.ru/set/s/rsya-tag-users/ Frame DFA8 362 B
728 B 71ms
71ms Fetch
application/json 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/set/s/rsya-tag-users/data?referrer=https%3A%2F%2Fpaint-online.ru%2F

Requested by

Host: yastatic.net
URL: https://yastatic.net/q/set/s/rsya-tag-users/bundle.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

1b21be50822c8f1e162a563f05543e3d8b2f97a91e6ebcb8064ebbe13c6037e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1702534098969406-2462689634840271606-balancer-l7leveler-kubr-yp-vla-75-BAL
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://yastatic.net
cache-control: public,max-age=300
access-control-allow-credentials: true
x-xss-protection: 1; mode=block

POST
H2 200 1ON5GHJi0K8200000000U9nJl93E7N1J9YJJyE5TbUVSBRhfbXTcLwKo084dJ2HKxAIZIApnB2M6L4QWUER3kmdtGUAb85xjLI3HofW293j1V21WOfZ96B48mbx8U4OKmbh9QCi1OUrbJ8jZO3WAvfzb16cw2YRlCZB8C33yPPp5nC0mbmaaifIf0SXUomGo_IpJV...
yandex.ru/an/rtbcount/ 43 B
721 B 55ms
54ms Ping
image/gif 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/an/rtbcount/1ON5GHJi0K8200000000U9nJl93E7N1J9YJJyE5TbUVSBRhfbXTcLwKo084dJ2HKxAIZIApnB2M6L4QWUER3kmdtGUAb85xjLI3HofW293j1V21WOfZ96B48mbx8U4OKmbh9QCi1OUrbJ8jZO3WAvfzb16cw2YRlCZB8C33yPPp5nC0mbmaaifIf0SXUomGo_IpJVo1unIHmIlPm-SEx30no_ZmoHJni37-PM41EO6O5ahtCYa1oAZD8yrnc9f2rG581REr6vilFghuSdH8OSv8PvkkhO9LtmUHFPWSdVeYZMVBjbS6UMS5oumZJ3XQc0op_OO3n0ikA5-VFtjs-_8BuJHQ8ZpxOFsIPKTcoKztmXlrR5f2_5h1odcJDNiiBbhx9Uk7omxzl13kBlhA2ZEXWQs2Pm7RX_Dg6gRFRLsNEOBjoE7W1synz-xxktR5ivmd6bMmmmmwmUPnWOtx4nclXx6IL4kmPwMGId6V-aWrcxKyslaV1rx_bVxQVoFvl-jFbXRRlx6UniraQcHjRc6zWPzh1pdY2NVm1-uUBl-Rqptjq9Ui7Eyy23g2VLd2SqTx0iLTW1mVZBGwC87qAz463VIydo2TJEK6UNC3PmBo2SolZ1axX4voC5pWPNt0oVk1a_C7920384Rle?confirmTime=2100000&confirmRatio=1000000&test-tag=366687127863298&actual-format=10&rnd=3134498831051&pcode-active-testids=926241%2C0%2C89&banner-sizes=eyI3MjA1NzYwNzM5MTk1NDA1NiI6IjcwMHgxMDAifQ%3D%3D&width=700&height=100

Requested by

Host: yastatic.net
URL: https://yastatic.net/partner-code-bundles/927387/c92c69574a4153487935.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
x-yandex-req-id: 1702534099105757-17944459480698567128-balancer-l7leveler-kubr-yp-vla-75-BAL
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Thu, 14 Dec 2023 06:08:19 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: image/gif
access-control-allow-origin: https://paint-online.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:08:19 GMT

GET
H2 200 advert.gif
mc.yandex.com/metrika/ Frame DFA8 43 B
217 B 104ms
103ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:19 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 12 Dec 2023 08:38:02 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65781bea-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Thu, 14 Dec 2023 07:08:19 GMT

GET
H2 200 3 Show response
mc.yandex.com/watch/ Frame DFA8 256 B
352 B 60ms
60ms Fetch
application/json 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/3?wmode=7&page-url=https%3A%2F%2Fyastatic.net%2Fsafeframe-bundles%2F0.83%2F1-1-0%2Frender.html&page-ref=https%3A%2F%2Fpaint-online.ru%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A1%3Adp%3A0%3Als%3A1187125273441%3Ahid%3A786169106%3Az%3A60%3Ai%3A20231214070819%3Aet%3A1702534099%3Ac%3A1%3Arn%3A896733424%3Arqn%3A1%3Au%3A1702534099328571199%3Aw%3A1x1%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Ads%3A0%2C72%2C37%2C3%2C0%2C0%2C%2C7%2C0%2C120%2C120%2C0%2C120%3Aco%3A0%3Acpf%3A1%3Ans%3A1702534096873%3Ast%3A1702534099&t=clc(0-0-0)rqnt(1)aw(1)rcm(1)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

675eb53e76faa61ddd1aa8b41091238f4dbfecaee25ed64041c5cd66620b08c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:19 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Thu, 14-Dec-2023 06:08:19 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://yastatic.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 256
x-xss-protection: 1; mode=block
expires: Thu, 14-Dec-2023 06:08:19 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 02D5 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuTeAOcLj8StH4vLvqE6PznAqrP32mufGKrqfYqdr7aZxdIgKm4e2DoFUkSfY4qGKuKyVXuaCCFQyZjiCbH7clNEB7Sf9PRjYFWMcy-57pMxeJSMmRt_CF8F2KKAfQrjE1C6a-JCjk-TFFByy72muI3jAiqxjwOuhq0XJ_L4IfD1NdOoBG6VLk8XClrkqlWIZ8oGnJEG-nofOr70NNn6Lp3W_rWm_eK_1I93TF92tpZ_c-UVtl962AlfrYfgKI6WxxnXutTRTLMt4Z_W3UxMRi3G593sT8mYihLTYmdf19BX6XhUrlIcxBAdNEMay2NmVZ2SnpR-RXNu35e0seiK4lRQQNhlgYkFemSrlm-0s4pMzfeQpzzyLjLiUMMk-QcpYurunxmPILl4XjiF_Qc1O59TmseiO-kWdIR_sBuDf4vG5KlT_FY8bDBgDD-45IdVFjw9eLiPaTSPEdPlIMMowfTCZxqIHWelfUSz4R4VvFpD_NtjnttHIuDqclB3DKMR0GQl6RsxYTbEBA0ZpXeLSZl536JN8dYiTV5r-NizG4IaD26SOEH8A6Z84IZQIAOvVYCST_XK1JQtP_1kjPZ3pCKwEYlnWLaJY55Pzsd0FIIRcHW2JjUglDaban6MBwxxRoxboVNNW6eQUBoaARrqHEb8ROJmiyOol6eXHpN9iMvBUAq2MGAYxI5rwVw6py5s-WWY5rgJT4YKq_dA8a6bc_Zb1M7MmZeUK6uBkBoazncNRfoABb8RTSST9IBuzDCWsfj2UdasNayubYsX3iEMyx_9cx_HNxQj15Upgl0ckYMJeKtuPIU2RPIXsuuAdxH5vZS5Yp33lpVQkhy0kXkVmLoK_6e2XEtDTTJXKXAcr1rhjesXHp0CD76kCRqhCJPI42TIpauWmaLywW73D8jVP2_ABlYC0O-ulT9aHbGaMExYUfhba3rT3mt6LKuSTnLbRcnO5Qe8KLuVX5pTAuikTh1RWWvJWqT-DqJH3AsdDO5x0yQ97Vw1kJiQqIxvbEIs3fm9bC_I4MtUCrFH7zKEbnIZbG_FF67VSaAvsvk58jSKFOltBR33uv4IzmrPx8dUYvPhD1RudAubeZ9lmOkGZHaQgB0ctKvgTWZXNY7GcltVUtQgAE_Bgo-6HXfKSKzODbMlykJWrTsEjTlaO8hrZd9v58c2w_98fRm2gsyrF7UkqUGK1rP5FH20a0l7LgmEUQ-Fwnvo3MTVI2P&sai=AMfl-YQ8YfdBNMAad0wMNA23b0O1ukwPBN8W8lUKFx52RkaayFOkMdF_llejYR2EFzjC_cpULEIRfxkVdcndzT5IWiy_fF0GgC1uRxmiKdBIb58wEh0eE0HMSoRKtcu_zSq0AR8luSw_n_o78Jeh3fpeD6V8gilWu6iLfnV0EU0&sig=Cg0ArKJSzGaAX3WUjT2TEAE&cid=CAQSTwAvHhf_uu2MZv7GQhS2Va3Ld4aTYRpuTxh9VGxqxzat-XTEXdeY59aETicF_PbiMc5jsffKqtHtuv2n-7E4QWsUEaZN7WFleb474SuVd-MYAQ&id=lidar2&mcvt=1012&p=0,0,600,200&mtos=1012,1012,1012,1012,1012&tos=1012,0,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702534097834&rpt=280&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1D23 42 B
64 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvWYmiMhNjh3LQc8m_gyBvfc3mgGsw2bKcUUBdaIQundHk9D9XOsV2pJeLfIIRRDXL9-iSmjieIwRs8Fa7_C1PKx3won3hDloyumSWSN1xIT8bAcZDHqCtdX7FkACMtJWyOZu_yFy0tBtF3TlR68syWRKgN&sai=AMfl-YSq3ZPQNJ33cXMbOt6nwf_GKuCO6jfeMTmpzC3y9IUlIMIQOi132t7Oxr1ipagFZI66mCEoaoyT8yubZPtkIOVUdxAalpHKs0IjnUdXJi62O5fOUCqU3E9tqPPdhuJFzGr_bVaeXsiH6Kfc9ZgPnA&sig=Cg0ArKJSzMiZA-T4PUpUEAE&cid=CAQSTwAvHhf_uu2MZv7GQhS2Va3Ld4aTYRpuTxh9VGxqxzat-XTEXdeY59aETicF_PbiMc5jsffKqtHtuv2n-7E4QWsUEaZN7WFleb474SuVd-MYAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702534097894&rpt=141&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8A3C 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssGbutKIiSdEKJ8jfSyT-o8KjxFXkgyPh147BIJbpRmhUtSwWbyY9Qc8jn5W313VVrxdDQFzNJRMvqvk9hJhKO1DZQD-0bV1XTD4h3yyJsA2tuT1NnqXLXSkQ4bqws0p2S_LkXpHgJeNMsk7zfFfv9tSzncx-chbYsE7pLEGvwbFDvxU15fZxi2haVv-VRJ6aebcMLxizQ_Aszt40jO8wuR9EVytnCJbRQRktTmuRWKpa0ThOPWFsKCd6BTRQliNSLDZ05NyC8PX3m2QKFJpHVQSZoE-wPISsv_zzJRi29ToJ90G0rxvXpogTU9yg1FOWyZzn0j1V8Xta6nrXam2D-H5wjLivIC1zDWm4km0Hja1AH6jyWZBlxeFan3vtnkJhkhl2ipouMw7ZRDNdl7sa-5WxeABLYsNvOHzoXNkpiyAAGNswqrcNZ5SfnZL0ZvgobBhJz7Hg1sIo09ypqIbFg6rx8bQ-YcTl3RHIfpW1_aGdH9oOfx9rgznXfTsfru_dFWXu-sIwwmjKy4F-_s6w9Lt7fZId94k_HtwmG6qqCpiN4q6RTaEvjd-NpbW_qH4pS8QtYVxp9T1wDDkEJt4OvIsxqQE3FmyOCP19l0WKd062nQQQJgW3GCesolwyxmRULJoot38G5hSQ6_RVY5SqExKTUe6jDghA2XfY8j4ZdDpSZq_e3TNawqNmengMmOvYTVtTQnoF2uPdQAOmJaXjgKBjvKoa0l-Czyp8rIB3ZwMGMi89cCPz9Y8Kgc7QrbJvl2_mhI7GNCFI1829VVTgmojg3F0sarDuNO_WxAALAsMnshU5sxl8mqWq1PzNF2Z9wE-q6_dneUX8ItwgjsxXeci99KhFtjmv20kp37l23q8k7jHWky4f3yyPj5d1FObAcJwXus0hloaSHFS3J-8bMQGn_mRfZWQdyeUBlejO8JLYvN9FNVeaMT7ARFKoi4tc-6a481_InbNrdfC9puKy6uQRWGubT8JczVWLXtMWtGY60iWCEm7Mz_dtAF4ESbMTqV4se7F5v-ttRbXWxV5JMTnh_bYXRWB5V4PGoxQsji6gTNkhmny47JQAtvUddVIMirtpY6_3AsNMk41QwLNzDgXLMBif3PsVKezpo3QCPrZikKWQy6oW-eOexvVxLgNKS9pdQp2cSDa9vMISbxdT1QKA_MHiHkMTLaUaLJRgM8YeI_p2Qik1OoAtOaEdINbvbuWMolEIU&sai=AMfl-YTEAFNa2UCLFF5B-Mp1GHrlm6dKRZiyUzanleEtebtMgs6lXVKDWFkdziQTVaH0dG2oW1-IXV3hEencNVgc5iuu43aqMlSUggOw7CweMoCTA5-HLIPMWDKNe2mPOx4uE7_KP-OX8rjeICKbdnHdxbWqA70Smt3Yesjf0ic&sig=Cg0ArKJSzOKmE_o4Gy5nEAE&cid=CAQSTwAvHhf_uu2MZv7GQhS2Va3Ld4aTYRpuTxh9VGxqxzat-XTEXdeY59aETicF_PbiMc5jsffKqtHtuv2n-7E4QWsUEaZN7WFleb474SuVd-MYAQ&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=123,802,1000,1074,1074&tos=123,679,198,74,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702534097836&rpt=347&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 WPeejI_zOoVX2Lak0MKC07DLKXv4emTH1i7aTxpUS8VhTx8wZbvdzpbPEaSlOG0Tfugqo0Nkeq44BgeyFYVo6HpiiiCNWWvU5qO0RxPLcyO_PrEswzoU8f50ijP0iYRz905HRsIm-KF2mwDRWaK7cTW6REDLAfLAvGmQ3PiTDle1JPHSSNlSCMOvc0dW89wmWQjXR...
yandex.ru/an/count/ 43 B
159 B 58ms
58ms Ping
image/gif 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/an/count/WPeejI_zOoVX2Lak0MKC07DLKXv4emTH1i7aTxpUS8VhTx8wZbvdzpbPEaSlOG0Tfugqo0Nkeq44BgeyFYVo6HpiiiCNWWvU5qO0RxPLcyO_PrEswzoU8f50ijP0iYRz905HRsIm-KF2mwDRWaK7cTW6REDLAfLAvGmQ3PiTDle1JPHSSNlSCMOvc0dW89wmWQjXR6ObgzMm-nfobKQxfCdQqEZB3EOCZI_eW8Yz0OHBE843uD81QEa0ilxS9G3TdxTWC7ilB85nMaYo8OeOj3Ao39dguAxa32zmXSfqSFdGqPQ8cpADocO599mA5NXGAgCOsZ0om1u6cJ9Q9kjtKCXw2ZgjwpesHap3Y1dGwZgCLqRj95C8GXH3cAxG2vmd5iZ843VrVBZvNPOrT_yRNNXrNTUnjBcf5pxSGZSMi01QbgtcWq_3UJfBOvKJhJYun2EKFwuBBua6lPwQ5VmQc_puDaOvy1A1Xt_xIWG36PF3zgZEl25BZbed_omtjDxweaR7OrJccxOba_bAFBpcjN1jR007uV2Ym8YK1m00~2=WNKejI_zOoVX2Ldu03qB06EKJ3I8hzS270F11S7acv0RyUIaF872jjD8irFsRZlafRupXZwVovqzs-_SUSEThx9P0GcdGWKUbCeeXZQC3B27GSVHwumvS77h8av39DkYi_L5vBxCaJ75zIXhwUp8mQuAqEPWLWLextCuvmiZyawSyuKNDe6LiztanLU8I3QpajLgs3U8oOX4KRAapANXLg7ttSwoczdILnNACRiHm1XoKqRj95C8GXH3cEwohCdrNtQCN_oZg9r_M0EU4YiVl3GB0lxVfLaGyFVEQC4-lfQE6XJ_B04_cEKSpAzdUkcb5qCH7LnwztM5Y6HlfjjysQCzdjCysQDjUThzE8Hs-mJFVuFisAoqValhkYx5ZirAwxL-X-BoCUQptahZaI1SeCXSarxtZbuSt-h2l82b7J7DKxLIaX3yKedx1VuVGHtwfp2QLo_B7AyCDdokx9NZ2cVOc5IZrBkUCCTpqSdgL0R67rErpdO5~2?stat-id=1&test-tag=366687127863313&banner-sizes=eyI3MjA1NzYwNzM5MTk1NDA1NiI6IjcwMHgxMDAifQ%3D%3D&actual-format=10&pcodever=927387&banner-test-tags=eyI3MjA1NzYwNzM5MTk1NDA1NiI6IjI4MTQ3NDk3Njc2ODA0OSJ9&constructor-rendered-assets=eyI3MjA1NzYwNzM5MTk1NDA1NiI6NjQ1fQ&pcode-active-testids=926241%2C0%2C89&width=700&height=100&confirmTime=2100000&confirmRatio=1000000&wmode=0

Requested by

Host: yastatic.net
URL: https://yastatic.net/partner-code-bundles/927387/c92c69574a4153487935.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paint-online.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:08:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
x-yandex-req-id: 1702534099304518-14533670185290601069-balancer-l7leveler-kubr-yp-vla-75-BAL
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Thu, 14 Dec 2023 06:08:19 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: image/gif
access-control-allow-origin: https://paint-online.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:08:19 GMT

GET
H2 200 37412095 Show response
mc.yandex.com/watch/ Frame DFA8 439 B
475 B 60ms
59ms Fetch
application/json 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/37412095?wmode=7&page-url=https%3A%2F%2Fyastatic.net%2Fsafeframe-bundles%2F0.83%2F1-1-0%2Frender.html&page-ref=https%3A%2F%2Fpaint-online.ru%2F&charset=utf-8&site-info=%7B%22b%22%3A%22%22%2C%22browser%22%3A%22chrome%22%2C%22extensions%22%3A%22%22%2C%22fresh%22%3A%220%22%2C%22fromCancel%22%3A%22false%22%2C%22fromGoogle%22%3A%22false%22%2C%22infected%22%3A%22%22%2C%22loyal%22%3A%220%22%2C%22old%22%3A%22actual%22%2C%22os%22%3A%22windows%22%2C%22p%22%3A%22%22%2C%22sbscrb%22%3A%22%22%2C%22slow%22%3A%22%22%2C%22winxp%22%3A%22false%22%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3gtstpmsk4v16yqhe1wbp8d7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1190%3Acn%3A2%3Adp%3A1%3Als%3A819786133053%3Ahid%3A786169106%3Aphid%3A464545009%3Az%3A60%3Ai%3A20231214070819%3Aet%3A1702534099%3Ac%3A1%3Arn%3A284738630%3Arqn%3A1%3Au%3A1702534099328571199%3Aw%3A1x1%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Ads%3A0%2C72%2C37%2C3%2C0%2C0%2C%2C7%2C0%2C120%2C120%2C0%2C120%3Aco%3A0%3Acpf%3A1%3Ans%3A1702534096873%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1702534099%3At%3A&t=gdpr(6)clc(0-0-0)rqnt(1)aw(1)rcm(1)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

fd12c8fe363838d06ed0398627562cfcfc2447c235a743acb39fd20f6dd64c08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://yastatic.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:08:19 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Thu, 14-Dec-2023 06:08:19 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://yastatic.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 439
x-xss-protection: 1; mode=block
expires: Thu, 14-Dec-2023 06:08:19 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ysa-static.passport.yandex.ru
URL: https://ysa-static.passport.yandex.ru/static/1/d959d7e39d5067fad30d9c06204866e9/d.png?ex=yes

Domain: mitdmp.whiteboxdigital.ru
URL: https://mitdmp.whiteboxdigital.ru/pixel?id=a&source=yandex&redirect=false&href=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fqbitis%2F%7Bmiid%7D

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

76 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
yastatic.net/safeframe-bundles/0.83/1-1-0	1970-01-20 16:57:00	Name: afpix Value: 1
yastatic.net/safeframe-bundles/0.83/1-1-0	1970-01-20 17:04:12	Name: pcssspb Value: 1
yastatic.net/safeframe-bundles/0.83/1-1-0	1970-01-20 16:57:00	Name: pcs3 Value: 1
shopnetic.com/api/rtb/dmp	1969-12-31 23:59:59	Name: test_cookie Value: 1
kimberlite.io/rtb/sync	1970-01-20 17:05:38	Name: as Value: OFrH4WV6m9GE8n8IZXqb0Q
paint-online.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: sv3jdnii041bdqmt7vhdh82040
.yandex.ru/	1970-01-21 01:41:10	Name: yashr Value: 648236521702534096
.paint-online.ru/	1970-01-21 01:41:10	Name: _ym_uid Value: 1702534097872876584
.paint-online.ru/	1970-01-21 01:41:10	Name: _ym_d Value: 1702534097
.mc.yandex.com/	1970-01-20 16:55:34	Name: sync_cookie_csrf Value: 2545122210fake
.yandex.com/	1970-01-21 02:31:34	Name: i Value: 07xkvLXRkdxF0rVidG7214aqOtFpBi9mzcExsoXRo2k3plmiOSAsud/YDL2XRRemZkEcDawLBgrsZwBfoW2KcEhhnSU=
.yandex.com/	1970-01-21 01:41:10	Name: yandexuid Value: 8279908261702534096
.paint-online.ru/	1970-01-20 16:56:46	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-20 16:55:34	Name: sync_cookie_csrf Value: 1497094749fake
.mc.yandex.com/	1970-01-20 16:57:00	Name: sync_cookie_ok Value: synced
.yandex.ru/	1970-01-21 02:31:34	Name: yandexuid Value: 8279908261702534096
.yandex.ru/	1970-01-21 02:31:34	Name: yuidss Value: 8279908261702534096
.yandex.ru/	1970-01-21 02:31:34	Name: i Value: 07xkvLXRkdxF0rVidG7214aqOtFpBi9mzcExsoXRo2k3plmiOSAsud/YDL2XRRemZkEcDawLBgrsZwBfoW2KcEhhnSU=
.yandex.ru/	1970-01-21 02:31:34	Name: yp Value: 1702620496.yu.7589722991702534096
.yandex.ru/	1970-01-21 01:41:10	Name: ymex Value: 1705126096.oyu.7589722991702534096
.yandex.com/	1970-01-21 01:41:10	Name: yuidss Value: 8279908261702534096
.yandex.com/	1970-01-21 01:41:10	Name: ymex Value: 1734070096.yrts.1702534096
.yandex.com/	1970-01-21 01:41:10	Name: bh Value: KgI/MA==
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 593687111702534096
.acint.net/	1970-01-20 16:55:34	Name: test_cookie Value: CheckForPermission
.acint.net/	1970-01-21 02:31:34	Name: aid Value: fwAAAWV6m9EaVhBuVayhAi9emuhHQv9OGCwCZuhynvBwCLCl
.acint.net/	1970-01-20 17:38:46	Name: cSyncDp14v4 Value: 1702534097
.weborama.fr/	1970-01-21 02:21:29	Name: AFFICHE_W Value: 9EMDU77JIhP013
px.arcspire.io/	1970-01-20 17:38:46	Name: arcid Value: a5d4aeff8c6324ad4e2f01
.adx.opera.com/	1970-01-21 01:41:10	Name: UID Value: OPUbe7e3cd4692348748d4ac26c7674c982
.dmg.digitaltarget.ru/	1970-01-21 02:31:34	Name: viuserid Value: jzFM4-mtuu4vEOK7TzTZ
.tns-counter.ru/	1970-01-21 01:41:10	Name: guid Value: DC056A1C657A9BD1X1702534097
.demdex.net/	1970-01-20 21:14:46	Name: demdex Value: 57762196712789301201657261365858414181
.dsp.mpartner.digital/	1970-01-21 01:41:10	Name: dmp Value: cPxFweTHLHLhiKjCLJNmROpDNDMYhKyA
.dpm.demdex.net/	1970-01-20 21:14:46	Name: dpm Value: 57762196712789301201657261365858414181
.ssp-rtb.sape.ru/	1970-01-21 02:31:34	Name: sspuid Value: CkIDM2V6m9EvpgC2ztl4AiAsNdbcrjw3V2omd50yqt1aTs6x
.mail.ru/	1970-01-21 01:42:36	Name: VID Value: 16w_lW3E0H2L002B3k3MqS2L:::0-0-0-a94f491-0:CAASEHJaclb9EgOrdIUcdEpfdwYaYAlLf5h2HyHseuLW3VvhmC5wfDTnH4xWnBrMfdhIPN_Dy05P3oN5bgUoR5Bxp7dhpk8NJXXV-wAKJ3qXh4TY39VZoxdoJTSanaydB7V9iMRWe52J-RVvux1psMR3EMTXhw
.uuidksinc.net/	1970-01-21 01:41:10	Name: jcsuuid Value: caQUP5DC553Nf5dVhayg
kimberlite.io/	1970-01-20 19:05:10	Name: u Value: ZXqb0SmHxpI~35Qoznsjqsq9C2zgzQ1tMs8gBeE
.sonar.semantiqo.com/	1970-01-21 02:31:34	Name: semantiqo_a Value: 79279548babf46fa8ad09866d619529d
.sonar.semantiqo.com/	1970-01-21 01:51:14	Name: check Value: e5231c00464541b6a982073f842b5aa5
.mts.ru/	1970-01-21 01:28:12	Name: dspid Value: 7e4a598e-7307-46a0-ac62-1758f4a85cf9
.mts.ru/	1970-01-21 01:28:12	Name: reset_cookie Value: 1
sync.dsp.solta.io/	1969-12-31 23:59:59	Name: chk Value: 1
shopnetic.com/	1970-01-21 02:31:34	Name: shuniq Value: 9dNXJWlPfC-4W5urPSoVpoJzpPY
.bumlam.com/	1970-01-21 02:31:34	Name: suuid3 Value: IiQyYzgzYTJmZS05YTQ3LTExZWUtYmJiMS0wMDI1OTBjODI0MzY*
.dsp.solta.io/	1970-01-21 02:31:34	Name: pid Value: YTcwMGY5ZWRjMmM2Y2Zl
.adhigh.net/	1970-01-21 01:41:10	Name: gi_u Value: Ll6hh6OUHmh.AikABlGMZvCqcA
.adhigh.net/	1970-01-21 01:41:10	Name: yandexssp_sync Value: LL6A
.upravel.com/	1970-01-20 16:55:34	Name: session_tptc Value: 1702534097634
sync.gonet-ads.com/	1969-12-31 23:59:59	Name: chk Value: 1
.upravel.com/	1970-01-21 02:31:34	Name: user_id Value: 9fd3c711-ef6f-42c7-be77-0f327f8ab4de
.gonet-ads.com/	1970-01-21 01:42:36	Name: pid Value: NzM4MzI5M2NhNTYzYjVlMg
.mts.ru/	1970-01-21 02:31:34	Name: mts_id_last_sync Value: 1702534097
.aidata.io/	1970-01-21 02:31:34	Name: __upin Value: ag9WCllN6dOD16O4NmkuzQ
.aidata.io/	1970-01-21 02:31:34	Name: __upints Value: 1702534097
.rutarget.ru/	1970-01-20 21:14:46	Name: userId Value: ZN1g4WIPxUWE
.mts.ru/	1970-01-21 02:31:34	Name: mts_id Value: eb4aafac-edd2-4b3d-8882-a349bee303e0
x01.aidata.io/	1970-01-20 17:05:38	Name: yaya Value: 1
.paint-online.ru/	1970-01-21 02:17:10	Name: __gads Value: ID=f1a0ae24289a60d7:T=1702534096:RT=1702534096:S=ALNI_MahyDi_6xa-2BmQc0_pjVWm6HIIdQ
.paint-online.ru/	1970-01-21 02:17:10	Name: __gpi Value: UID=00000d19f396dfe1:T=1702534096:RT=1702534096:S=ALNI_Ma4KOlF3ud0DLCzeGd9BhE2OqYv2g
.doubleclick.net/	1970-01-20 16:55:37	Name: DSID Value: NO_DATA
.googleadservices.com/	1970-01-20 19:05:10	Name: ar_debug Value: 1
.betweendigital.com/	1970-01-21 01:41:10	Name: dc Value: sin1
.betweendigital.com/	1970-01-21 01:41:10	Name: ss Value: 1
.betweendigital.com/	1970-01-21 01:41:10	Name: tuuid Value: 99d6ea7d-b431-545c-9e5d-23edfb27b83f
.doubleclick.net/	1970-01-21 02:17:10	Name: IDE Value: AHWqTUlXWvdlBM8I2lDplQXsFmtwaGik6as7jD41i3vLHSYPEVF6vAeFHT3KaZaSYQg
.adfarm1.adition.com/	1970-01-20 19:05:10	Name: UserID1 Value: 7312328271245342872
.w55c.net/	1970-01-21 02:27:14	Name: wfivefivec Value: XxxL4NMB1RdETo5
.ctnsnet.com/	1970-01-21 01:41:10	Name: gid_CAESEPSBuUmneJppZ_WxXzlNlzI Value: 1
.ctnsnet.com/	1970-01-21 01:41:10	Name: cid_8d2cf5612f6046ce9fa4f70d893978c3 Value: 1
.blismedia.com/	1970-01-21 01:41:14	Name: b Value: 657A9BD2AA627168FE070DA0BLIS
.w55c.net/	1970-01-20 17:38:46	Name: matchgoogle Value: 5
.yandex.ru/	1970-01-21 02:31:34	Name: is_gdpr Value: 1
.yandex.ru/	1970-01-21 02:31:34	Name: is_gdpr_b Value: CI7bbxCx3wEYAQ==
.betweendigital.com/	1970-01-21 01:41:10	Name: ut Value: ZXqb0wAFhhCdjzw10p3sExLSMf3qWYhWPKwIFg==

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://yandex.ru/an/mapuid/targetads/ Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://ysa-static.passport.yandex.ru/static/1/d959d7e39d5067fad30d9c06204866e9/d.png?ex=yes Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAXcoOmQJm9BcmTHvfarvDoGyndXC2bI37Gqghgr2HcexQrKWGfnEPuOeXoUh7h_Crcbpt7ZuUaaIaVL8lPq4pVPPYVhe_DFoRg4a2U8&google_gid=CAESEHr2HU5PmB2Hgid0lz11_Eg&google_cver=1 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acint.net
ad.mail.ru
ads.betweendigital.com
an.yandex.ru
avatars.mds.yandex.net
cm.g.doubleclick.net
cm.tns-counter.ru
counter.yadro.ru
cr.frontend.weborama.fr
dm.hybrid.ai
dmg.digitaltarget.ru
dpm.demdex.net
dsp.adfarm1.adition.com
dsp.mpartner.digital
euw-ice.360yield.com
exchange.buzzoola.com
favicon.yandex.net
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
id.rlcdn.com
im.bluevoox.com
kimberlite.io
match.adsrvr.org
match.new-programmatic.com
mc.yandex.com
mc.yandex.ru
mitdmp.whiteboxdigital.ru
nr.bidderstack.com
pagead2.googlesyndication.com
paint-online.ru
pixel.konnektu.ru
pm.w55c.net
profile.ssp.rambler.ru
px.adhigh.net
px.arcspire.io
rtb-eu-warsaw.intent.ai
s.uuidksinc.net
s7.addthis.com
shopnetic.com
sm.rtb.mts.ru
sonar.semantiqo.com
ssp-rtb.sape.ru
ssp.adriver.ru
sync.adkernel.com
sync.bumlam.com
sync.dmp.otm-r.com
sync.dsp.solta.io
sync.gonet-ads.com
sync.teads.tv
sync.upravel.com
t.adx.opera.com
tech.rtb.mts.ru
tpc.googlesyndication.com
tr.blismedia.com
vma.mts.ru
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
x01.aidata.io
yandex-dmp-sync.rutarget.ru
yandex-sync.rutarget.ru
yandex.digital-services.solutions
yandex.ru
yastatic.net
ysa-static.passport.yandex.ru
mitdmp.whiteboxdigital.ru
ysa-static.passport.yandex.ru
130.193.58.13
142.132.138.212
142.250.184.194
142.250.186.66
144.126.246.116
144.76.112.100
159.69.141.123
167.235.186.113
178.63.75.168
18.158.157.189
185.15.175.130
185.40.31.213
185.98.54.153
188.42.105.220
193.232.148.146
193.3.184.219
195.201.106.117
2.17.190.170
2.19.104.4
2001:6d0:4001::226
203.195.121.141
213.87.44.187
217.199.220.44
217.65.2.150
217.66.147.33
217.66.147.38
2606:4700:20::681a:e45
2a00:1148:db00::17
2a00:1450:4001:806::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:813::2003
2a00:1450:4001:81c::2001
2a00:1450:4001:81c::200a
2a00:1450:4001:828::2004
2a00:1450:4001:830::2003
2a02:6b8:20::215
2a02:6b8::184
2a02:6b8::1:119
2a02:6b8::36
2a02:6b8::90
2a02:6b8:a::a
31.172.81.172
34.111.129.221
34.255.40.44
34.96.105.8
35.177.4.157
35.186.193.173
35.244.174.68
37.230.131.21
45.9.27.120
52.223.40.198
52.45.175.185
52.57.12.239
54.75.61.252
77.244.216.90
77.245.57.72
81.222.128.214
82.145.213.8
84.38.189.44
85.114.159.93
87.242.93.185
88.212.202.52
89.108.120.76
91.192.150.30
95.217.109.66
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19ef1d2e0e8877ffb8ac6365d3f006b9ff0255b03e375152edba68ea94507f35
1b21be50822c8f1e162a563f05543e3d8b2f97a91e6ebcb8064ebbe13c6037e4
1de0a2b180d862974fdd4e928f1702f8e75ec0a6edb00ce603b961a0f3f0afb2
275dc425badb2811ead827471ff6c61ba09da91e88383aab9969063dde77f25f
27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b
27d7d0c8a82dc337436690a18216ff6ac27bb141f19d604f2d88131684736ae4
2a240c16fbb787dbbc2abad20c574500723733ca9c4bcce12ccb81d60d694cd2
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2e44128a2911dbcc9031a191b00018005dbde321e10a7c330fa6d603b02a07ec
2f075dfb8b384bf48a60a3031fc3c5822bb1c6c56d0ea314abbf6e82d3568045
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55
3a0fa91da55d8ab8938407872de44918e4ddf87afd6ba83a7e5d0be2d6375c98
3a8f81ce3db6218b4c815a7cafda3adccbc237cb908034e62c15756fc0684fb2
41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
42acd338a57b2db78536cd0fc38c0508481acaac6934e186be2a59e88267c232
439793667b7db254a4c9d587b4ef7fc5f13f431d8f14f960bb0848d0245bf3c7
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
47f63a06a66e809eb45688c39f8ad6fe022e9a37308d7c9c134dea3cb2ccc3a7
4bbcf182aee9e60bae89bb62f2239986fc4a600ed0e4f10e099df49fcf2645ad
4ca78a76bfc601dc3b5841fb23d2c9ba219fdd1431ffef6bce5fcdb59817e477
4cbbe332bfbcaa28152a8fc1dcd07def4cfd24546e0b4a945a8c271cd12ee7af
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4f104ad8ff5b4f4a5953c4605715ee04be40decfb853783db75e538cc3f44fd7
53667ed57bc9fa78139b9abfa0eab1b971e720eacf3fc5a7dff9a0bea12530c8
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
556fd11206a5d765e416dc96399b618576293dbbd18027a95141f9b2f176766f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
5825c88b68a498c8b3d8d34f0090a625f063a366c8f3cbebf51e7657623fb13b
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5fa08f41534a8945353db77cb8f5f691c78136adf7b4b22ffbff2f7fd1d2d735
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
6179a002bf142064d1ee936fd38dd4f357c9efa736527fb66131b606c94aa766
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
632212186bdc63fd1571a8254f236acc9ed1f41a0a136f6e5d5847a2bb4af5a5
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
675eb53e76faa61ddd1aa8b41091238f4dbfecaee25ed64041c5cd66620b08c5
67606f850815313c769dca1cf9d356d90241a91801505849f42c42cf204703c1
6b0be7739988d4d7c0cd761c4ba96f0edc96dff69d740b20974f3cfba2f0f554
6d56ea62f72131195b5ddc617f5e39fb50e80e1c7b0c14a62162436b8be7f365
6faf9b3930c127b8bf7d97f22a50832b6cf0ac678e16ba6fa412e0a5ec06dc2b
7580a3c9a08db47e1d1a04308606fb6e625bbd91564c47711adb59727aef40ab
771a3e5acc35e7dda075b1e56c7c8c2ac2980c63ab62d4534773c70be9dc00c3
82e6c735ef980ebbd58576569f1291ee6a68488086ab83e919d5ec6309f2002d
8332dce7de3707950b8366f5ba756acaf369f69f79e31ffe2f8e0319375acb90
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83f9ce91832615c90715227b16376f2f4bc9306d8d4efeb54f24aebbb24e425a
87dc05168f325edace17f04a1c83a17afebecd736e4948a041dcdaeb3c33259a
8c657693111685b7bfaa266d756ae449c489b478fcb25132fcbbb9df10f371e7
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c911ab93cf6099aeeddb19cb1903d0ef838329443c3a0549c754da47f90a70a
9caffafcdae7b42e3d074103c18a33640d4edf81401c216e99dbb77a15dfa511
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a8764d27280ea69c4ff75f94ad0eeb6308a78ec69ce125488a5688faf6ee8608
aa41104a854b7a41214f077eecbec396907a8a504e1c99991692c3769a50419a
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ad1ea654f4b4028f6e292679b833477001879314445a55c0503fec8f5118579d
b27e49e8d699a2ce630bd7b709e47cb3df1677ee9fc6c61a1337ce32576ef92f
c5bcc597ce8a3ec0c0ef52ee8ece8f284ca9739c1bd1bbac380a3deb672d5446
c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1
c9d314a7af888aaf6527007618480d6b2c3015348e76923503cdc64abb4f5fa1
cc4e42ce911e38003c275c31701dea3098199d0267afeff3fb1bb5f4117cb128
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf79db1604128c90575b6e4d7feae15f26efa0ca5038fb5cf43c771728c2845e
cf86d359d1531aee2e46233f03df7649a5ef3041f9550ff063ba329d25103229
d0114392b4c9309255573300c6f1010d18f483f522fcfe1967c5146536aa4c99
d346801abbf9bb4e9e9a055239053d4ab5596514304f601a6c70604187acb744
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d79e225d805439d50095ae99d93f578b6ef6e6be07361f51f9b0e5072330631e
d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
dd36568581f000903bd4f53bb081001cae98b22a0914612e09d35e01ea068744
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e21686313778c5d26114c9de744fbead6ef374fdaf99664d95d07126b9ea81
e7d2ac9d0d0574c9b41e3f4b838a258d31f491f3ce616b695295b5754897528d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f13535d8a36a7e29cb8d05519229576c8c6b71df69742a679694906c11ee1fc8
f32daa6d3ba4217cc5458d64c99d4e55dd3b0dbb258abf05d3b2732677ca4f42
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f54e3295a1aff669a8dc08d278d188ced5e2af185b8e8b29640f2e39735c07d2
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f5dc245f3699af7fb3c70a6d8fbaac6563f4ce4a078a2e2e239028cce069da99
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f71b692f2abd27afd1fc948dff479a3d93307f52cb7af5bb0b114615f5b85c1a
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f8ed7cb7ac6dc9850cffba6d02a3e222269f9ac3cdde0cfbead7734149281f0f
fa03accc02d7e06cc84ce073306749210551ff3e482a03b8ed78f51154805b0d
fd12c8fe363838d06ed0398627562cfcfc2447c235a743acb39fd20f6dd64c08
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

paint-online.ru Open in urlscan Pro 144.76.112.100 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

200 Requests

77 %HTTPS

25 %IPv6

59 Domains

69 Subdomains

39 IPs

10 Countries

2305 kBTransfer

6746 kBSize

76 Cookies

2 Outgoing links

Redirected requests

200 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

paint-online.ru Open in urlscan Pro
144.76.112.100 Public Scan

Screenshot
Live screenshot

Full Image

200
Requests

77 %
HTTPS

25 %
IPv6

59
Domains

69
Subdomains

39
IPs

10
Countries

2305 kB
Transfer

6746 kB
Size

76
Cookies

200 HTTP transactions
12 data transactions