buhgalter.com.ua Open in urlscan Pro
136.144.183.196 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://buhgalter.com.ua/
Effective URL:
https://buhgalter.com.ua/
Submission: On March 26 via api (March 26th 2022, 9:34:28 am UTC) from GB — Scanned from GB

Summary HTTP 425 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 76 IPs in 10 countries across 60 domains to perform 425 HTTP transactions. The main IP is 136.144.183.196, located in Netherlands and belongs to TRANSIP-AS Amsterdam, the Netherlands, NL. The main domain is buhgalter.com.ua.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 8th 2021. Valid for: a year.

This is the only time buhgalter.com.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 53	136.144.183.196 136.144.183.196	20857 (TRANSIP-A...) (TRANSIP-AS Amsterdam)
7	45.133.44.4 45.133.44.4	7018 (ATT-INTER...) (ATT-INTERNET4)
3	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2	84.17.46.53 84.17.46.53	60068 (CDN77 ^_^) (CDN77 ^_^)
4	45.133.44.3 45.133.44.3	7018 (ATT-INTER...) (ATT-INTERNET4)
3	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
1	2a02:6ea0:c70... 2a02:6ea0:c700::10	60068 (CDN77 ^_^) (CDN77 ^_^)
8	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
19	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	95.170.82.90 95.170.82.90	20857 (TRANSIP-A...) (TRANSIP-AS Amsterdam)
3	185.187.81.41 185.187.81.41	43332 (IDSTRATEG...) (IDSTRATEGY-AS)
1	2600:3c01::f0... 2600:3c01::f03c:91ff:fe79:43b	63949 (LINODE-AP...) (LINODE-AP Linode)
13	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
2	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
6	2a0c:5c81:514... 2a0c:5c81:5142::2	55081 (24SHELLS) (24SHELLS)
5	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
10	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1 11	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1 2	62.149.0.72 62.149.0.72	15497 (COLOCALL ...) (COLOCALL Internet Data Center ColoCALL)
1	193.200.65.5 193.200.65.5	6681 (GIVEME-CLOUD) (GIVEME-CLOUD)
1 1	137.74.6.209 137.74.6.209	16276 (OVH) (OVH)
1 3	185.33.221.90 185.33.221.90	29990 (ASN-APPNEX) (ASN-APPNEX)
10	2602:803:c004... 2602:803:c004:200::143	26667 (RUBICONPR...) (RUBICONPROJECT)
2	204.237.133.116 204.237.133.116	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	135.125.163.79 135.125.163.79	16276 (OVH) (OVH)
1	23.37.38.181 23.37.38.181	16625 (AKAMAI-AS) (AKAMAI-AS)
1	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1 2	5.178.65.246 5.178.65.246	50673 (SERVERIUS-AS) (SERVERIUS-AS)
2	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
33	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	37.97.131.40 37.97.131.40	20857 (TRANSIP-A...) (TRANSIP-AS Amsterdam)
34	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f06... 2a03:2880:f067:e:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
7	185.180.223.67 185.180.223.67	49981 (WORLDSTREAM) (WORLDSTREAM)
7	2a00:1450:400... 2a00:1450:4001:82a::2006	15169 (GOOGLE) (GOOGLE)
1 2	52.213.113.49 52.213.113.49	16509 (AMAZON-02) (AMAZON-02)
2	18.200.47.85 18.200.47.85	16509 (AMAZON-02) (AMAZON-02)
8 32	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
3 5	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	104.92.106.130 104.92.106.130	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
1	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
1	37.187.27.147 37.187.27.147	16276 (OVH) (OVH)
2	2606:4700::68... 2606:4700::6810:7eaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
2 2	104.90.192.27 104.90.192.27	16625 (AKAMAI-AS) (AKAMAI-AS)
3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
4 4	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8102:a946:f0fe:2301:5b7a	16509 (AMAZON-02) (AMAZON-02)
3	3.126.134.118 3.126.134.118	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:215... 2600:9000:2156:b400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
18	3.234.129.143 3.234.129.143	14618 (AMAZON-AES) (AMAZON-AES)
2 2	52.215.248.120 52.215.248.120	16509 (AMAZON-02) (AMAZON-02)
1 1	3.126.56.108 3.126.56.108	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
1	35.241.31.249 35.241.31.249	15169 (GOOGLE) (GOOGLE)
2 4	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
23	92.123.225.41 92.123.225.41	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
4 4	3.121.45.11 3.121.45.11	16509 (AMAZON-02) (AMAZON-02)
3 4	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1	209.197.3.19 209.197.3.19	20446 (STACKPATH...) (STACKPATH-CDN)
2	3.121.17.249 3.121.17.249	16509 (AMAZON-02) (AMAZON-02)
7	2.21.140.103 2.21.140.103	16625 (AKAMAI-AS) (AKAMAI-AS)
1	141.95.34.105 141.95.34.105	16276 (OVH) (OVH)
9	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	2a02:fa8:8806... 2a02:fa8:8806:16::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 2	2606:4700::68... 2606:4700::6812:c05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	35.190.0.66 35.190.0.66	() ()
1 1	2600:9000:215... 2600:9000:2156:be00:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
425	76

53 136.144.183.196 (Netherlands) 1 redirects

ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
PTR: 136-144-183-196.colo.transip.net

buhgalter.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 45.133.44.4 (Philadelphia, United States)

ASN7018 (ATT-INTERNET4, US)

cdn.gravitec.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 84.17.46.53 (Amsterdam, Netherlands)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-84-17-46-53.cdn77.com

l.getsitecontrol.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 45.133.44.3 (Philadelphia, United States)

ASN7018 (ATT-INTERNET4, US)

player.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::10 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

id.gravitec.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.170.82.90 (Amsterdam, Netherlands)

ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
PTR: 95-170-82-90.colo.transip.net

analytics.factor.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.187.81.41 (Kyiv, Ukraine)

ASN43332 (IDSTRATEGY-AS, UA)

s.zmctrack.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
loadercdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:3c01::f03c:91ff:fe79:43b (Fremont, United States)

ASN63949 (LINODE-AP Linode, LLC, US)

jsonip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a0c:5c81:5142::2 (London, United Kingdom)

ASN55081 (24SHELLS, US)

ghb.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ghb1.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 62.149.0.72 (Ukraine) 1 redirects

ASN15497 (COLOCALL Internet Data Center ColoCALL, UA)
PTR: 0-72.cc86365-03-tmp.cc.colocall.com

sync.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.200.65.5 (Amsterdam, Netherlands)

ASN6681 (GIVEME-CLOUD, PL)
PTR: t.trafmag.com

t.trafmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 137.74.6.209 (Warsaw, Poland) 1 redirects

ASN16276 (OVH, FR)
PTR: app-ngx-pl-02.adpartner.pro

a4p.adpartner.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.90 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2602:803:c004:200::143 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.237.133.116 (United States)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 135.125.163.79 (France)

ASN16276 (OVH, FR)
PTR: ns3190286.ip-135-125-163.eu

rtb.adxpremium.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.178.65.246 (Amersfoort, Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

pbjs.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.97.131.40 (Netherlands)

ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
PTR: 37-97-131-40.colo.transip.net

reactive.factor.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f067:e:face:b00c:0:3 (London, United Kingdom)

ASN32934 (FACEBOOK, US)

scontent-lcy1-1.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.180.223.67 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: 185-180-223-67.hosted-by-worldstream.net

ad.invamia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.213.113.49 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-113-49.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.200.47.85 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-200-47-85.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 142.250.186.130 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.92.106.130 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-106-130.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.125 (Amsterdam, Netherlands) 3 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.187.27.147 (France)

ASN16276 (OVH, FR)
PTR: js12.adlooxtracking.com

j.adlooxtracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7eaf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:f916:5049:f87f:108e (United States) 2 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.90.192.27 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-192-27.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.78 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.165 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8102:a946:f0fe:2301:5b7a (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.126.134.118 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-134-118.eu-central-1.compute.amazonaws.com

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2156:b400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 3.234.129.143 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-234-129-143.compute-1.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.215.248.120 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-248-120.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.56.108 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-108.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.31.249 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 249.31.241.35.bc.googleusercontent.com

data00.adlooxtracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638::1c (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 92.123.225.41 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-225-41.deploy.static.akamaitechnologies.com

secure-ds.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.121.45.11 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-45-11.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.0.31 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.197.3.19 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: vip0x013.map2.ssl.hwcdn.net

servedby.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.17.249 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-17-249.eu-central-1.compute.amazonaws.com

lm.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.21.140.103 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-140-103.deploy.static.akamaitechnologies.com

cdn.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.34.105 (France)

ASN16276 (OVH, FR)
PTR: p34.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:c05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (None, ) 1 redirects

ASN- ()

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:be00:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
74	googlesyndication.com b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 tpc.googlesyndication.com — Cisco Umbrella Rank: 122 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com	419 KB
65	doubleclick.net 8 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 stats.g.doubleclick.net — Cisco Umbrella Rank: 68 cm.g.doubleclick.net — Cisco Umbrella Rank: 176 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276 static.doubleclick.net — Cisco Umbrella Rank: 310	525 KB
53	buhgalter.com.ua 1 redirects buhgalter.com.ua	840 KB
28	serving-sys.com bs.serving-sys.com — Cisco Umbrella Rank: 1182 secure-ds.serving-sys.com — Cisco Umbrella Rank: 1874 lm.serving-sys.com — Cisco Umbrella Rank: 1978	301 KB
25	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 660 pixel.adsafeprotected.com — Cisco Umbrella Rank: 521 static.adsafeprotected.com — Cisco Umbrella Rank: 500 dt.adsafeprotected.com — Cisco Umbrella Rank: 458	193 KB
15	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 635 scontent-lcy1-1.xx.fbcdn.net — Cisco Umbrella Rank: 15571	172 KB
15	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 analytics.google.com — Cisco Umbrella Rank: 785 adservice.google.com — Cisco Umbrella Rank: 57	3 KB
13	rubiconproject.com 3 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 412 pixel.rubiconproject.com — Cisco Umbrella Rank: 289	12 KB
12	adtelligent.com 1 redirects player.adtelligent.com — Cisco Umbrella Rank: 4912 ghb.adtelligent.com — Cisco Umbrella Rank: 5671 sync.adtelligent.com — Cisco Umbrella Rank: 2780 ghb1.adtelligent.com — Cisco Umbrella Rank: 10860	143 KB
9	moatads.com z.moatads.com — Cisco Umbrella Rank: 329 px.moatads.com — Cisco Umbrella Rank: 392	104 KB
9	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 3345 adservice.google.co.uk — Cisco Umbrella Rank: 5368	2 KB
8	flashtalking.com servedby.flashtalking.com — Cisco Umbrella Rank: 655 cdn.flashtalking.com — Cisco Umbrella Rank: 844 secure.flashtalking.com — Cisco Umbrella Rank: 2040	197 KB
8	criteo.com 2 redirects bidder.criteo.com — Cisco Umbrella Rank: 689 gum.criteo.com — Cisco Umbrella Rank: 347 mug.criteo.com — Cisco Umbrella Rank: 3185	8 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	272 KB
8	gravitec.net cdn.gravitec.net — Cisco Umbrella Rank: 24268 id.gravitec.net — Cisco Umbrella Rank: 119045	62 KB
7	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	188 KB
7	invamia.com ad.invamia.com — Cisco Umbrella Rank: 60432	89 KB
6	casalemedia.com 3 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 409 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	5 KB
6	pubmatic.com 4 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 417 image6.pubmatic.com — Cisco Umbrella Rank: 571	2 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	58 KB
5	yahoo.com 3 redirects ads.yahoo.com — Cisco Umbrella Rank: 816 ups.analytics.yahoo.com — Cisco Umbrella Rank: 268	1 KB
5	openx.net us-u.openx.net — Cisco Umbrella Rank: 323 rtb.openx.net — Cisco Umbrella Rank: 1359	843 B
5	facebook.com www.facebook.com — Cisco Umbrella Rank: 96	17 KB
5	facebook.net connect.facebook.net — Cisco Umbrella Rank: 124	199 KB
4	advertising.com 4 redirects pixel.advertising.com — Cisco Umbrella Rank: 307	1 KB
4	spotxchange.com 3 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 480	2 KB
3	everesttech.net 3 redirects pixel.everesttech.net — Cisco Umbrella Rank: 2828 sync-tm.everesttech.net — Cisco Umbrella Rank: 490	1 KB
3	quantserve.com 2 redirects cms.quantserve.com — Cisco Umbrella Rank: 929	1 KB
3	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 205	12 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	160 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 697 s.tribalfusion.com — Cisco Umbrella Rank: 1995	1 KB
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 690 r.turn.com — Cisco Umbrella Rank: 2672	869 B
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 600	59 KB
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1530	1 KB
2	unpkg.com unpkg.com — Cisco Umbrella Rank: 821	43 KB
2	adlooxtracking.com j.adlooxtracking.com — Cisco Umbrella Rank: 8396 data00.adlooxtracking.com — Cisco Umbrella Rank: 7160	68 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 870	344 B
2	gstatic.com fonts.gstatic.com	29 KB
2	e-planning.net 1 redirects pbjs.e-planning.net — Cisco Umbrella Rank: 6386	1 KB
2	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 828	90 KB
2	zmctrack.net s.zmctrack.net — Cisco Umbrella Rank: 132182	24 KB
2	factor.ua analytics.factor.ua reactive.factor.ua	688 B
2	getsitecontrol.com l.getsitecontrol.com — Cisco Umbrella Rank: 17944	2 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 101	32 KB
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 698	438 B
1	travelaudience.com 1 redirects ads.travelaudience.com	522 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1438	583 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2666	104 B
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 488	534 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 794	324 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 492	758 B
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1391	297 B
1	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 6130	178 B
1	adxpremium.services rtb.adxpremium.services — Cisco Umbrella Rank: 7456	934 B
1	adpartner.pro 1 redirects a4p.adpartner.pro — Cisco Umbrella Rank: 49976	258 B
1	trafmag.com t.trafmag.com — Cisco Umbrella Rank: 13048	351 B
1	loadercdn.net loadercdn.net — Cisco Umbrella Rank: 269802	169 B
1	jsonip.com jsonip.com — Cisco Umbrella Rank: 22780	451 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 403	12 KB
425	60

	Domain	Requested by
53	buhgalter.com.ua	1 redirects buhgalter.com.ua
34	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com buhgalter.com.ua googleads.g.doubleclick.net 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
33	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com buhgalter.com.ua googleads.g.doubleclick.net www.googletagservices.com 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
32	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
23	secure-ds.serving-sys.com	fw.adsafeprotected.com secure-ds.serving-sys.com b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
18	dt.adsafeprotected.com	b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
14	static.xx.fbcdn.net	www.facebook.com static.xx.fbcdn.net
11	www.google.com	1 redirects buhgalter.com.ua tpc.googlesyndication.com b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
11	googleads.g.doubleclick.net	www.googleadservices.com b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com buhgalter.com.ua 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
10	fastlane.rubiconproject.com	player.adtelligent.com
10	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net buhgalter.com.ua
8	px.moatads.com	19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
8	www.googletagservices.com	buhgalter.com.ua securepubads.g.doubleclick.net b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com ad.invamia.com 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
7	s0.2mdn.net	buhgalter.com.ua b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com s0.2mdn.net secure-ds.serving-sys.com
7	ad.invamia.com	securepubads.g.doubleclick.net ad.invamia.com
7	cdn.gravitec.net	buhgalter.com.ua cdn.gravitec.net
6	cdn.flashtalking.com	servedby.flashtalking.com cdn.flashtalking.com
6	www.google.co.uk	buhgalter.com.ua
6	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com buhgalter.com.ua
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	www.facebook.com	buhgalter.com.ua connect.facebook.net
5	ghb.adtelligent.com	player.adtelligent.com
5	connect.facebook.net	buhgalter.com.ua www.googletagmanager.com connect.facebook.net
4	ups.analytics.yahoo.com	3 redirects googleads.g.doubleclick.net
4	pixel.advertising.com	4 redirects
4	gum.criteo.com	2 redirects static.criteo.net
4	static.doubleclick.net
4	image6.pubmatic.com	4 redirects
4	googleads4.g.doubleclick.net	googleads.g.doubleclick.net buhgalter.com.ua
4	sync.search.spotxchange.com	3 redirects googleads.g.doubleclick.net
4	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
4	player.adtelligent.com	buhgalter.com.ua player.adtelligent.com
3	mug.criteo.com
3	static.adsafeprotected.com	b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com pixel.adsafeprotected.com
3	bs.serving-sys.com	b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com secure-ds.serving-sys.com
3	pixel.rubiconproject.com	3 redirects
3	rtb.openx.net	b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
3	cms.quantserve.com	2 redirects b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
3	ib.adnxs.com	1 redirects player.adtelligent.com googleads.g.doubleclick.net
3	adservice.google.com	securepubads.g.doubleclick.net
3	adservice.google.co.uk	securepubads.g.doubleclick.net
3	fonts.googleapis.com	buhgalter.com.ua tpc.googlesyndication.com s0.2mdn.net
3	www.googletagmanager.com	buhgalter.com.ua www.googletagmanager.com
2	lm.serving-sys.com	secure-ds.serving-sys.com
2	19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	pixel.everesttech.net	2 redirects
2	static.criteo.net	player.adtelligent.com static.criteo.net
2	e.dlx.addthis.com	2 redirects
2	unpkg.com	ad.invamia.com
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	pixel.adsafeprotected.com	b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
2	fw.adsafeprotected.com	1 redirects b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	pbjs.e-planning.net	1 redirects buhgalter.com.ua
2	hbopenbid.pubmatic.com	player.adtelligent.com
2	sync.adtelligent.com	1 redirects buhgalter.com.ua
2	use.fontawesome.com	buhgalter.com.ua use.fontawesome.com
2	s.zmctrack.net	buhgalter.com.ua
2	l.getsitecontrol.com	buhgalter.com.ua l.getsitecontrol.com
2	www.googleadservices.com	buhgalter.com.ua www.googletagmanager.com
1	secure.flashtalking.com	19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
1	s.ad.smaato.net	1 redirects
1	ads.travelaudience.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	s.tribalfusion.com	19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	dclk-match.dotomi.com	19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
1	r.turn.com	19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
1	ad.turn.com	1 redirects
1	z.moatads.com	cdn.flashtalking.com
1	id5-sync.com	player.adtelligent.com
1	servedby.flashtalking.com	19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
1	odr.mookie1.com	b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
1	data00.adlooxtracking.com	j.adlooxtracking.com
1	d.agkn.com	1 redirects
1	ag.innovid.com	b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
1	j.adlooxtracking.com	googleads.g.doubleclick.net
1	ads.yahoo.com	googleads.g.doubleclick.net
1	scontent-lcy1-1.xx.fbcdn.net	www.facebook.com
1	reactive.factor.ua	cdn.jsdelivr.net
1	prebid-eu.creativecdn.com	player.adtelligent.com
1	htlb.casalemedia.com	player.adtelligent.com
1	rtb.adxpremium.services	player.adtelligent.com
1	bidder.criteo.com	player.adtelligent.com
1	ghb1.adtelligent.com	player.adtelligent.com
1	a4p.adpartner.pro	1 redirects
1	t.trafmag.com	buhgalter.com.ua
1	loadercdn.net	buhgalter.com.ua
1	analytics.google.com	www.googletagmanager.com
1	jsonip.com	buhgalter.com.ua
1	analytics.factor.ua	buhgalter.com.ua
1	id.gravitec.net	cdn.gravitec.net
1	cdn.jsdelivr.net	buhgalter.com.ua
425	96

This site contains links to these domains. Also see Links.

Domain
i.factor.ua
factor.academy
buhgalter911.com
reklama.factor.ua
bit.ly
fit.com.ua
factor.media

Subject Issuer	Validity	Valid
buhgalter.com.ua Sectigo RSA Domain Validation Secure Server CA	`2021-11-08` - `2022-11-08`	a year	crt.sh
*.gravitec.net AlphaSSL CA - SHA256 - G2	`2022-03-22` - `2023-04-23`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-03` - `2022-07-02`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.getsitecontrol.com Go Daddy Secure Certificate Authority - G2	`2020-03-05` - `2022-05-04`	2 years	crt.sh
player.adtelligent.com R3	`2022-03-21` - `2022-06-19`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-02` - `2022-04-02`	3 months	crt.sh
*.factor.ua Sectigo RSA Domain Validation Secure Server CA	`2021-12-28` - `2022-12-28`	a year	crt.sh
s.zmctrack.net Sectigo RSA Domain Validation Secure Server CA	`2021-04-21` - `2022-04-25`	a year	crt.sh
jsonip.com R3	`2022-03-16` - `2022-06-14`	3 months	crt.sh
ghb.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2022-02-06` - `2022-05-07`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.google.co.uk GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
loadercdn.net R3	`2022-02-11` - `2022-05-12`	3 months	crt.sh
*.google.co.uk GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
ghb1.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2022-02-09` - `2022-05-10`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
*.adxpremium.services Sectigo RSA Domain Validation Secure Server CA	`2021-08-05` - `2022-09-05`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
ad.invamia.com R3	`2022-01-30` - `2022-04-30`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
teads.tv R3	`2022-03-23` - `2022-06-21`	3 months	crt.sh
ui.aps.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-21` - `2022-05-11`	2 months	crt.sh
*.adlooxtracking.com R3	`2022-02-07` - `2022-05-08`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.innovid.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-15` - `2023-04-15`	a year	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-02` - `2022-05-03`	3 months	crt.sh
dt.adsafeprotected.com Amazon	`2021-04-22` - `2022-05-21`	a year	crt.sh
secure-ds.serving-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-05` - `2023-03-08`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-27` - `2023-02-24`	a year	crt.sh
lm.serving-sys.com Amazon	`2022-02-15` - `2023-03-16`	a year	crt.sh
bs.serving-sys.com Amazon	`2021-05-10` - `2022-06-08`	a year	crt.sh
cdn.flashtalking.com DigiCert SHA2 Secure Server CA	`2021-05-25` - `2022-06-02`	a year	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh

This page contains 39 frames:

Primary Page: https://buhgalter.com.ua/
Frame ID: CC0282D6D82FB14CADE9F5291C7C2B6E
Requests: 237 HTTP requests in this frame

Frame: https://id.gravitec.net/
Frame ID: 5FC767E3D07D66FD35C99FE60208843B
Requests: 1 HTTP requests in this frame

Frame: https://s.zmctrack.net/z
Frame ID: 1F76A2545758A94B4973E104302EE6EB
Requests: 1 HTTP requests in this frame

Frame: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 09E220F51C95EAB0D8ADFD30F54DBDED
Requests: 1 HTTP requests in this frame

Frame: https://s.zmctrack.net/z
Frame ID: F4DC57364BF6C44080F3D6B678BF2D04
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 4CCEC65ACE96554F944EC860E5B37A91
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v3.2/plugins/group.php?app_id=1264355410382750&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df94b7cbc252df4%26domain%3Dbuhgalter.com.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fbuhgalter.com.ua%252Ff1199fb2f43bd1c%26relation%3Dparent.parent&container_width=250&href=https%3A%2F%2Fwww.facebook.com%2Fgroups%2Fbuhgalter.com.ua%2F&locale=uk_UA&sdk=joey&show_metadata=false&show_social_context=true&width=250
Frame ID: 5A30CBE930CD04B6C6763778C0473D3A
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6709EC1A9CD5E9783A0297084509F9F4
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5EF9EE63BB354C4824736A750DF911CC
Requests: 2 HTTP requests in this frame

Frame: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D10FA538328A314C19236799DA689639
Requests: 17 HTTP requests in this frame

Frame: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 01365BD1E4AFF3172ED184974B9A4FBB
Requests: 1 HTTP requests in this frame

Frame: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A1F26953B37465E58D406DC71ACEC61B
Requests: 41 HTTP requests in this frame

Frame: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 24B59F9B60C15C2633FDE75B2F4BA5D6
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv6Pakk0lQJUIY-C1NgYf_mxpcD3UJlxXM3ietMk9I3xaW4xX04ZyE0ekDHurv2F4VaddTkO3XS9oEqJn5IG-1jfAf6nOc-sHZgFecpmSh1DPHW5mCxzA7nS-2bIWELsD_pj7abt_zYgSOrSFd8Xzkp8svYfjwF2WZPXd3sWnVO8OhzF18URkknpb7iX75ELj6ZyC1gvLWIw7zK0vCNtSkyWaA_J3e6aFGDfYJHviI-uHujq80CVvOXpYCVcWsB6nfBR5azgCDmX1pbx2hO4fuamGwcn9N6NcUvJIwYPp54gZr7lmcCsJ16GgMfhvZ88iLEF07_ntQ&sig=Cg0ArKJSzMoD9nI-UwHhEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: E829C7C460831413415B5B0D3B976A5D
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbsERDvjosCGLDprsQBMAE&v=APEucNVKDrI2MlIl-JHjrmMMMmgZHBXLI67pj5HNJ__HiKpHF53rydcCaipXUV9PhZZtKEcmZaqUaYz7iCJHyBPhLYBsZ1IyB0nQ7M5yYsmlvXw4fUzaF3h_clWFgBjvH51kfOOnnySKtb1-E-DHh-RH9N9H6s3aHOd1g9YCC8s86uzoEBxbiEc
Frame ID: 51DA45B2E41C3CC7B6FA5733AB337C45
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6tv8YCEKjp3uQCGMzA9sIBMAE&v=APEucNUUVe-p_sNvPGGhHMWYLMSKy9rveEjcJNJKeVhZJ8k15R1w5PWJjb7KCsbRiaeccFGT4FnLpV2f8YlvCq0kACa5CArbcqI3gv2Lp0kWi9_wM9JOnm5oerX_37eELO-nXj7JtseknvHlod1ISBAA8KvvMPoysjutzWZEB8_PEzCCS3g2-PI
Frame ID: 4885355E30C0A1863045BFB85BE8D399
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Frame ID: 8A564F69F28CC2FC63031601ECA856C5
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCsqIyVAxjv0qLCATAB&v=APEucNVKZIMeUjRTz0lQkvjPAL7z3pNyUo2NvCsdKOdZJ_-6fiGW35ETU7GoomI-YrimCQla6NKyo9oDAWPSRfGjdzjvH3NUcg8NrF8HP9WmayaGv-KTD0lhc6Hnl91ThcVJbBvh7yAer8Yfsk6Ejv8FnRBr1xQVMqVMjqeKfpCd0oSydZa19Qg
Frame ID: C822F71ADA18854C12C8ACBEC67F5124
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/index.html
Frame ID: 5CC970E3C95063E4031909B586787ECD
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 936DAA7F4C58F701A3E65B4727A78689
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 61C9771D528CADFABB1BF16A55144A9A
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E9C12F8670294231672DF971F8D20DB9
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 945F6DA32D67E79946BD31C25827D3A2
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8CFAE265FC82F5AAA5BEE87BE028100A
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: DB1C626EBDC2FEBC191BE149181FB6F0
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15654399513907747201/index.html
Frame ID: 08788AAD28F9F7891ABB446D8D68D5B0
Requests: 6 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 12421C75943FB1D39FA1F177E680D04F
Requests: 1 HTTP requests in this frame

Frame: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 82226CED4CE446805497AAC54B7A92AD
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=buhgalter.com.ua
Frame ID: 007B682CC09CCAE774A99DD99900308A
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C9839F86AC34EAACA5489AB3537CD714
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BDA03F37C06143338E5B76199550F95C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2C10076A156BB6F90C634A4C64B8C861
Requests: 2 HTTP requests in this frame

Frame: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 7704A1CBE8D21F5995FA2950C616428D
Requests: 24 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 92FA06A42082EF0287A68F6B2C106603
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPwBENm9sbICGMSfq8IBMAE&v=APEucNWMCrsR0eNIOdxa3CsZFF01PUcEX-xlThvgxxSwdCf4LmxJM8AMiVZeRuxfyDU--_-k1mFzYFFgjyLL6I2BaTn78pRR5l2k67dzNO0xg7NcksDK-roHyOGxxTP0TQ7DdgeSyKsOzk7v-dgJmnfHRoCTFEsmX03jFHGYZDoGsJG2o94S4Ck
Frame ID: B7E43782874F6910DDAF9E51078480BE
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 237D0D58A67B1A382DD5F83F14023F52
Requests: 3 HTTP requests in this frame

Frame: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/index.html?v=_2_147_1_0&n=1&sHost=secure-ds.serving-sys.com&clickTag=https%3A//secure-ds.serving-sys.com/BurstingCachedScripts//ReportPage_2_12_4_0.html%3FebReportURL%3Dhttps%253A//bs.serving-sys.com/Serving/adServer.bs%253Fcn%253Dbrd%2526PluID%253D0%2526Pos%253D7829839445187556%2526EyeblasterID%253D1086325990%2526dg%253D1076790780%2526dgo%253D1076790780%2526di%253D0%2526pc%253D%2526sessionid%253D6314393124380863953%2526usercookie%253Du2%253Da2770763-24a2-475d-956b-7c1e9a854314%2526OptOut%253D0%2526gdprpurposes%253D1023%2526ebReferrer%253Dhttps%25253A%25252F%25252Fb5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com%25252Fsafeframe%25252F1-0-38%25252Fhtml%25252Fcontainer.html%2526ncu%253Dhttps%25253A%25252F%25252Fgoogleads.g.doubleclick.net%25252Fdbm%25252Fclk%25253Fsa%25253DL%252526ai%25253DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%252526ae%25253D1%252526num%25253D1%252526cid%25253DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%252526sig%25253DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%252526client%25253Dca-pub-8618771545316321%252526dbm_c%25253DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%252526cry%25253D1%252526dbm_d%25253DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%252526adurl%25253D%24%24ebImpressionID%3D7829839445187556%24%24ctick%3D1648287261675%24%24ebTURLs%3D%5B%22https%3A//googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%26sig%3DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%26client%3Dca-pub-8618771545316321%26dbm_c%3DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%26cry%3D1%26dbm_d%3DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%26adurl%3D%22%5D
Frame ID: 25C5BFF5A93C882F6FD3BA4D93E79DC7
Requests: 20 HTTP requests in this frame

Frame: https://cdn.flashtalking.com/142462/3451578/index.html
Frame ID: 5A297C467134585FC76F15000EF03D39
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0CEDCDEADF0E6DFB2439E6A4C738655E
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Сайт для бухгалтерів бюджетних установ

Page URL History Show full URLs

http://buhgalter.com.ua/ HTTP 301
https://buhgalter.com.ua/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Sizmek (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

serving-sys\.com/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

425
Requests

90 %
HTTPS

42 %
IPv6

60
Domains

96
Subdomains

76
IPs

10
Countries

4340 kB
Transfer

11277 kB
Size

87
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://i.factor.ua/?utm_source=all-sites&utm_medium=top-menu&utm_campaign=from-top-menu
Title: Factor Електронні версії бухгалтерських журналів

Search URL Search Domain Scan URL

URL: https://factor.academy/?utm_source=all-sites&utm_medium=top-menu&utm_campaign=from-top-menu
Title: FactorAcademy Онлайн курси, вебінари для бухгалтера

Search URL Search Domain Scan URL

URL: https://buhgalter911.com/?utm_source=all-sites&utm_medium=top-menu&utm_campaign=from-top-menu
Title: Бухгалтер 911 Бухгалтерський облік, оподаткування, звітність

Search URL Search Domain Scan URL

URL: https://reklama.factor.ua/?utm_source=all-sites&utm_medium=top-menu&utm_campaign=from-top-menu
Title: РЕКЛАМОДАВЦЯМ

Search URL Search Domain Scan URL

URL: https://bit.ly/2Xc9ih4
Title: Відео

Search URL Search Domain Scan URL

URL: https://fit.com.ua/?utm_source=buhgalter.com.ua&utm_medium=top-menu&utm_campaign=fit-budget-2
Title: FIT-Бюджет

Search URL Search Domain Scan URL

URL: https://i.factor.ua/journals/bb/about.html
Title: Передплатити журнал

Search URL Search Domain Scan URL

URL: https://bit.ly/2TJ43qe
Title: Архів чату

Search URL Search Domain Scan URL

URL: https://factor.media/

Search URL Search Domain Scan URL

URL: https://i.factor.ua/ukr/journals/bb/

Search URL Search Domain Scan URL

URL: https://i.factor.ua/ukr/journals/ms/

Search URL Search Domain Scan URL

URL: https://i.factor.ua/ukr/journals/ot/

Search URL Search Domain Scan URL

URL: https://bit.ly/3eOTfff

Search URL Search Domain Scan URL

URL: https://bit.ly/2XoPSWH

Search URL Search Domain Scan URL

URL: https://bit.ly/2XonSCj

Search URL Search Domain Scan URL

URL: https://bit.ly/3f7scvI

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://buhgalter.com.ua/ HTTP 301
https://buhgalter.com.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 122

https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D HTTP 302
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=266963a8e94f3971

Request Chain 123

https://a4p.adpartner.pro/ssp/match?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307558%26extuid%3D%7Buser_id%7D HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=862e0bfe-f5f0-4e88-9214-fcde1ac89423

Request Chain 143

https://pbjs.e-planning.net/pbjs/1/2e43c/1/buhgalter.com.ua/ROS?rnd=0.2650883950044538&e=728x90_0%3A728x90%2C970x90%2C1x1%2B468x60_0%3A468x60%2C610x90%2C620x90%2B160x600_0%3A160x600%2C250x600%2C250x500%2C250x250%2C240x400%2C240x500%2C250x400%2B160x600_1%3A160x600%2C250x600%2C250x500%2C250x250%2C240x400%2C240x500%2C250x400%2B970x90_0%3A970x90%2C1420x90%2C1420x180&ur=https%3A%2F%2Fbuhgalter.com.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFFFF&crs=UTF-8&fr=https%3A%2F%2Fbuhgalter.com.ua%2F&e_pubcid=12fad5dc-9841-48a9-b8c6-d3e06e87b69d HTTP 302
https://pbjs.e-planning.net/hb/1/2e43c/1/buhgalter.com.ua/ROS?ct=1&r=pbjs&rnd=0.2650883950044538&e=728x90_0%3A728x90%2C970x90%2C1x1%2B468x60_0%3A468x60%2C610x90%2C620x90%2B160x600_0%3A160x600%2C250x600%2C250x500%2C250x250%2C240x400%2C240x500%2C250x400%2B160x600_1%3A160x600%2C250x600%2C250x500%2C250x250%2C240x400%2C240x500%2C250x400%2B970x90_0%3A970x90%2C1420x90%2C1420x180&ur=https%3A%2F%2Fbuhgalter.com.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFFFF&crs=UTF-8&fr=https%3A%2F%2Fbuhgalter.com.ua%2F&e_pubcid=12fad5dc-9841-48a9-b8c6-d3e06e87b69d

Request Chain 294

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIPfkn-BRzmCcP3ra6bdryk&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIPfkn-BRzmCcP3ra6bdryk&google_cver=1&C=1

Request Chain 295

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yj7eHFaybP9gPUY3oi5abgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIPfkn-BRzmCcP3ra6bdryk&google_cver=1

Request Chain 296

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPjXw6F2Othx7QmJQXhkFY8&google_cver=1

Request Chain 297

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ4NjgyNDczNDMzNTYzNjg5OQ%3D%3D

Request Chain 301

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMexOXAHvl7YUTXMTCZAdmU&google_cver=1

Request Chain 303

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEPj7R_aQFb5vty-LJanYlE4&google_cver=1

Request Chain 308

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENYMTERgWSmM8k-QvmwpfJo&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENYMTERgWSmM8k-QvmwpfJo&google_cver=1&__user_check__=1&sync_id=e9f64460-ace7-11ec-a4d0-102ad03c0306

Request Chain 309

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=e9eb3582-ace7-11ec-9bb0-1131174c0306 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZTllYjM1M2MtYWNlNy0xMWVjLTliYjAtMTEzMTE3NGMwMzA2

Request Chain 311

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 329

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPLlmxR1uWzZI8K_pdBuYqjP-gWzhHmIyYW2YAA-aLsEykuHMbrUV2Y5o5LDn6KJ0zBN6b0NhAV8n0Wswo7KUVYOU0TR6Iql&google_gid=CAESECiO2g4MZ_9ICbV12E71ETE&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPLlmxR1uWzZI8K_pdBuYqjP-gWzhHmIyYW2YAA-aLsEykuHMbrUV2Y5o5LDn6KJ0zBN6b0NhAV8n0Wswo7KUVYOU0TR6Iql&google_gid=CAESECiO2g4MZ_9ICbV12E71ETE&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAzMjYwOTM0MjAwMDAzMDM1NzE3MjU3NA%3D%3D&google_push=AYg5qPLlmxR1uWzZI8K_pdBuYqjP-gWzhHmIyYW2YAA-aLsEykuHMbrUV2Y5o5LDn6KJ0zBN6b0NhAV8n0Wswo7KUVYOU0TR6Iql

Request Chain 331

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOB-bsI-yBMqefS-EEjnkLg&google_cver=1&google_push=AYg5qPJ25K0eDJ2NTsArlmzsJadSxDQoWizsnR-A2QqtaP-uZL8x__lxKX8S9FtnlJG0Kubggu2X7wtAvg_hEUc_mDHDxuNzN4Mx HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOB-bsI-yBMqefS-EEjnkLg&google_cver=1&google_push=AYg5qPJ25K0eDJ2NTsArlmzsJadSxDQoWizsnR-A2QqtaP-uZL8x__lxKX8S9FtnlJG0Kubggu2X7wtAvg_hEUc_mDHDxuNzN4Mx&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=uEpm240MS7WiMiktcAQOjA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ25K0eDJ2NTsArlmzsJadSxDQoWizsnR-A2QqtaP-uZL8x__lxKX8S9FtnlJG0Kubggu2X7wtAvg_hEUc_mDHDxuNzN4Mx

Request Chain 332

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEETJ42rYOX8bnVwJB9ux7ho&google_cver=1&google_push=AYg5qPI6KtMmoMuCvzDNT1Tewap7ScKwUDDTV4QHn_hlqls1gUrwoCO9AWG3A3oWpHvmTxjWcR6iS_CtN-oeJuTsmMj2EEuqcds HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDE3Tk9DSEctMTAtSktVUw==&google_push=AYg5qPI6KtMmoMuCvzDNT1Tewap7ScKwUDDTV4QHn_hlqls1gUrwoCO9AWG3A3oWpHvmTxjWcR6iS_CtN-oeJuTsmMj2EEuqcds

Request Chain 333

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo

Request Chain 343

https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/958741/61007899/Serving/adServer.bs?c=28&cn=display&pli=1077596117&gdpr=&gdpr_consent=&w=250&h=250&ord=1648287259095059&ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%26sig%3DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%26client%3Dca-pub-8618771545316321%26dbm_c%3DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%26cry%3D1%26dbm_d%3DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%26adurl%3D$$&ifrm=-1&ebaddid=$$[Device_Advertising_ID_MACRO]$$&z=0&adsafe_url=https%3A%2F%2Fbuhgalter.com.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fb5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fb5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:6cc4dcd4-fb3c-9059-c9da-214cb7ba7c94,c:7XuK1r,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67cb66fbd5-x7nvk,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:2,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C182%7C183%7C1911%7C1912%7C1913%7C1914%7C1a*.958741-61007899%7C1a1%7C1a2%7C1b1%7C1b2%7C1b3%7C1c,idMap:1a*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:20,oid:e9d9a384-ace7-11ec-b187-6ab2fcee59df,v:19.8.299,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1077596117&gdpr=&gdpr_consent=&w=250&h=250&ord=1648287259095059&ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%26sig%3DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%26client%3Dca-pub-8618771545316321%26dbm_c%3DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%26cry%3D1%26dbm_d%3DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%26adurl%3D$$&ifrm=-1&ebaddid=$$[Device_Advertising_ID_MACRO]$$&z=0

Request Chain 350

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECTKbxGQS9CCmAF1BWzImrI&google_cver=1&google_push=AYg5qPK1sv18x1jr-0SRIldkkMm_QQQj18QsUzWbKgmMAoI-3BtMnidvTWMz1ID6dLztUHajjAR_u1kvW9lDBPCb9ov2Ef8Sww HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPK1sv18x1jr-0SRIldkkMm_QQQj18QsUzWbKgmMAoI-3BtMnidvTWMz1ID6dLztUHajjAR_u1kvW9lDBPCb9ov2Ef8Sww&google_hm=Uaq56NGayPd668uoGHEKxw

Request Chain 351

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJ5zhZZ9sR9wBMe_XGsff2HBSDrA5yEHiB_5b1KLUVMeSHkuEHDrm60cmhr7A-4mY0aH9RgIVPL9KkhESVaznb4M-nL9co&google_gid=CAESEMnQZAMkiE5f0tfMpCYHWt0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWo3ZUhBQUFCU1hlM1YxRQ&google_push=AYg5qPJ5zhZZ9sR9wBMe_XGsff2HBSDrA5yEHiB_5b1KLUVMeSHkuEHDrm60cmhr7A-4mY0aH9RgIVPL9KkhESVaznb4M-nL9co

Request Chain 352

https://d.agkn.com/pixel/2175/?google_gid=CAESEKY5rPhc-81dAYtl9-OBCgw&google_cver=1&google_push=AYg5qPLcNLg8eWBQEZGoxY0Eiby7q8GqMPQ5NWQv36wldhGjjGo9NpsN_5ZFvfjwr_9mG2ZYMnmcKYA7bG-M0y1uRmwpm9Oych8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLcNLg8eWBQEZGoxY0Eiby7q8GqMPQ5NWQv36wldhGjjGo9NpsN_5ZFvfjwr_9mG2ZYMnmcKYA7bG-M0y1uRmwpm9Oych8&google_hm=Q0FFU0VLWTVyUGhjLTgxZEFZdGw5LU9CQ2d3

Request Chain 354

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOB-bsI-yBMqefS-EEjnkLg&google_cver=1&google_push=AYg5qPJ4z1FViYihJGlTUM6zNFe31iUgUPe-53iFMyGvEILFwm8ur7MQpPzQH_78EWv5pwN44cmZZ15J1noqQy4ioqLRzIO2gPo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=uEpm240MS7WiMiktcAQOjA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ4z1FViYihJGlTUM6zNFe31iUgUPe-53iFMyGvEILFwm8ur7MQpPzQH_78EWv5pwN44cmZZ15J1noqQy4ioqLRzIO2gPo

Request Chain 355

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEETJ42rYOX8bnVwJB9ux7ho&google_cver=1&google_push=AYg5qPJU7mAziqYhCoeRCkGV81fbHNKh1F5PjfGkp8h6_8qY2e5JTE_Hh3OqWmKZr-4v5XyPLWpntSXT248vlv585ds09hn4x1E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDE3Tk9DSEctMTAtSktVUw==&google_push=AYg5qPJU7mAziqYhCoeRCkGV81fbHNKh1F5PjfGkp8h6_8qY2e5JTE_Hh3OqWmKZr-4v5XyPLWpntSXT248vlv585ds09hn4x1E

Request Chain 356

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk

Request Chain 402

https://gum.criteo.com/sid/json?origin=publishertag&domain=buhgalter.com.ua&sn=ChromeSyncframe&so=0&topUrl=buhgalter.com.ua&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=w0cn8HxxYThQWlhQM2ZXNHVCQTNmeXg5UGpGckhVR2IrQ0crQytHVFNoaUFPNVUvYXRqNGZ5bDd1elB6UXQ1Q0Zwc0wyT0ZqVytJN2VvTFdBa1hGSnRSYUVqZXR1YW1lNWRaaWJrMHhKTHczMXpMQ2djVFZicE9qdDNad1ZzenBOaXJyNEZMVURSMHVpRjJtSEpXM0JNMEFBRDNYaVhNUXdTMC9UbG01MFNYTkQ4Q2lNZWNDTjk5Sjh2NkJLZmJxbGR4Z3BUOU0wRGw1SWVIaGZLcmh6bjFHZUJhaHVjblR3cmdmSGJmS0J6TzVaWW1kQ3lpemo4c28vWnplY0IyWkNQakRCQ3VCcnNadXFvV3JUZTZ4WjVzbE1lQT09fA&cppv=2

Request Chain 418

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECTKbxGQS9CCmAF1BWzImrI&google_cver=1&google_push=AYg5qPLU4h_v3Sa9u5TRdoA7tSGg90Y0gNXs7OHuQ4ZjEjcTkHlZDhbk1YhMjLhYr1z8rM7w3fza2rKV6QdJIJZdgbg3A3eWs3U HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLU4h_v3Sa9u5TRdoA7tSGg90Y0gNXs7OHuQ4ZjEjcTkHlZDhbk1YhMjLhYr1z8rM7w3fza2rKV6QdJIJZdgbg3A3eWs3U&google_hm=Uaq56NGayPd668uoGHEKxw

Request Chain 419

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPL0VdyE8jPrQ6Qk7RSWB7vNRqtM-exA6tc1DwVJyx7kTO8GKobAT2Z0b9ipFVYAqdZqmPwpbBxFwgEU8TBUxTTDXiuaUC0&google_gid=CAESEMnQZAMkiE5f0tfMpCYHWt0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWo3ZUhRQUFBR0dqTmp4Qg&google_push=AYg5qPL0VdyE8jPrQ6Qk7RSWB7vNRqtM-exA6tc1DwVJyx7kTO8GKobAT2Z0b9ipFVYAqdZqmPwpbBxFwgEU8TBUxTTDXiuaUC0

Request Chain 422

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOB-bsI-yBMqefS-EEjnkLg&google_cver=1&google_push=AYg5qPI6L3R394w969un3231s9KnDRS5b6UlF5AHAD3162jqZEG47_SGL_e7VKdjmZI-bUSnLVq_cuj_tSYrf9gJM1lfG35kSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=uEpm240MS7WiMiktcAQOjA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI6L3R394w969un3231s9KnDRS5b6UlF5AHAD3162jqZEG47_SGL_e7VKdjmZI-bUSnLVq_cuj_tSYrf9gJM1lfG35kSA

Request Chain 423

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEETJ42rYOX8bnVwJB9ux7ho&google_cver=1&google_push=AYg5qPKd8BRbKGfik0f70g9LFOKIkFiEhGZuAQTRswY3cOrhKY7jcFHw9ASmCV8K0--uMBs1QeURVy60Vwrig47J0OmeLPjpYfQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDE3Tk9DSEctMTAtSktVUw==&google_push=AYg5qPKd8BRbKGfik0f70g9LFOKIkFiEhGZuAQTRswY3cOrhKY7jcFHw9ASmCV8K0--uMBs1QeURVy60Vwrig47J0OmeLPjpYfQ

Request Chain 424

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo

Request Chain 435

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1 HTTP 302
https://pixel.advertising.com/ups/55946/sync?uid=CAESEPHztHYYeBXmw-M4eBDQdpw&_origin=1&google_cver=1 HTTP 302
https://pixel.advertising.com/ups/55946/sync?uid=CAESEPHztHYYeBXmw-M4eBDQdpw&_origin=1&google_cver=1&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEPHztHYYeBXmw-M4eBDQdpw&_origin=1&google_cver=1&apid=UPeaabc126-ace7-11ec-a3a7-0670dee0be50

Request Chain 436

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true HTTP 302
https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UPeaabc0c9-ace7-11ec-8cf2-028b24df2e74 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBlYWFiYzBjOS1hY2U3LTExZWMtOGNmMi0wMjhiMjRkZjJlNzQ%3D

Request Chain 437

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1hdlFTaDVCRTJ1R1FjV2lUVzZxS3dGY1kuOXJfR0p5Vn5B

Request Chain 453

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fbuhgalter.com.ua%2F&domain=buhgalter.com.ua&cw=1&pbt=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=S0J3Q3xhUU5NelQzRVlZWjArVDhiSzBtWU9nak1OMTR4bHdxUExsWTdmTmdaU2ZXb21VZy9iTEVMdXdVY0NjZm92UUxEbmFDTGRVYXVVVEMwVTFKVjNWRmcweEl0K3JBNTJicWp1RTg5cFJ1UlE2Y0R6R1loV2VLeEU1ckdPRE11RngwKzlnbmJEWlJwZk9OeWRidk02bXkrOWI5Q3M1VEhVMGNkU3RLTklMdkNmaWtnYm0yMTZicUxiWHhFaE9Cemh0VEZMejlLWWdVK3QxWm92ZkRRc1BZMEhxZEllWUtRQlRLRlcrZE1DZE5JR3NZNnBWbjYrM1ZsYWFhd0JLWVhGdzBBaDZxcTFKU0IyNXRJQWIxSVVNYWxRZz09fA&cppv=2

Request Chain 466

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBx8YyGOeP9iepC45X6102o&google_cver=1&google_push=AYg5qPICvSR2bxFsYaGjuTRT-C4IfwH8jJODVVtQ3fHJJ0i80ixfTqCHhkI0UCFA_ry8tin6OJDT1L5nwxODMjL2wMVuCOCPR_Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Nzc4MzY2MjQ3NTk1MjgxMDgwMg==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBx8YyGOeP9iepC45X6102o&google_cver=1

Request Chain 468

https://a.tribalfusion.com/i.match?p=b6&u=CAESEDKG_i1zgjYsNkKsYZM36cg&google_cver=1&google_push=AYg5qPJy7gfVSoA1AQd0v8GVNPJDXmFlAGHedbxb62gvfuGdFWzNKa7KPCEBIvxgLOQdh5EJsTwMLQnqae3y_IAwpg4h0n8X0XA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJy7gfVSoA1AQd0v8GVNPJDXmFlAGHedbxb62gvfuGdFWzNKa7KPCEBIvxgLOQdh5EJsTwMLQnqae3y_IAwpg4h0n8X0XA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDKG_i1zgjYsNkKsYZM36cg&google_cver=1&google_push=AYg5qPJy7gfVSoA1AQd0v8GVNPJDXmFlAGHedbxb62gvfuGdFWzNKa7KPCEBIvxgLOQdh5EJsTwMLQnqae3y_IAwpg4h0n8X0XA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJy7gfVSoA1AQd0v8GVNPJDXmFlAGHedbxb62gvfuGdFWzNKa7KPCEBIvxgLOQdh5EJsTwMLQnqae3y_IAwpg4h0n8X0XA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 469

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEFviEHuyQHTu0hF_cw8wCMw&google_cver=1&google_push=AYg5qPLDpD8-m61P_1GbeoLZeGcWyDasBk1tRJtJrQYpJesnIXOY01TZ7b4Aa5_zSs-0WhoIifHHmJ8sgUMoqUWTnB-asI_F6Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFviEHuyQHTu0hF_cw8wCMw&google_push=AYg5qPLDpD8-m61P_1GbeoLZeGcWyDasBk1tRJtJrQYpJesnIXOY01TZ7b4Aa5_zSs-0WhoIifHHmJ8sgUMoqUWTnB-asI_F6Q

Request Chain 470

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEHu_ePDP5jwywM75MwvDIls&google_cver=1&google_push=AYg5qPKDuDLdpRvtaQze6lqvjvoXYxSAY458WsvQLl-3NEEIxcqOlBJFaAxxu3_MqyJMJh88KdrJ4NsQgwwpx2-BHWfkcJUEztk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA3OTMzOTg4NDcxMDA2NjMxNg%3D%3D&google_push=AYg5qPKDuDLdpRvtaQze6lqvjvoXYxSAY458WsvQLl-3NEEIxcqOlBJFaAxxu3_MqyJMJh88KdrJ4NsQgwwpx2-BHWfkcJUEztk

Request Chain 471

https://ads.travelaudience.com/google_pixel?google_gid=CAESEN1l5UFGNLTJtGdQqTylFcY&google_cver=1&google_push=AYg5qPIyzuqtORpIk1e3L3Zv7PnvXXCPKF647MobU7mwlQj2Y1HJeOerQILhwOr-jIkfE0JD8KzA9FQ71VoqDhq-7_bsWgh3i14 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=sC9ZBAbkTJefNbMV6ldZ2g2&google_push=AYg5qPIyzuqtORpIk1e3L3Zv7PnvXXCPKF647MobU7mwlQj2Y1HJeOerQILhwOr-jIkfE0JD8KzA9FQ71VoqDhq-7_bsWgh3i14

Request Chain 472

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEOuM_SvHHy4stlDA0we43Xs&google_cver=1&google_push=AYg5qPI9eB4LRsfmPl2UccDyvXkQ7Z9IwHvh9UQohgBUfcF_fxcHXMvPPpve1i58O-EyB2d7dYSqB7ktaKgT-5l8E9XgkieLgw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPI9eB4LRsfmPl2UccDyvXkQ7Z9IwHvh9UQohgBUfcF_fxcHXMvPPpve1i58O-EyB2d7dYSqB7ktaKgT-5l8E9XgkieLgw

425 HTTP transactions
90 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
buhgalter.com.ua/
Redirect Chain

http://buhgalter.com.ua/
https://buhgalter.com.ua/

144 KB
38 KB

490ms
162ms

Document
text/html

136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://buhgalter.com.ua/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),

Reverse DNS

136-144-183-196.colo.transip.net

Software

nginx /

Resource Hash

bda9bd5941bd5b5bf9e180a1800f775e5e8f6ac20b214a60ad0d9874a5e54e5d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15768000; includeSubdomains;
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

server: nginx
date: Sat, 26 Mar 2022 09:34:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, max-age=0 no-transform
expires: Sat, 26 Mar 2022 10:34:17 GMT
strict-transport-security: max-age=15768000; includeSubdomains;
x-xss-protection: 1; mode=block 1; mode=block
last-modified: Thu, 28 May 2020 12:12:45 GMT
x-content-type-options: nosniff nosniff
content-security-policy: upgrade-insecure-requests
x-frame-options: SAMEORIGIN
content-encoding: gzip

Redirect headers

Date: Sat, 26 Mar 2022 09:34:16 GMT
Server: Apache
Strict-Transport-Security: max-age=15768000; includeSubdomains;
x-xss-protection: 1; mode=block
Location: https://buhgalter.com.ua/
Content-Length: 233
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 jquery.min.js Show response
buhgalter.com.ua/assets/templates/base/js/ 94 KB
33 KB 47ms
45ms Script
application/javascript 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/js/jquery.min.js?1548420380
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Fri, 25 Jan 2019 12:46:20 GMT
server: nginx
etag: W/"5c4b051c-1762a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 client.js Show response
cdn.gravitec.net/storage/c77ccd81f8480b85adc1e41419254e96/ 64 KB
18 KB 117ms
57ms Script
application/javascript 45.133.44.4
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/storage/c77ccd81f8480b85adc1e41419254e96/client.js
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: b272da8532a2532b094eb8b01d0c38fac4cb5cbc2a48e620f40cdf886db497a1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Wed, 02 Feb 2022 09:05:19 GMT
server: nginx
etag: W/"61fa494f-100fb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 02 Feb 2022 09:10:07 GMT
cache-control: max-age=10
x-proxy-cache: REVALIDATED

GET
H2 200 subscribe_form.css
buhgalter.com.ua/assets/templates/base/css/ 2 KB
784 B 87ms
86ms Stylesheet
text/css 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/css/subscribe_form.css?1562068831
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: f7ec9f64994c0f12acd8ab801d6709a5373b161d22752d64c316fc4dc6b04026

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Tue, 02 Jul 2019 12:00:31 GMT
server: nginx
etag: W/"5d1b475f-656"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 newsinfocus.css
buhgalter.com.ua/assets/templates/base/css/ 12 KB
6 KB 87ms
86ms Stylesheet
text/css 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/css/newsinfocus.css?v=20210222
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: a4f9fa103935fadea54ea87412c9697a65d9545e2b4d67b3b3f984590c1f0dea

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Thu, 19 Aug 2021 06:46:08 GMT
server: nginx
etag: W/"611dfe30-2fc1"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 main.js Show response
buhgalter.com.ua/assets/templates/base/js/ 28 KB
8 KB 86ms
79ms Script
application/javascript 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/js/main.js?1633614701
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 7d68bf16f9dfd99f7fa09fc4a5eecdac68c35c88acd20d442c69715e0e125ef6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Thu, 07 Oct 2021 13:51:41 GMT
server: nginx
etag: W/"615efb6d-6ff4"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 advert.js Show response
buhgalter.com.ua/assets/templates/base/js/ 2 KB
1 KB 87ms
80ms Script
application/javascript 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/js/advert.js?1482134876
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 22ef740962bc0b112be9cf31438b5f65689bee5ea052a5538cf05d959cd4d96c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Mon, 19 Dec 2016 08:07:56 GMT
server: nginx
etag: W/"5857955c-947"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 custom_branding.css
buhgalter.com.ua/assets/templates/base/css/ 2 KB
798 B 87ms
86ms Stylesheet
text/css 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/css/custom_branding.css?1645010085
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 3061a71d8be14bbf325156cea941da0e53ef184eef60c14331e15b4145b4dc7e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 11:14:45 GMT
server: nginx
etag: W/"620cdca5-90d"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 94 KB
37 KB 248ms
53ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-35985798-1

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9f86760d5ef0b6eca2ba837c9cc86b9b49e4cc4a5af2af2e91439ede78e555d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37578
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 09:34:17 GMT

GET
H2 200 config_accounts.js Show response
buhgalter.com.ua/assets/templates/base/js/ 676 B
885 B 87ms
80ms Script
application/javascript 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/js/config_accounts.js
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: a84684c392beb111f1ffc575860f0fd182e14aa8953829b5655a90cf5094e898

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Thu, 11 Nov 2021 09:07:41 GMT
server: nginx
etag: "618cdd5d-2a4"
content-type: application/javascript
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 676
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 all-sites.js Show response
buhgalter.com.ua/assets/templates/base/js/ 31 KB
7 KB 87ms
80ms Script
application/javascript 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/js/all-sites.js?v=18012022
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 44efff41d0d15b2c8a71e9b0363c1da9b56af5b022813522d3495f6bccc29855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Tue, 18 Jan 2022 07:37:42 GMT
server: nginx
etag: W/"61e66e46-7beb"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 buy-access.css
buhgalter.com.ua/assets/templates/base/css/ 14 KB
3 KB 87ms
86ms Stylesheet
text/css 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/css/buy-access.css?v=20210310-5799
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 311f12283591ddf862c5164f47f2b1cff87aa739385d785b9a7d37f61dfbf5f3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Thu, 29 Apr 2021 07:26:39 GMT
server: nginx
etag: W/"608a5faf-39e0"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 subscribe_form_newsone.css
buhgalter.com.ua/assets/templates/base/css/ 7 KB
2 KB 87ms
86ms Stylesheet
text/css 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/css/subscribe_form_newsone.css?v=20210423
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: f4a200874570c195f6c49b82b17fe002032c87eb697b19c70f5c049b32bb2b91

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Fri, 30 Apr 2021 08:01:23 GMT
server: nginx
etag: W/"608bb953-1b04"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 env_icon.png
buhgalter.com.ua/assets/templates/base/images/ 749 B
949 B 87ms
81ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/env_icon.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: b31fe2b6af2b697209125a16140b060c511bdec34f3ea28c8c56976beacdaefb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Mon, 13 Apr 2020 08:20:47 GMT
server: nginx
etag: "5e9420df-2ed"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 749
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 sockjs.min.js Show response
cdn.jsdelivr.net/sockjs/0.3.4/ 33 KB
12 KB 253ms
55ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/sockjs/0.3.4/sockjs.min.js

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4b6d898c081feaaf31175668b7a4837cf08ee6480fce388cbb93fc710646d07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 431868
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19136-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"845f-2xqGtL6IkSLNx0THukpBdUC8xho"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6f1ee3c0291bcc42-ZRH

GET
H2 200 factor-logo-green.png
buhgalter.com.ua/assets/templates/base/images/ 2 KB
2 KB 88ms
81ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/factor-logo-green.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: f8636f840e55868b04f7621502a452351269ffd7ce2fa600c15dda7fafb66da0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Wed, 26 Feb 2020 09:05:33 GMT
server: nginx
etag: "5e5634dd-92e"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 2350
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 bb.jpg
buhgalter.com.ua/upload/banners/journals-31-08-18/ 16 KB
16 KB 88ms
82ms Image
image/jpeg 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/upload/banners/journals-31-08-18/bb.jpg
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: b5cfb2ebe32805d7643546c8906515cd6f8c70f29597fb9abaf46e029044c496

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Mon, 22 Nov 2021 14:55:39 GMT
server: nginx
etag: "619baf6b-407a"
content-type: image/jpeg
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 16506
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 ms-new-min.jpg
buhgalter.com.ua/assets/templates/base/images/pub/ 5 KB
5 KB 88ms
82ms Image
image/jpeg 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/pub/ms-new-min.jpg
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 59930862af8eeece2cdac39829c922e109f0eebed8049ae6229ad25deb8089f0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Fri, 02 Jul 2021 08:41:50 GMT
server: nginx
etag: "60ded14e-125d"
content-type: image/jpeg
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 4701
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 b-com-min.jpg
buhgalter.com.ua/assets/templates/base/images/ 5 KB
5 KB 88ms
83ms Image
image/jpeg 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/b-com-min.jpg
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 24bbe137f237a6630db0061ede2daa44c062a28761b6c5375653a26a45a8dc6f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Wed, 26 May 2021 16:52:25 GMT
server: nginx
etag: "60ae7cc9-145f"
content-type: image/jpeg
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 5215
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 bb-min.png
buhgalter.com.ua/assets/templates/base/images/ 6 KB
6 KB 88ms
83ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/bb-min.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: e1b794cc9478098a88362aeb9c2ee3c0f84a4c55d1eb34d72f5b41dc0c602ad5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Fri, 06 Apr 2018 11:16:36 GMT
server: nginx
etag: "5ac75714-16ea"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 5866
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 privat.svg
buhgalter.com.ua/assets/templates/base/images/footer_icons/ 531 B
735 B 88ms
83ms Image
image/svg+xml 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/footer_icons/privat.svg
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: bda57657e18fe9533bbcc9e1aee5f305fd6c19f271b478639b9f25455dd27ce6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Fri, 10 Sep 2021 06:22:12 GMT
server: nginx
etag: "613af994-213"
content-type: image/svg+xml
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 531
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 visa.svg
buhgalter.com.ua/assets/templates/base/images/footer_icons/ 1 KB
966 B 89ms
84ms Image
image/svg+xml 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/footer_icons/visa.svg
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 3a4529b12c7684943d7612770b24292a5a5cf199e1ad370eff2c56a53f56461a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Fri, 10 Sep 2021 06:22:12 GMT
server: nginx
etag: W/"613af994-55a"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 mastercard.svg
buhgalter.com.ua/assets/templates/base/images/footer_icons/ 3 KB
1 KB 89ms
84ms Image
image/svg+xml 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/footer_icons/mastercard.svg
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 90b2c189be5f0290cd8d7003c28c08de7df1eb1d6240b24f699fc75a4132b70e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Fri, 10 Sep 2021 06:22:12 GMT
server: nginx
etag: W/"613af994-cf1"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 logo_web.gif
buhgalter.com.ua/assets/templates/base/images/ 35 KB
35 KB 89ms
84ms Image
image/gif 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/logo_web.gif
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: be625afbc485e960e06e97f06fd611767c597ec27ec976a899408074d2a78078

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Fri, 25 Mar 2016 08:11:53 GMT
server: nginx
etag: "56f4f2c9-8bb4"
content-type: image/gif
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 35764
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 404 js.cookie.min.js
buhgalter.com.ua/assets/templates/base/js/ 0
0 46ms
38ms Script
text/html 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/js/js.cookie.min.js
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 44 KB
17 KB 248ms
52ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

99698d842bac17e112650355905c04538f6c6e2f91aca00154d220207ee0e7a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17278
x-xss-protection: 0
server: cafe
etag: 12546904024700769360
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 26 Mar 2022 09:34:17 GMT

GET
H2 200 chat2.js Show response
buhgalter.com.ua/assets/templates/base/chat/js/ 14 KB
5 KB 124ms
120ms Script
application/javascript 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/chat/js/chat2.js?1575636222
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 2794e4bee8b85e3e25f439d6e2eff996da14eee39f04ccd2ab65436562be1fe9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 12:43:42 GMT
server: nginx
etag: W/"5dea4cfe-375c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 favorites.js Show response
buhgalter.com.ua/assets/templates/base/js/ 5 KB
1 KB 49ms
40ms Script
application/javascript 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/js/favorites.js?1549530983
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: b044100db87d9ea6f2baea5b4c2cacbd92d3f76a8fb521cdcddca8c26c196c1f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Thu, 07 Feb 2019 09:16:23 GMT
server: nginx
etag: W/"5c5bf767-140a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 ads_remove_popup.js Show response
buhgalter.com.ua/assets/templates/base/js/ 3 KB
1 KB 49ms
41ms Script
application/javascript 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/js/ads_remove_popup.js?1551773669
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 060bb8520b20eb55d3627c997fb70a310ee7340fca81019d845ec4d411f1f28d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Tue, 05 Mar 2019 08:14:29 GMT
server: nginx
etag: W/"5c7e2fe5-c04"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 analytics.js Show response
buhgalter.com.ua/assets/templates/base/js/ 9 KB
2 KB 49ms
41ms Script
application/javascript 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/js/analytics.js?1626441437
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: d80bd54f6f01cdaa4f9b4bf238a45def7223316f3613971da9a6a417c62b5364

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Fri, 16 Jul 2021 13:17:17 GMT
server: nginx
etag: W/"60f186dd-22ed"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 content_breaker.js Show response
buhgalter.com.ua/assets/templates/base/js/ 785 B
994 B 50ms
41ms Script
application/javascript 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/js/content_breaker.js?1638465638
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: aac16f954d581bdc9117839285ab45c1e9c71133dbdf18d0e72f420f18d99f13

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Thu, 02 Dec 2021 17:20:38 GMT
server: nginx
etag: "61a90066-311"
content-type: application/javascript
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 785
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 check_access.js Show response
buhgalter.com.ua/assets/templates/base/js/ 302 B
511 B 50ms
41ms Script
application/javascript 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/js/check_access.js?1638465374
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: a7175d1d334c622399772f16264ac7a80176047397f32836b6e0b004a59969e8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Thu, 02 Dec 2021 17:16:14 GMT
server: nginx
etag: "61a8ff5e-12e"
content-type: application/javascript
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 302
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 copy-print.css
buhgalter.com.ua/assets/templates/base/css/ 3 KB
949 B 50ms
42ms Stylesheet
text/css 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/css/copy-print.css?1563536971
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: fce47c008bc1eedf3d2f5efe16ffee0aa0e5ac44254b5ecce2c7de7273e54e12

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Fri, 19 Jul 2019 11:49:31 GMT
server: nginx
etag: W/"5d31ae4b-a33"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 cut_copy_error.png
buhgalter.com.ua/assets/templates/base/images/ 1 KB
1 KB 124ms
120ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/cut_copy_error.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: e6fce2657668d80c13f0b61064202b609505fedeaf02cbc1f83ef1b8fff6cb8a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Tue, 16 Jul 2019 12:30:51 GMT
server: nginx
etag: "5d2dc37b-4be"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 1214
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 ads_turn_off.css
buhgalter.com.ua/assets/templates/base/css/ 5 KB
1 KB 50ms
42ms Stylesheet
text/css 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/css/ads_turn_off.css?v=20200507
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 135d61e6a484f98a225e6c68264d7021f18ace3f1ce0ae8611b7c2b0c256f209

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Thu, 14 May 2020 10:32:42 GMT
server: nginx
etag: W/"5ebd1e4a-13bb"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 ic-block.png
buhgalter.com.ua/assets/templates/base/images/ 34 KB
34 KB 125ms
121ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/ic-block.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 448f7fb85b4c5699d46f1899d90c7d3266413020bffa738ac33b6b0ba21d2399

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Tue, 12 May 2020 07:15:13 GMT
server: nginx
etag: "5eba4d01-8888"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 34952
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 accounts_manager.js Show response
buhgalter.com.ua/assets/templates/base/js/ 2 KB
740 B 50ms
42ms Script
application/javascript 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/js/accounts_manager.js?v=02022021
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: f268e67bed4c1584ddf22b804ba2e482c2ed18c8905a1f032406bf846d7887dc

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Mon, 25 Jan 2021 07:56:35 GMT
server: nginx
etag: W/"600e79b3-609"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 ads_turn_off.js Show response
buhgalter.com.ua/assets/templates/base/js/ 3 KB
1 KB 50ms
43ms Script
application/javascript 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/js/ads_turn_off.js?1640073844
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: e904243c8ba54726547afae3e2cf80dd5394b98841b54716a5deae86f3d67aa8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Tue, 21 Dec 2021 08:04:04 GMT
server: nginx
etag: W/"61c18a74-d2f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 v7nxv24k.js Show response
l.getsitecontrol.com/ 433 B
1 KB 304ms
109ms Script
text/javascript 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://l.getsitecontrol.com/v7nxv24k.js
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: 8a109b74b240d241933b3e01970cbd4b242035e1c476f7ff4b394b7926fb00e4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: br
cdn-edgestorageid: 879
x-amz-request-id: A15TZC1NWMBEYB4G
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 03/25/2022 18:03:12
cdn-pullzone: 89704
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: Rw/lQ8Gc26yxd+S+gC/tUHm+lBnBK3ztPe1j1Q/t8PjeLoGnhz/e2VQ1Bkn7Nuzgrc6eYwnuZZ4=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Thu, 03 Mar 2022 15:46:32 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"9e4cec39b6cab3a5066e9f54e8b61a85"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cdn-cache: HIT
cdn-uid: e3a1246b-2fdd-4153-9207-6ca707c9379d
cache-control: public, max-age=86400
cdn-requestid: fa62c59c5395f51c45d33583954ba2c0
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 lw.css
buhgalter.com.ua/assets/templates/base/css/ 2 KB
834 B 50ms
43ms Stylesheet
text/css 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/css/lw.css?1642000502
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: ec7cf723e138fd1ced41f6f1c2c0d724c43183a65b54ebaef160e9635fc222d6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Wed, 12 Jan 2022 15:15:02 GMT
server: nginx
etag: W/"61def076-73c"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 paywall_counter.css
buhgalter.com.ua/assets/templates/base/css/ 7 KB
1 KB 51ms
43ms Stylesheet
text/css 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/css/paywall_counter.css?1638464533
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: a31a9769677c0e5e9f40a8ad5f40ece87ab2e1a27371caaa0abf52539f5225c8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Thu, 02 Dec 2021 17:02:13 GMT
server: nginx
etag: W/"61a8fc15-1a0e"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 cup_coffee.svg
buhgalter.com.ua/assets/templates/base/images/paywall/ 113 KB
83 KB 126ms
122ms Image
image/svg+xml 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/paywall/cup_coffee.svg
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: a4991d87ebaea362f7b779eb0e62f6664d2b0bfb83aada173b6dbdc6ed587a7b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Wed, 10 Mar 2021 07:46:47 GMT
server: nginx
etag: W/"60487967-1c399"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 ic-pay-access.png
buhgalter.com.ua/assets/templates/base/images/ 2 KB
2 KB 165ms
161ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/ic-pay-access.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: b6802ed3c9a13e4e0c4be93749ab1ffdfbf488638b05ed7e18ad3896b1a1748e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Fri, 29 Jan 2021 11:15:23 GMT
server: nginx
etag: "6013ee4b-841"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 2113
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 wrapper_hb_299506_4371.js Show response
player.adtelligent.com/prebid/ 786 B
748 B 220ms
34ms Script
application/javascript 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebid/wrapper_hb_299506_4371.js?cb=19077
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: bb1f1665d7d36ff738dcb494fb38266ebc6a0c9de10887324006b9e0b7e4c539

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Tue, 22 Mar 2022 12:58:20 GMT
server: nginx
etag: W/"6239c7ec-312"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Mon, 28 Mar 2022 09:34:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 176 KB
59 KB 292ms
102ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WVLD3W

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f07d6d5a4507f93cbee09cff769f092eb3b77bf60e82fbdd5a7cab2ead90396e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60626
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 09:34:17 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
1 KB 242ms
52ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@500&display=swap

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/css/buy-access.css?v=20210310-5799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c6f02ea61b580dd0d3d5fd8b473d8584ab32e741a5a969704928df2d2753a44e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 07:42:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 26 Mar 2022 09:34:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 26 Mar 2022 09:34:17 GMT

GET
H2 200 resource_icons_v7.png
buhgalter.com.ua/assets/templates/base/images/accounts/ 4 KB
4 KB 152ms
152ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/accounts/resource_icons_v7.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: c5a7e1a01e97fddf0d6fea76f7a895d53516d76728a4615816a71afa8141d8df

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Thu, 17 Jun 2021 10:19:17 GMT
server: nginx
etag: "60cb21a5-f41"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 3905
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 configs Show response
cdn.gravitec.net/sdk/web/ 2 KB
1 KB 104ms
40ms Fetch
application/json 45.133.44.4
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/sdk/web/configs?appKey=c77ccd81f8480b85adc1e41419254e96
Requested by: Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/c77ccd81f8480b85adc1e41419254e96/client.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 0673a67906e341eb7c6158899b672c6701aa4febb161fc0dfbd440ead60f30aa

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
x-correlation-id: ddf8ba44162cdf4ea5e335ddb0ee7ba0
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
content-encoding: gzip
x-proxy-cache: MISS

GET
H2 200 / Show response
id.gravitec.net/ Frame 5FC7 621 B
699 B 152ms
49ms Document
text/html 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://id.gravitec.net/
Requested by: Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/c77ccd81f8480b85adc1e41419254e96/client.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9d1cb86ec27e86dfdefab39206fb510070d00b81d91f11ddc6720e3c62629d32

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-type: text/html; charset=utf-8
last-modified: Mon, 13 Apr 2020 15:31:02 GMT
etag: W/"5e9485b6-26d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000 public
pragma: public
access-control-allow-origin: *
x-accel-expires: @1938085063
server: CDN77-Turbo
x-77-nzt: Abk73BDiWN7/UgyGAQ
x-77-nzt-ray: 80voG5Cvbfc
x-cache: HIT
x-age: 25562194
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br

GET push-worker.js
buhgalter.com.ua/ Frame 0
0

GET
H2 200 hbw_master_299506_4371.js Show response
player.adtelligent.com/prebidlink/457857/ 123 KB
29 KB 49ms
48ms Script
application/javascript 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/457857/hbw_master_299506_4371.js
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebid/wrapper_hb_299506_4371.js?cb=19077
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 6d3e72f792ab09e654be262d636c49cb56c2059c063f52793ec96a963c6949e3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Tue, 22 Mar 2022 12:58:20 GMT
server: nginx
etag: W/"6239c7ec-1ea70"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Mon, 28 Mar 2022 09:34:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 82 KB
28 KB 249ms
49ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ffbf0901d91c2643b9aef55cc55cb461e8be565f7b47289a03c321cb1cc4441

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28045
x-xss-protection: 0
server: sffe
etag: "1169 / 399 of 1000 / last-modified: 1648245909"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 26 Mar 2022 09:34:17 GMT

GET
H2 200 fbds.js Show response
connect.facebook.net/en_US/ 4 KB
3 KB 213ms
40ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbds.js

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7d78e96c514abb7a32d7bfabbb2e55cffab9451d56dd2667b2901af2f66fac7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: lRFL5R03U5QquxPiU6jV4Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Sat, 26 Mar 2022 09:43:39 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 2166
x-fb-rlafr: 0
x-fb-debug: K28k7FF+ITT3Ei0o+7vOKab2N2sRoCk8kXRrgSFIud/445t+sINPpvBhg43xrGg7EBKlQxU6HljUj/wIaQHOYw==
x-fb-trip-id: 686109401
x-fb-content-md5: 4d943c5b61dffff45c99378228647df8
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sat, 26 Mar 2022 09:34:17 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "f8854f8b94c6e67b7926dccdd5ad953c"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

POST
H/1.1 200
OK add Show response
analytics.factor.ua/analytics/ 0
242 B 465ms
296ms XHR
text/html 95.170.82.90
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.factor.ua/analytics/add
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/js/analytics.js?1626441437
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 95.170.82.90 Amsterdam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 95-170-82-90.colo.transip.net
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://buhgalter.com.ua
Date: Sat, 26 Mar 2022 09:34:17 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 logo_event_n.png
buhgalter.com.ua/assets/templates/base/images/ 9 KB
10 KB 42ms
41ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/logo_event_n.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: d564e795aec94a8c74308ecec87cb269c8b536135086e36ba14ffa7f22434264

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Tue, 15 Jun 2021 12:47:48 GMT
server: nginx
etag: "60c8a174-25c4"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 9668
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 dec_line2.png
buhgalter.com.ua/assets/templates/base/images/ 228 B
428 B 42ms
42ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/dec_line2.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/css/subscribe_form_newsone.css?v=20210423
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 4434af4fb7f6dcd25c06a6979ee9d9965188ba85e7860e8ded9d730a3419afb6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/assets/templates/base/css/subscribe_form_newsone.css?v=20210423
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
last-modified: Mon, 13 Apr 2020 08:20:47 GMT
server: nginx
etag: "5e9420df-e4"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 228
expires: Sat, 09 Apr 2022 09:34:17 GMT

POST
H2 200 z Show response
s.zmctrack.net/ Frame 1F76 50 KB
23 KB 348ms
171ms XHR
text/javascript 185.187.81.41
IDSTRATEGY-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.zmctrack.net/z
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.187.81.41 Kyiv, Ukraine, ASN43332 (IDSTRATEGY-AS, UA),
Reverse DNS
Software: openresty /
Resource Hash: 2cec4b13f651c11cb7e989b911afc1dc1c4d00503bb94a739c6882fff08d9718

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
content-encoding: gzip
server: openresty
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: X-Location, X-Meta-Status, X-Set-Cookie, X-Cookie, X-Check
cache-control: no-cache, no-store
access-control-allow-headers: X-Request-Data, X-Headers, X-Url, Accept-Encoding, Accept-Language, Content-Language, Accept, Content-Type, Cookie, Origin, User-Agent
content-length: 23390
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK / Show response
jsonip.com/ 150 B
451 B 563ms
184ms Script
application/json 2600:3c01::f03c:91ff:fe79:43b
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

https://jsonip.com/?callback=jQuery111103420162388905559_1648287257398&_=1648287257399

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/js/jquery.min.js?1548420380

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:3c01::f03c:91ff:fe79:43b Fremont, United States, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

Software

nginx/1.20.2 /

Resource Hash

d258fead6c9ba91ce351fa1fa6d12123e89f1c027d8ea020c093550f8a4553ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 09:34:18 GMT
Server: nginx/1.20.2
Strict-Transport-Security: max-age=31536000;
Access-Control-Allow-Methods: GET
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975200280/ 2 KB
2 KB 145ms
55ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975200280/?random=1648287257856&cv=9&fst=1648287257856&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fbuhgalter.com.ua%2F&tiba=%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%96%D0%B2%20%D0%B1%D1%8E%D0%B4%D0%B6%D0%B5%D1%82%D0%BD%D0%B8%D1%85%20%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3b2aa0ed671d07334223e27db21c0f339c977657f517ec5033dfb3f8dce1843

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1062
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.css
buhgalter.com.ua/assets/templates/base/chat/css/ 849 KB
458 KB 43ms
43ms Stylesheet
text/css 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/chat/css/main.css?1625654744
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/js/jquery.min.js?1548420380
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 5e1055767f6d4ebc018c9e2386d3ca843ce1cc24daf9add01c652a15b7fdaf4d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Wed, 07 Jul 2021 10:45:44 GMT
server: nginx
etag: W/"60e585d8-d4267"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 favourites.css
buhgalter.com.ua/assets/templates/base/css/ 5 KB
1 KB 93ms
93ms Stylesheet
text/css 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/css/favourites.css?1549530487
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/js/jquery.min.js?1548420380
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: b7e5a16afe5493961690e4e41f66a8031db0bc3065aebbe95414494837ccd23c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Thu, 07 Feb 2019 09:08:07 GMT
server: nginx
etag: W/"5c5bf577-15d9"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 notyfy_popups.css
buhgalter.com.ua/assets/templates/base/css/ 3 KB
973 B 93ms
93ms Stylesheet
text/css 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/css/notyfy_popups.css?1551775774
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/js/jquery.min.js?1548420380
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 7b63f721e824f90d7f3144b2458f93b1697419fc8790f35537a064ed757a1b80

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Tue, 05 Mar 2019 08:49:34 GMT
server: nginx
etag: W/"5c7e381e-a18"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.6.3/css/ 52 KB
12 KB 216ms
86ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.6.3/css/all.css
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/js/jquery.min.js?1548420380
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 481a0574246e281316ffa0e15399bf5388bb81ae550ce0401a0353b6bb2d1e5a

Request headers

Referer: https://buhgalter.com.ua/
Origin: https://buhgalter.com.ua
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1042350
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: QHZ84KAG11MDNJWE
x-amz-id-2: Lu57T9xEy04JcsJPdVqogMUzsJKBsjxdrcx+O1Umy3w5My816nYIWIhP/k9986XV8jGLKHdG2GE=
last-modified: Wed, 30 Jun 2021 15:44:33 GMT
server: cloudflare
etag: W/"dc93d584e41f8417f6b7163320d34329"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CSrzt%2BJaJIpr0nw8epB872sfOf8ymBqqE5q2qoLZIH1g9c3HNMsovXZkORMRM223v820G1kHFhkU5%2FRMbRQkY3deBs3Sy6Af34kak20zqFlczGMwJWq2R8MzoA%2BGFQB%2FEuXxk1dReb6mdtefm%2BbBrL9m"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 6f1ee3c2b8f73762-MXP

GET
H2 200 media.css
buhgalter.com.ua/assets/templates/base/css/ 120 KB
41 KB 93ms
93ms Stylesheet
text/css 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://buhgalter.com.ua/assets/templates/base/css/media.css?1642162679
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/js/jquery.min.js?1548420380
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 4a332e4376303ca434ff138b0872d64fc86a45101b51065c776206afe66c015a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Fri, 14 Jan 2022 12:17:59 GMT
server: nginx
etag: W/"61e169f7-1de87"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:17 GMT

GET
H2 200 v7nxv24k.json Show response
l.getsitecontrol.com/ 26 B
893 B 228ms
140ms XHR
application/json 84.17.46.53
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://l.getsitecontrol.com/v7nxv24k.json
Requested by: Host: l.getsitecontrol.com
URL: https://l.getsitecontrol.com/v7nxv24k.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-84-17-46-53.cdn77.com
Software: BunnyCDN-AMS1-879 /
Resource Hash: 2388df780f154980d5f334830101f63540ae55f3601ed8a2d3eb4053a6a9f4e3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
content-encoding: br
vary: Accept-Encoding
cdn-edgestorageid: 766
x-amz-request-id: T82PB62YNP20X2DY
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 03/09/2022 22:42:26
cdn-pullzone: 89704
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: QLQG27F7BMILNZNFeqq7/2sfowL8DqRTeGjHOGKsHIj7hRij8CopYL0QzcZePRc3TaD8rYR/Rcs=
server: BunnyCDN-AMS1-879
access-control-allow-origin: *
last-modified: Mon, 07 Mar 2022 12:00:07 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"93810944f20c0434e4e2ea2795b1c469"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
cdn-cache: REVALIDATED
cdn-uid: e3a1246b-2fdd-4153-9207-6ca707c9379d
cache-control: public, max-age=5
cdn-requestid: c26cc7fe479da213ac599571d8e417e7
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 hb_299506_4371.js Show response
player.adtelligent.com/prebidlink/ex19077/ 352 KB
108 KB 42ms
42ms Script
application/javascript 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/457857/hbw_master_299506_4371.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 585577abe91b88ad3c7e8ee6353fb2e6e1821fb1b73f321a387a7eb6fe3dff1d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Wed, 09 Mar 2022 11:06:41 GMT
server: nginx
etag: W/"62288a41-57f1c"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Mon, 28 Mar 2022 09:34:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

GET
H2 200 0.bundle.js Show response
cdn.gravitec.net/modules/ 9 KB
4 KB 30ms
30ms Script
application/javascript 45.133.44.4
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/modules/0.bundle.js
Requested by: Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/c77ccd81f8480b85adc1e41419254e96/client.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 0a91fbed903c7ee569d116adee58d579d0c64775a469ee86d3cc4281f913bda1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Wed, 02 Feb 2022 09:01:35 GMT
server: nginx
etag: W/"61fa486f-2550"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 02 Feb 2022 09:06:29 GMT
cache-control: max-age=10
x-proxy-cache: HIT

GET
H2 200 1.bundle.js Show response
cdn.gravitec.net/modules/ 32 KB
8 KB 35ms
35ms Script
application/javascript 45.133.44.4
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/modules/1.bundle.js
Requested by: Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/c77ccd81f8480b85adc1e41419254e96/client.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 23b89bb3578573b474d7a69e2df32e8f0ee7839a44392edb040e4117a07ce6fa

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
last-modified: Wed, 02 Feb 2022 09:01:35 GMT
server: nginx
etag: W/"61fa486f-8092"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 02 Feb 2022 09:06:29 GMT
cache-control: max-age=10
x-proxy-cache: HIT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 131ms
41ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-35985798-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5372
date: Sat, 26 Mar 2022 08:04:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 26 Mar 2022 10:04:46 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 173 KB
64 KB 61ms
60ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6VVQ37Y1T2&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-35985798-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fa0c8b719006d3de5625415ca1a6b3522c4b6962a811a991ad760e80054606ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65035
x-xss-protection: 0
expires: Sat, 26 Mar 2022 09:34:17 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 67ms
67ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVLD3W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

00359d552170386e0f9dc362a2a48ad8da908f6263810b28eb26348073b70bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14884
x-xss-protection: 0
server: cafe
etag: 4198181851688197673
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 26 Mar 2022 09:34:17 GMT

GET
H2 200 optimize.js Show response
www.google-analytics.com/gtm/ 97 KB
38 KB 136ms
55ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/optimize.js?id=GTM-WMZFGRB

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVLD3W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9d382bb5e6d29142970841bbb9101f4120b9b817e39f2a202c83cda6ea20ee12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38260
x-xss-protection: 0
expires: Sat, 26 Mar 2022 09:34:18 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/uk_UA/ 3 KB
2 KB 41ms
40ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/uk_UA/sdk.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVLD3W

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e2c1db628706d9189213931f61655a826a407a5763d6153e142a1d9f29673d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 6so1lQKSmossHQJEu6vPBQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Sat, 26 Mar 2022 09:51:55 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: 3OH7zqpVLJGiABKaENMZPvU3chwOVmKTs3VunBXW/Lm5iwUEBHtKWCThJ7acFKAdCqudX/WeCQhzGp61CDdGWQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 73fd2d592a3700cce18116961ef80fe5
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sat, 26 Mar 2022 09:34:17 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "e75436e980590b8def0bd8a14692a01d"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
26 KB 41ms
41ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e18d0e3dd548e9745884578e3cd9f0a492ddbb6f3b797db364b45bb16cadfb3

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26320
x-xss-protection: 0
pragma: public
x-fb-debug: qYwmTeibGpTyjRIZZn/6WlMYbbDXQXyXCIMBxXfhrZf/fX5luTjEbjAkLoRKxBwypNhPucgfe+yKRpmF4baHww==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Sat, 26 Mar 2022 09:34:17 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK / Show response
ghb.adtelligent.com/geo/ 138 B
387 B 286ms
30ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/geo/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/457857/hbw_master_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 5cfe3d8e993d5a436daf78d54d89d22c589ee05954359672781bb074174e0fa6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://buhgalter.com.ua
Date: Sat, 26 Mar 2022 09:34:17 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive
Content-Length: 138
Content-Type: application/json

GET
H/1.1 200
OK tracking Show response
ghb.adtelligent.com/adunit/ 43 B
410 B 286ms
31ms XHR
image/gif 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/tracking?event=11&type=0&client_id=299506&site_id=4371&full_page_url=https%3A%2F%2Fbuhgalter.com.ua%2F&adid=7nobvm.63&features=16416&vpbv=N054&lifecycle_tte=1433
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/457857/hbw_master_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://buhgalter.com.ua
Date: Sat, 26 Mar 2022 09:34:17 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 /
www.facebook.com/tr/ 44 B
408 B 123ms
40ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1495025544106981&ev=PixelInitialized&dl=https%3A%2F%2Fbuhgalter.com.ua%2F&rl=&if=false&ts=1648287257923

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Sat, 26 Mar 2022 09:34:18 GMT

GET
H2 200 pubads_impl_2022031601.js Show response
securepubads.g.doubleclick.net/gpt/ 365 KB
124 KB 137ms
42ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

5042f25c3eb1530880fa3b05325462c028492caf22141409999cdd7e6364b8ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 08:21:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4370
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126823
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 08:34:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 26 Mar 2023 08:21:28 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 277 B
782 B 145ms
53ms XHR
application/json 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=buhgalter.com.ua

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

c9f44945ccb68cde364e4422dba31ddbbcc897fda5c4e0e7e631c9c366bf2ca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Mar 2022 09:34:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145
x-xss-protection: 0
expires: Sat, 26 Mar 2022 09:34:18 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/uk_UA/ 283 KB
81 KB 87ms
43ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/uk_UA/sdk.js?hash=dd5885b753d5d38845c72a7ee4bcbf57

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/uk_UA/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5c989aa7687f2243c4bc5b0fbcb98201c2b0febb342a5052f4f77bde116930a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://buhgalter.com.ua/
Origin: https://buhgalter.com.ua
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: kDv9yUoiwKcwQWih9A5QBQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Sun, 26 Mar 2023 08:44:19 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 82849
x-fb-rlafr: 0
x-fb-debug: YfzZbEBz+t1P0ZY8D9F3D0RtaErlJ6IimhpTxerU4Zomy4WxCEmNm+QwYLEgCPpyGnA+JkJXcdgPmV7wgjvpaA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 8d15ed06ba6a89d616e2c6921fa2d25a
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 26 Mar 2022 09:34:18 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "063a5961c13cd52017e7be4141ce5884"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H3 200 1495025544106981 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 44ms
43ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1495025544106981?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c3cc9215cd1edb24e5adc0162b2fd1f967db2cb99f5585c6b439efc417e8e4ea

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 89095
x-xss-protection: 0
pragma: public
x-fb-debug: qNQOyM0G1jwEdnnPECegDnK6U7sXOadROWdzqRyXD4BOhVh8cQbh/0ABM/u+Dci+6+wJCI7jmvOUOlyXJpkbPw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sat, 26 Mar 2022 09:34:18 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ 383 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3fb84ac22d9aa3bcb4eb5a032abb61f745d15a6e89e4b5c87a60d08bb48bbd8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ic_video.png
buhgalter.com.ua/assets/templates/base/images/ico-social/ 424 B
624 B 44ms
41ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/ico-social/ic_video.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/css/media.css?1642162679
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 8d08002698e3eea9504529fb40cb7ee307d4bfcb79b26e6b7a9f0d88583ae8ae

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/assets/templates/base/css/media.css?1642162679
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
last-modified: Thu, 28 May 2020 12:05:04 GMT
server: nginx
etag: "5ecfa8f0-1a8"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 424
expires: Sat, 09 Apr 2022 09:34:18 GMT

GET
H2 200 fit_button_new.svg
buhgalter.com.ua/assets/templates/base/images/ 5 KB
2 KB 43ms
41ms Image
image/svg+xml 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/fit_button_new.svg
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/css/media.css?1642162679
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 8429d286889a500a6549279dbb7135387b5c3167421d6f703d929f06910cf617

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/assets/templates/base/css/media.css?1642162679
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
content-encoding: gzip
last-modified: Thu, 16 Apr 2020 15:40:47 GMT
server: nginx
etag: W/"5e987c7f-138a"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=1209600, public, no-transform
expires: Sat, 09 Apr 2022 09:34:18 GMT

GET
DATA 200
OK truncated
/ 425 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2d27a1810a9c43b17603247c2757dba5e852432b29416d66de79bf6a3bbd1fd3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 468 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b265408716dbe3e1a43a7bb536defb88b2a4df5e02fd12f1262ded3e46b2c9c2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 106 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 74c3d6e4e68a777357e0779c0dac3ab4b146a1b9f95f5884893f453e703ef745

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a74d051cb4f10fc6e724eafd37adaf9dd951c9e1786c48158d14c44a7c948a7c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 169 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae9dc62c51a79132774aa19bec7fea733c24b5a200d3ce68ba362ba7ead54396

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 357 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8ee6435761532684a8d1d79368bfadcc4ebc56c653721a4c2a3e649b69922df

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 312 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 33469539b582e93d9b98eecbae3c3cc48965f030aeaad68cc56cbbf20f774923

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 93 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f1f2c754697a52684fccacaa9e300ac3268d6c13837b9ac7f46475cc67de8d4c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4fa18ae7faa4c864e0c14d23b00a46e5cb48f7509335d3d9ece052ff93c328d5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 user.png
buhgalter.com.ua/assets/templates/base/chat/img/ 631 B
831 B 41ms
41ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/chat/img/user.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/chat/css/main.css?1625654744
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: fa730e45f1461662728ed590039a2cb0900eee5486af662670dccca0e7f0ddd6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/assets/templates/base/chat/css/main.css?1625654744
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
last-modified: Fri, 25 Jan 2019 12:16:54 GMT
server: nginx
etag: "5c4afe36-277"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 631
expires: Sat, 09 Apr 2022 09:34:18 GMT

GET
H2 200 smyle.png
buhgalter.com.ua/assets/templates/base/chat/img/ 816 B
1016 B 41ms
41ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/chat/img/smyle.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/chat/css/main.css?1625654744
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 5833f676a69a7385d07b129f61b2545762ac94c5691a5c8fc82b1eff66d74737

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/assets/templates/base/chat/css/main.css?1625654744
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
last-modified: Fri, 25 Jan 2019 12:16:54 GMT
server: nginx
etag: "5c4afe36-330"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 816
expires: Sat, 09 Apr 2022 09:34:18 GMT

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0e5b66a959fea501a734824f70aa077d915830dfd1a627bc7b5a31ebd5212b16

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 logo_forum.png
buhgalter.com.ua/assets/templates/base/images/ 3 KB
4 KB 41ms
41ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/logo_forum.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/css/media.css?1642162679
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: d6b329563ab2466783f3b47eecbe503544948991015d8ce711e3168d99f3adf3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/assets/templates/base/css/media.css?1642162679
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
last-modified: Thu, 17 Jun 2021 14:28:16 GMT
server: nginx
etag: "60cb5c00-dce"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 3534
expires: Sat, 09 Apr 2022 09:34:18 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975200280/ 42 B
548 B 179ms
56ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975200280/?random=1648287257856&cv=9&fst=1648285200000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fbuhgalter.com.ua%2F&tiba=%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%96%D0%B2%20%D0%B1%D1%8E%D0%B4%D0%B6%D0%B5%D1%82%D0%BD%D0%B8%D1%85%20%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2&fmt=3&is_vtc=1&random=2523694313&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.uk/pagead/1p-user-list/975200280/ 42 B
548 B 179ms
57ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/975200280/?random=1648287257856&cv=9&fst=1648285200000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fbuhgalter.com.ua%2F&tiba=%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%96%D0%B2%20%D0%B1%D1%8E%D0%B4%D0%B6%D0%B5%D1%82%D0%BD%D0%B8%D1%85%20%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2&fmt=3&is_vtc=1&random=2523694313&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/977649145/ 3 KB
1 KB 108ms
59ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/977649145/?random=1648287258058&cv=9&fst=1648287258058&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg3e0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fbuhgalter.com.ua%2F&tiba=%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%96%D0%B2%20%D0%B1%D1%8E%D0%B4%D0%B6%D0%B5%D1%82%D0%BD%D0%B8%D1%85%20%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

afd810d36f35a0e41e24235473302af372544bf019226db6d2dee332eb122a5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1070
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
347 B 155ms
47ms Ping
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-6VVQ37Y1T2&gtm=2oe3e0&_p=1322719615&sr=1600x1200&_gaz=1&ul=en-us&cid=269659947.1648287258&_s=1&dl=https%3A%2F%2Fbuhgalter.com.ua%2F&dt=%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%96%D0%B2%20%D0%B1%D1%8E%D0%B4%D0%B6%D0%B5%D1%82%D0%BD%D0%B8%D1%85%20%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2&sid=1648287257&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6VVQ37Y1T2&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
347 B 143ms
36ms Ping
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-6VVQ37Y1T2&cid=269659947.1648287258&gtm=2oe3e0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6VVQ37Y1T2&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
107 B 170ms
64ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-6VVQ37Y1T2&cid=269659947.1648287258&gtm=2oe3e0&aip=1&z=1652333945

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 105ms
57ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1322719615&t=pageview&_s=1&dl=https%3A%2F%2Fbuhgalter.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%96%D0%B2%20%D0%B1%D1%8E%D0%B4%D0%B6%D0%B5%D1%82%D0%BD%D0%B8%D1%85%20%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4CDACUABRAAAAC~&jid=137032864&gjid=1144529132&cid=269659947.1648287258&tid=UA-35985798-1&_gid=844330080.1648287258&_r=1&gtm=2ou3e0&z=304281567

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 88ms
42ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1322719615&t=event&_s=2&dl=https%3A%2F%2Fbuhgalter.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%96%D0%B2%20%D0%B1%D1%8E%D0%B4%D0%B6%D0%B5%D1%82%D0%BD%D0%B8%D1%85%20%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=general&ea=event2&_u=4CDACUABRAAAAC~&jid=&gjid=&cid=269659947.1648287258&tid=UA-35985798-1&_gid=844330080.1648287258&cd2=%D0%BD%D0%B5%D1%82&gtm=2ou3e0&cd1=%D0%BD%D0%B5%D1%82&z=1474003851

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Mar 2022 11:09:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 80710
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 74ms
56ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1322719615&t=pageview&_s=1&dl=https%3A%2F%2Fbuhgalter.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%96%D0%B2%20%D0%B1%D1%8E%D0%B4%D0%B6%D0%B5%D1%82%D0%BD%D0%B8%D1%85%20%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=6CDACUABRAAAAC~&jid=1684362029&gjid=1330160375&cid=269659947.1648287258&tid=UA-53572572-5&_gid=844330080.1648287258&_r=1&gtm=2wg3e0WVLD3W&z=2041564300

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 57ms
47ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1322719615&t=pageview&_s=1&dl=https%3A%2F%2Fbuhgalter.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%96%D0%B2%20%D0%B1%D1%8E%D0%B4%D0%B6%D0%B5%D1%82%D0%BD%D0%B8%D1%85%20%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=6CDACUABRAAAAC~&jid=1267543085&gjid=1952783285&cid=269659947.1648287258&tid=UA-35985798-1&_gid=844330080.1648287258&_r=1&gtm=2wg3e0WVLD3W&z=1420968354

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 83ms
41ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1495025544106981&ev=PageView&dl=https%3A%2F%2Fbuhgalter.com.ua%2F&rl=&if=false&ts=1648287258141&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.2.1648287258140.572258480&it=1648287257983&coo=false&exp=p1&rqm=GET

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Sat, 26 Mar 2022 09:34:18 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 72ms
41ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1264355410382750&ev=fb_page_view&dl=https%3A%2F%2Fbuhgalter.com.ua%2F&rl=&if=false&ts=1648287258151&sw=1600&sh=1200&at=

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Sat, 26 Mar 2022 09:34:18 GMT

GET
H2 204 /
loadercdn.net/ 0
169 B 290ms
88ms Image
text/plain 185.187.81.41
IDSTRATEGY-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadercdn.net/?r=1&u=79f486a8b4a7c08a&d=buhgalter.com.ua
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.187.81.41 Kyiv, Ukraine, ASN43332 (IDSTRATEGY-AS, UA),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:18 GMT
server: openresty

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
28 B 72ms
36ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35985798-1&cid=269659947.1648287258&jid=137032864&gjid=1144529132&_gid=844330080.1648287258&_u=4CDACUAARAAAAC~&z=776956868

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 26 Mar 2022 09:34:18 GMT
content-type: text/plain
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
28 B 73ms
37ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-53572572-5&cid=269659947.1648287258&jid=1684362029&gjid=1330160375&_gid=844330080.1648287258&_u=6CDACUABRAAAAC~&z=940131622

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 26 Mar 2022 09:34:18 GMT
content-type: text/plain
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
28 B 72ms
37ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35985798-1&cid=269659947.1648287258&jid=1267543085&gjid=1952783285&_gid=844330080.1648287258&_u=6CDACUABRAAAAC~&z=381532410

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 26 Mar 2022 09:34:18 GMT
content-type: text/plain
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 config.json Show response
player.adtelligent.com/exchange_rates/299481/ 2 KB
1 KB 103ms
34ms XHR
application/json 45.133.44.3
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/exchange_rates/299481/config.json?cb=https%3A%2F%2Fbuhgalter.com.ua%2F
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.3 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 0898a84b3ee32f283dbcce7747e24d35fcf96904c0ea00e3652a85d9b696ebd2

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
content-encoding: gzip
last-modified: Fri, 25 Mar 2022 00:02:11 GMT
server: nginx
etag: W/"623d0683-8a9"
content-type: application/json
access-control-allow-origin: https://buhgalter.com.ua
expires: Mon, 28 Mar 2022 09:34:18 GMT
cache-control: max-age=172800
x-proxy-cache: HIT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17380452670e8c3216bc2cf483c28eec5059a45c47cabf1b216e09a6815f12cb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK csyncs Show response
ghb.adtelligent.com/ 448 B
572 B 30ms
29ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/csyncs?aid1=443990&aid2=443991&aid3=undefined
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/457857/hbw_master_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: d95fccc8a4d3363801ea0564fce8cd0ef5938d2f3aae4bfd873b192a8b2667ba

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 09:34:17 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://buhgalter.com.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 284

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
792 B 157ms
50ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=buhgalter.com.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Mar 2022 09:34:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 162ms
55ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=buhgalter.com.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Mar 2022 09:34:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 422 B
253 B 129ms
79ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1896040571986838&correlator=4345711155610562&eid=31064151%2C31064688%2C31065546%2C31065802%2C31065787%2C31063247%2C44761143&output=ldjh&gdfp_req=1&vrg=2022031601&ptt=17&impl=fifs&iu_parts=141806220%2Cbuhgalter-brand-custom&enc_prev_ius=%2F0%2F1&prev_iu_szs=1920x1080&ifi=1&adks=2347397124&sfv=1-0-38&ecs=20220326&fsapi=false&prev_scp=excl_cat%3DPREPOST&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1648287258298&lmt=1590667965&dlt=1648287257277&idt=974&biw=1600&bih=1200&adxs=-12245933&adys=-12245933&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fbuhgalter.com.ua%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x3488&msz=1920x-1&fws=640&ohw=0&ga_vid=269659947.1648287258&ga_sid=1648287258&ga_hid=1322719615&ga_fc=true&btvi=-1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

2d262a09dcb6006abe2599a8e0e368868054baf2b93bf8f37a0db3c3437559e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 224
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 417 B
254 B 129ms
81ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1896040571986838&correlator=323581539148735&eid=31064151%2C31064688%2C31065546%2C31065802%2C31065787%2C31063247%2C44761143&output=ldjh&gdfp_req=1&vrg=2022031601&ptt=17&impl=fifs&iu_parts=430837318%2CTOTAL_TAS%2CAdtelligent&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=2&adks=1413638297&sfv=1-0-38&ecs=20220326&fsapi=false&prev_scp=tmPtS%3DINSERT_UTM_SOURCE_HERE%26tmPtM%3DINSERT_UTM_MEDIUM_HERE%26tmDmn%3DINSERT_DOMAIN_HERE%26tmClnt%3DAdtelligent%26excl_cat%3DPREPOST&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1648287258303&lmt=1590667965&dlt=1648287257277&idt=974&biw=1600&bih=1200&adxs=0&adys=3489&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fbuhgalter.com.ua%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x3488&msz=1600x0&fws=0&ohw=0&ga_vid=269659947.1648287258&ga_sid=1648287258&ga_hid=1322719615&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

0b017b3819242025de47dd71f753478ed401e320c4aac5561e253833361e731d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 09E2 6 KB
4 KB 178ms
50ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 26 Mar 2022 09:34:18 GMT
expires: Sun, 26 Mar 2023 09:34:18 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 /
www.google.com/pagead/1p-user-list/977649145/ 42 B
64 B 137ms
52ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/977649145/?random=1648287258058&cv=9&fst=1648285200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg3e0&sendb=1&frm=0&url=https%3A%2F%2Fbuhgalter.com.ua%2F&tiba=%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%96%D0%B2%20%D0%B1%D1%8E%D0%B4%D0%B6%D0%B5%D1%82%D0%BD%D0%B8%D1%85%20%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2&async=1&fmt=3&is_vtc=1&random=1619614664&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.co.uk/pagead/1p-user-list/977649145/ 42 B
64 B 140ms
53ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/977649145/?random=1648287258058&cv=9&fst=1648285200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg3e0&sendb=1&frm=0&url=https%3A%2F%2Fbuhgalter.com.ua%2F&tiba=%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D1%96%D0%B2%20%D0%B1%D1%8E%D0%B4%D0%B6%D0%B5%D1%82%D0%BD%D0%B8%D1%85%20%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2&async=1&fmt=3&is_vtc=1&random=1619614664&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

1px-matching-adtelligent.gif
t.trafmag.com/images/images/
Redirect Chain

https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=266963a8e94f3971

35 B
351 B

243ms
57ms

Image
image/gif

193.200.65.5
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=266963a8e94f3971
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: HTTP/1.1
Server: 193.200.65.5 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: t.trafmag.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 09:34:19 GMT
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
P3P: CP="NON DSP COR CURa TIA"

Redirect headers

Location: https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=266963a8e94f3971
Date: Sat, 26 Mar 2022 09:34:18 GMT
Server: VertaMedia 1.0
Etag: 266963a8e94f3971
Content-Length: 0

GET
H/1.1

200
OK

csync
sync.adtelligent.com/
Redirect Chain

https://a4p.adpartner.pro/ssp/match?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307558%26extuid%3D%7Buser_id%7D
https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=862e0bfe-f5f0-4e88-9214-fcde1ac89423

0
407 B

690ms
330ms

Image
text/plain

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=862e0bfe-f5f0-4e88-9214-fcde1ac89423
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: HTTP/1.1
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 09:34:18 GMT
Server: VertaMedia 1.0
Etag: 266963a8e94f3971
Content-Length: 0

Redirect headers

location: https://sync.adtelligent.com/csync?t=a&ep=307558&extuid=862e0bfe-f5f0-4e88-9214-fcde1ac89423
date: Sat, 26 Mar 2022 09:34:18 GMT
cache-control: no-store no-transform
server: nginx
content-length: 166
content-type: text/html; charset=utf-8

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 26 KB
10 KB 381ms
308ms XHR
application/json 185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

0772440742311161a8b4c0b052c35ca87993dd302341ec1b8786815ea4000adf

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 26 Mar 2022 09:34:18 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.138.196.106; 217.138.196.106; 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 0cace401-d665-4647-8fa4-75bc4b181712
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://buhgalter.com.ua
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK / Show response
ghb.adtelligent.com/v2/auction/ 3 KB
672 B 32ms
32ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/v2/auction/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: e9432a42175bac76d8ee12d01b3f351c967affbb0fb4decab4b5acbcbde69b68

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 26 Mar 2022 09:34:17 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://buhgalter.com.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 384

POST
H/1.1 200
OK / Show response
ghb1.adtelligent.com/v2/auction/ 2 KB
686 B 189ms
31ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb1.adtelligent.com/v2/auction/
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 5a7a2c585637500ff94c6efc2ee3dde6082daa148a33971be41e76c5948158de

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 26 Mar 2022 09:34:18 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://buhgalter.com.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Length: 398

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 259 B
1 KB 232ms
112ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=48254&zone_id=1767334&size_id=2&alt_size_ids=55%2C221&rp_schain=1.0,1!luponmedia.com,1994122,1,,,&eid_pubcid.org=12fad5dc-9841-48a9-b8c6-d3e06e87b69d%5E1&rf=https%3A%2F%2Fbuhgalter.com.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=00f5aa20-6260-46b8-a3ae-48f0849d91a0&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.1588236919139503
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 7dcad7165d9ad5f1b3832f47c34de96c7eca000faa7c8ca55a15ccfb086de82d

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://buhgalter.com.ua
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 259
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 239 B
1 KB 236ms
116ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=48254&zone_id=1767334&size_id=1&rp_schain=1.0,1!luponmedia.com,1994122,1,,,&eid_pubcid.org=12fad5dc-9841-48a9-b8c6-d3e06e87b69d%5E1&rf=https%3A%2F%2Fbuhgalter.com.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=d5cdee21-edbb-40a7-bba6-6362be9df580&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.14366460318622476
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: bc3e87b829b37bfbba01cc67e0667a9dd3c3303a89086ff2e3a02c2fd3cae882

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://buhgalter.com.ua
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 239
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 259 B
1 KB 255ms
132ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=48254&zone_id=1767334&size_id=9&alt_size_ids=14%2C17%2C179&rp_schain=1.0,1!luponmedia.com,1994122,1,,,&eid_pubcid.org=12fad5dc-9841-48a9-b8c6-d3e06e87b69d%5E1&rf=https%3A%2F%2Fbuhgalter.com.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=2629d47a-c70b-4e18-88e4-343d89abf2dc&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.09543598629880545
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: e46921d54949f3f39987393827c31f8b5f5e56bf84ee36416c99958157fbcc01

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://buhgalter.com.ua
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 259
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 259 B
1 KB 324ms
140ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=48254&zone_id=1767334&size_id=9&alt_size_ids=14%2C17%2C179&rp_schain=1.0,1!luponmedia.com,1994122,1,,,&eid_pubcid.org=12fad5dc-9841-48a9-b8c6-d3e06e87b69d%5E1&rf=https%3A%2F%2Fbuhgalter.com.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=3ca90814-0c7f-44c4-bb19-843f10c6c867&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5849865271756671
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 1f73d6b64e742e4bcd71e750a85f832a0f1d7d762b5fc92071fa0e54a39be73d

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://buhgalter.com.ua
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 259
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 315ms
129ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=48254&zone_id=1767334&size_id=55&rp_schain=1.0,1!luponmedia.com,1994122,1,,,&eid_pubcid.org=12fad5dc-9841-48a9-b8c6-d3e06e87b69d%5E1&rf=https%3A%2F%2Fbuhgalter.com.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=886d9982-b881-48cc-8b84-ce25d6827380&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.748639845306186
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 8702d6332b293c371ec010fd8b9d9a6dd095305a04c071ed302fb16b6eef87b5

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://buhgalter.com.ua
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
116 B 624ms
218ms XHR
text/plain 204.237.133.116
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://buhgalter.com.ua
date: Sat, 26 Mar 2022 09:34:18 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 264 B
1 KB 341ms
157ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17184&site_id=163630&zone_id=2126352&size_id=2&alt_size_ids=55%2C221&eid_pubcid.org=12fad5dc-9841-48a9-b8c6-d3e06e87b69d%5E1&rf=https%3A%2F%2Fbuhgalter.com.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=00f5aa20-6260-46b8-a3ae-48f0849d91a0&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7592319139410078
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: f993ad8fee9bc37407c788f40a7a2b2c57732510e9d16573f72cb628cdd08ee8

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://buhgalter.com.ua
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 264
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 332ms
102ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17184&site_id=163630&zone_id=2126352&size_id=1&eid_pubcid.org=12fad5dc-9841-48a9-b8c6-d3e06e87b69d%5E1&rf=https%3A%2F%2Fbuhgalter.com.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=d5cdee21-edbb-40a7-bba6-6362be9df580&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.716361140178541
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 19b54d75ed37bfc172887462187de8421138d06f1c670b89193df19180625a51

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://buhgalter.com.ua
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 345ms
112ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17184&site_id=163630&zone_id=2126352&size_id=9&alt_size_ids=14%2C17%2C179&eid_pubcid.org=12fad5dc-9841-48a9-b8c6-d3e06e87b69d%5E1&rf=https%3A%2F%2Fbuhgalter.com.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=2629d47a-c70b-4e18-88e4-343d89abf2dc&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.42026771542604124
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: a31ddb50a6af12f251cc2a731cfb250252d3d6128471beafc614d0c464a9e9e1

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://buhgalter.com.ua
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 373ms
121ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17184&site_id=163630&zone_id=2126352&size_id=9&alt_size_ids=14%2C17%2C179&eid_pubcid.org=12fad5dc-9841-48a9-b8c6-d3e06e87b69d%5E1&rf=https%3A%2F%2Fbuhgalter.com.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=3ca90814-0c7f-44c4-bb19-843f10c6c867&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5140095201269719
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: be0636d7890708de2fad4825e28e3887e349a4396f77a99b812d26f44559edb0

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://buhgalter.com.ua
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 435ms
122ms XHR
application/json 2602:803:c004:200::143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17184&site_id=163630&zone_id=2126352&size_id=55&eid_pubcid.org=12fad5dc-9841-48a9-b8c6-d3e06e87b69d%5E1&rf=https%3A%2F%2Fbuhgalter.com.ua%2F&tk_flint=pbjs_lite_v6.7.0-pre&x_source.tid=886d9982-b881-48cc-8b84-ce25d6827380&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.054022061559616974
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 0aa21fa1c1f63563bab7e47a178f3db4ec3aebfb3bb26f7e56d12d0cdb6c1a1f

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://buhgalter.com.ua
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
60 B 664ms
262ms XHR
text/plain 204.237.133.116
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://buhgalter.com.ua
date: Sat, 26 Mar 2022 09:34:18 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
218 B 109ms
36ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.7.0-pre&cb=45823037393

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://buhgalter.com.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ 608 B
934 B 237ms
85ms XHR
application/json 135.125.163.79
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.125.163.79 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3190286.ip-135-125-163.eu
Software: /
Resource Hash: 5a4cfa79c6e9c3d58c86977c159295c3996d8884b61cd4e9f04c7575735a6641

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 608
expires: 0

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
332 B 344ms
167ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=356568&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2260f93fa0349918d%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fbuhgalter.com.ua%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A5%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A5%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0-pre%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2261f18544f5039b2%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2263eed805cdd4c9f%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A468%2C%22h%22%3A60%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22468x60%22%7D%7D%2C%7B%22w%22%3A610%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22610x90%22%7D%7D%2C%7B%22w%22%3A620%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22620x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22664fa03c62e75cc%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A160%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22160x600%22%7D%7D%2C%7B%22w%22%3A240%2C%22h%22%3A400%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22240x400%22%7D%7D%2C%7B%22w%22%3A250%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22250x250%22%7D%7D%2C%7B%22w%22%3A250%2C%22h%22%3A400%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22250x400%22%7D%7D%2C%7B%22w%22%3A250%2C%22h%22%3A500%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22250x500%22%7D%7D%2C%7B%22w%22%3A250%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22250x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2272dd32f56b3b9df%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A160%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22160x600%22%7D%7D%2C%7B%22w%22%3A240%2C%22h%22%3A400%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22240x400%22%7D%7D%2C%7B%22w%22%3A250%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22250x250%22%7D%7D%2C%7B%22w%22%3A250%2C%22h%22%3A500%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22250x500%22%7D%7D%2C%7B%22w%22%3A250%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22250x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22771e7042c9ed18f%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2212fad5dc-9841-48a9-b8c6-d3e06e87b69d%22%7D%5D%7D%5D%7D%7D
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 424e983b406e81e3fb47c353bd29bc6156465ff5f9f7dae4c53b8c97d51239c5

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-ak-initial-geo: CC:[GB], RC:[EN], CN:[EU], CIP:[217.138.196.106], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://buhgalter.com.ua
x-cs-client-geo: 27
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 27
expires: Sat, 26 Mar 2022 09:34:18 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
178 B 179ms
62ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://buhgalter.com.ua
date: Sat, 26 Mar 2022 09:34:18 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2

200

ROS Show response
pbjs.e-planning.net/hb/1/2e43c/1/buhgalter.com.ua/
Redirect Chain

https://pbjs.e-planning.net/pbjs/1/2e43c/1/buhgalter.com.ua/ROS?rnd=0.2650883950044538&e=728x90_0%3A728x90%2C970x90%2C1x1%2B468x60_0%3A468x60%2C610x90%2C620x90%2B160x600_0%3A160x600%2C250x600%2C250...
https://pbjs.e-planning.net/hb/1/2e43c/1/buhgalter.com.ua/ROS?ct=1&r=pbjs&rnd=0.2650883950044538&e=728x90_0%3A728x90%2C970x90%2C1x1%2B468x60_0%3A468x60%2C610x90%2C620x90%2B160x600_0%3A160x600%2C250...

445 B
861 B

36ms
36ms

XHR
application/json

5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pbjs.e-planning.net/hb/1/2e43c/1/buhgalter.com.ua/ROS?ct=1&r=pbjs&rnd=0.2650883950044538&e=728x90_0%3A728x90%2C970x90%2C1x1%2B468x60_0%3A468x60%2C610x90%2C620x90%2B160x600_0%3A160x600%2C250x600%2C250x500%2C250x250%2C240x400%2C240x500%2C250x400%2B160x600_1%3A160x600%2C250x600%2C250x500%2C250x250%2C240x400%2C240x500%2C250x400%2B970x90_0%3A970x90%2C1420x90%2C1420x180&ur=https%3A%2F%2Fbuhgalter.com.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFFFF&crs=UTF-8&fr=https%3A%2F%2Fbuhgalter.com.ua%2F&e_pubcid=12fad5dc-9841-48a9-b8c6-d3e06e87b69d
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Server: 5.178.65.246 Amersfoort, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ff901b835d08f449d1c8b0b16dfc0e37d49571a5e1a1747db1491f858ec9c224

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://buhgalter.com.ua
expires: Sat, 26 Mar 2022 09:34:18 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 445
x-sid: AMS-606

Redirect headers

date: Sat, 26 Mar 2022 09:34:18 GMT
server: openresty
access-control-allow-origin: https://buhgalter.com.ua
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /hb/1/2e43c/1/buhgalter.com.ua/ROS?ct=1&r=pbjs&rnd=0.2650883950044538&e=728x90_0%3A728x90%2C970x90%2C1x1%2B468x60_0%3A468x60%2C610x90%2C620x90%2B160x600_0%3A160x600%2C250x600%2C250x500%2C250x250%2C240x400%2C240x500%2C250x400%2B160x600_1%3A160x600%2C250x600%2C250x500%2C250x250%2C240x400%2C240x500%2C250x400%2B970x90_0%3A970x90%2C1420x90%2C1420x180&ur=https%3A%2F%2Fbuhgalter.com.ua%2F&pbv=6.7.0-pre&ncb=1&vs=FFFFF&crs=UTF-8&fr=https%3A%2F%2Fbuhgalter.com.ua%2F&e_pubcid=12fad5dc-9841-48a9-b8c6-d3e06e87b69d
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-606

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 104ms
65ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35985798-1&cid=269659947.1648287258&jid=137032864&_u=4CDACUAARAAAAC~&z=1062840490

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.co.uk/ads/ 42 B
63 B 109ms
68ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35985798-1&cid=269659947.1648287258&jid=137032864&_u=4CDACUAARAAAAC~&z=1062840490

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 105ms
66ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35985798-1&cid=269659947.1648287258&jid=1267543085&_u=6CDACUABRAAAAC~&z=642280486

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.co.uk/ads/ 42 B
63 B 109ms
68ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35985798-1&cid=269659947.1648287258&jid=1267543085&_u=6CDACUABRAAAAC~&z=642280486

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 102ms
64ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-53572572-5&cid=269659947.1648287258&jid=1684362029&_u=6CDACUABRAAAAC~&z=1697107236

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.co.uk/ads/ 42 B
63 B 108ms
68ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-53572572-5&cid=269659947.1648287258&jid=1684362029&_u=6CDACUABRAAAAC~&z=1697107236

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 z Show response
s.zmctrack.net/ Frame F4DC 102 B
451 B 99ms
99ms XHR
text/plain 185.187.81.41
IDSTRATEGY-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.zmctrack.net/z
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.187.81.41 Kyiv, Ukraine, ASN43332 (IDSTRATEGY-AS, UA),
Reverse DNS
Software: openresty /
Resource Hash: 743071140dce04a30ebdcae1de414e8022101c6204af037c8213d67ea8ca8156

Request headers

Referer
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-language: eyJ4LXBvc3QiOiIxIn0=
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
server: openresty
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://buhgalter.com.ua
access-control-expose-headers: X-Meta-Request-Id, X-Location, X-Meta-Status, X-Check, X-Cookie
access-control-allow-headers: X-Request-Data, X-Headers, X-Url, Accept-Encoding, Accept-Language, Content-Language, Accept, Content-Type, Cookie, Origin, User-Agent
content-length: 102

GET
H2 200 logo_mob_new.png
buhgalter.com.ua/assets/templates/base/images/ 2 KB
2 KB 42ms
42ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/images/logo_mob_new.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/css/media.css?1642162679
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: b85b745fa489a54767288f43654aa568b94813c1b46c4edcac86df0fbd0d22bc

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/assets/templates/base/css/media.css?1642162679
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
last-modified: Tue, 15 Jun 2021 12:47:48 GMT
server: nginx
etag: "60c8a174-62b"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 1579
expires: Sat, 09 Apr 2022 09:34:18 GMT

GET
H3 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.6.3/webfonts/ 77 KB
78 KB 190ms
85ms Font
font/woff2 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.6.3/css/all.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903

Request headers

Referer: https://use.fontawesome.com/releases/v5.6.3/css/all.css
Origin: https://buhgalter.com.ua
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1042349
cf-ray: 6f1ee3c74e6f83b5-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 79100
x-amz-id-2: WI0lSxIzmvkLW1wnipciT71z015NHX8Ha+lM6TN1gXI+ToUlHyoAQgBkaVbmPBzl/UmT/Nu7qJo=
last-modified: Wed, 30 Jun 2021 15:44:54 GMT
server: cloudflare
etag: "5dc01cfcd5336f696cb85da7ce53fa9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F2Q5i7jNXWw9T5ofNGD38Tb4NLMPnoF9EasR7ahJ6%2B4p1JOmLodunh0FmZp83S%2BUeTFQMRvkQLrD0PFCmouT%2B1adRRo8falliaXVHMeuc2v81stJ9lOTF7H0a7nrCLq80JQ1ML8epuwuYMGoj8RV1CsR"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: 1Q5FZ5GKQTPPDZ4N
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
content-type: font/woff2

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ecc36cc1d2a1b39c6dcc4d23c5e1c029f1d2c78e8f696e094c8ea8db964e5664

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de845987f3459366a295fa160b916e6945c7b96961d7ba73d441b03f211811e8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7c81f756187282cde04eb081009912e336f388013eb18b70b9895f4cefb6a79

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 13 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ea35c5d1362d678749f64a9e5e667ff8e8cde215869401caa753c5e6585f568f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d691477018d0f0957939aa725df7f8a979d42731cd24ffc4b2a91e8cb456db82

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09cf7684a243dfc294f30f108a7a97ad7807efebc4699aeff4baf8b94c65d749

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 29 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c52ea3c0b9b1233a70ed9ee281fec4418c13f8688c556ba31e587e0570cc2b43

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 13 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c4a5a12744673c5a2dbb3653fcf99e1d86f9630f2a49ff4aa892cc5018794720

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7535435b268eceb5a194a8a6065e853af11815cedcbe1769155617d3a8487d60

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1ccf8f543009a813c29e737c9d9b1c5348169995360fbab23c402ab35c93374

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 69768ececc08139a577e3382f14cdec2f0c549663ab259f280e2f83e709065a2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 10 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e955ea3c7cea5f641e22b09184850d60c3a4a8eef354d739ca9e0ac25daebfaf

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f1b4809c02c833ef4a89170232005bdb3b7b825cd4a1b16e1f7868fdcef834d7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 14 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7d5bed178d04622ad95cab658071133ce2ea6b1b394fd71179ec07b5de122bc5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c593b478bac40d4bd1c30ccf349c6e118c347e0ed9881ff7e70a7c5de86493e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 36bfcbfb8c235969f901acae944343611139ad8fe2ab577e907cbd2ca7cbef55

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fd3eec52805f5b6243e9fe47efb617a37254f80fdeafe26f9d39e007635e0266

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e94d0e2d56d7e7d35935918e549a374568fad167f2c8f4e5189104fa6546d8d5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 6 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c52a8264c8a4dfb27b101c226b29ed7df32bd643d17550a6aabf8d44d880c75d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 6 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca30c33aa5f114d6c4810f2546893395a3047705d5a8b23cb60bba9a157a77ef

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09bf76bf9a693f6d1ff70fb63a0f530e6d880240a4cf8b53baa070cb244852c0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 14 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d0e59aaca8c9a62d2ae97808a1d7c958012a860f486ecf0f35c73308ac3623cb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3513b034d0ecb8f59408a1ca4b9b3a8ba63c68f07f877b2e1e1f34da644afe1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 14 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1dffd59aa695c7624ba66ca5c2a1f152f44821259b74a05a3e76f59e84331fb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 14 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87a156566bf61f245a0b0d6c16f0446eb7cc4a36a9350be545fa37259a40b71a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 36 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6e337204ed03b6e4418d9b9b436cd2614831b06c4e1a9ca156d47ece9ad0951c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f77bdfc493418da1a85260cc1b790bd02c9d0a09426ed1ad89a9613aa16e5758

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 28 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 741cb5b795c866f5aef2c01f64bf8eda484c92bfebe3ee309c9ed35cd252f033

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 08e04409d774299c7ac6fbbd18203bb89d0febac102760ed40a76864a6bb4066

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6681c00074d8e62bb49a4c31444da8096a55f8830f62e4e8cf7b00882ba6cdb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 6 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b36e2f24c228d4aa3773ac182616c0cf6835f37725be8de6ce7305caa2a99348

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c30bce9316a009e9a17785731b7c5b52af0e3f3f162efbc5787513b54cea138

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d453778582484007a5a8c9b610fbe6a12a863260562fadd46f8e402f740ab12e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7704281ee0b386ac39b9b1f6ca82401efc3500b75ac160e9a46ab6246974d9a5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 061543b6ada60edddffd9f7c3f5a4fd1fa7c37e0f023816dbe1a8d4091daf49e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6aa60dd23a74b3701f5ed911709abd25ac4e7f4a8cbd13d777fda48db32915f8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd9366b123766ecaeec85d47719aaa8ddbd3b68aa7e1fae5434fec5133ebd7cd

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 159210f9ceb6561cae10aa34238d9c3d4a601a5ac825ff6d9f3e669d8bd0df0e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1b43339886c2df3f1451af8474e95a8923085ef0fc240820e7a8218110d573b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 07b382d14e2714223655f23745e8bfad2b87de32d3bc5d145403ed07dbcce891

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d285ddb67b0c0d1642d8dbc0d6c122085eaf32cc6df3f165febbb4a47d05c9b5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 10 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aac32479b7e00e374a47b5c6daeb907574805cd3320d6d2c520764c6ee96c12d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: df352596341aef158df4b1735cf3b02723951a0a584685f896ce3782f6e33f29

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 679449bd06f6cbbe46b129b5009ce6b490d323677b02fac4a62b10bdfc678ddb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 6 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4f9695de838f580539a55fb51b39700729e469625f429ef612e7e3173bd004bc

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83f2963ac96def32a52b88d46767a0e6b4f7d5deeabe40bdcd795ce25b99217a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b35b72ac1876a9d5ec1b9955529f4070e971ce9439a1394970143145b499117f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 57433e1293341458165bf38974563d349e5c2116f089af926afe7bf6a4e4a49c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 18 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b61c483c1ef272649d59390899f6ba6dacc4a0047fd5f31fb66a5a4bcb5af0ea

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 30 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3492ab3d262a82e24fbabfecd777c0800964578ca1e00a363307bd3e590dc77

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 110b303089a71f1b1c392a22406acdad508b9b0d39a1f39626827e86f3a5a78f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9ce75ed467996485eace448fc8554374409488e31678c2e1efb995c77449c0e4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 10 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a56602d44222ff0e9c9c9d8faa30c87de0a0b053145aff4a43be4588d216157f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 6 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3971a86564fe25b2262b78bf830d8af076f7cde4fe7b2167585b38571b3f180a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6689b10d16d6c6f738c2fae6e209c53d7b4ad2d597ba712e0ecc2f1852a280ac

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e027435211ef2a57f103c525775456d802bd6ad5acaa62117d45e10930c7af7e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d4c5780344a410ba6f301b65ec5a0fff84b5ff87bdf3e65c7f6f52958beba7e0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 188fc2045c73ceb0931b06357ec5c0a8c0b93045b831c79e557c25e4c8959d01

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 75471d692aeb9322e75a041dcb0c363657eb51db495b14d5555c5e7a907fa799

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 07ab47c07bab62e7d7ff7bc8ec64936785a7e488438074dd3510227aa5c466b0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ffa2e149a7cb4362696d47b85863b157283c7225b648bf0ea43e0591165e4c2d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7ec7b8677014393b78f8e512a7b08dd6227d6d54fb6c145ab0ccc5a71b11600

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82a4df0a6f0f70b0df90aeef7e01e356a0a5859da073e4139145dffd0844b226

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 489 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84d368b23e95809600d8e96a8532cc3b88c49cecd69a058d249b4ec0024073ba

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1862f5fa7dd3945e2bab43995b64fa4f720581a0b070afea4dc9431b9cfabd8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 1000 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3d7d3c47dc2ed2229601da34d1b8d1a9f7e7405e2a495c582544cd4fe82dc20

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6356465097a91fe7436546d26b9a0575a5092cdea33572d65d1ee447777890c5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 14 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52db729bbfda2646c18d63f4ad32c8bb07ab396a30c8cd49b22d0481af5310c2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 13 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 625614d0c74d2cd49b55966090b740556a74d6f81fab60a6ba40cbeb2a328ebd

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a18472ae86a7b20ced524d98ed60a37cc38d222dd6891200a0edcc335d3d9350

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 arr.png
buhgalter.com.ua/assets/templates/base/chat/img/ 1 KB
1 KB 41ms
41ms Image
image/png 136.144.183.196
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buhgalter.com.ua/assets/templates/base/chat/img/arr.png
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/assets/templates/base/chat/css/main.css?1625654744
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 136.144.183.196 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 136-144-183-196.colo.transip.net
Software: nginx /
Resource Hash: 40cf551965abb3907196d630825291b27d1b77dd499bbbf12e07905a25afcf59

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/assets/templates/base/chat/css/main.css?1625654744
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:18 GMT
last-modified: Tue, 13 Dec 2016 08:59:45 GMT
server: nginx
etag: "584fb881-490"
content-type: image/png
cache-control: max-age=1209600, public, no-transform
accept-ranges: bytes
content-length: 1168
expires: Sat, 09 Apr 2022 09:34:18 GMT

GET
DATA 200
OK truncated
/ 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2ee69f515b17f5b570b287e1d92f35e94e76139440dbd97db70805430ffda58d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 16 KB
16 KB 133ms
42ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://buhgalter.com.ua
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:33:18 GMT
x-content-type-options: nosniff
age: 273660
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Mar 2023 05:33:18 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 4CCE 0
15 B 41ms
40ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://buhgalter.com.ua
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

content-type: text/plain
access-control-allow-origin: https://buhgalter.com.ua
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=0
date: Sat, 26 Mar 2022 09:34:18 GMT

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
122 B 100ms
50ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=buhgalter.com.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 97ms
48ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=buhgalter.com.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 247 KB
76 KB 692ms
691ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1896040571986838&correlator=908643554406658&eid=31064151%2C31064688%2C31065546%2C31065802%2C31065787%2C31063247%2C44761143&output=ldjh&gdfp_req=1&vrg=2022031601&ptt=17&impl=fifs&iu_parts=141806220%2Cbuhgalter.com.ua_top_banner%2Cbuhgalter.com.ua_bottom%2Cbuhgalter.com.ua_right_banner%2Cbuhgalter.com.ua_left_banner%2Cbuhgalter_catfish_banner&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=970x90%7C728x90%7C1x1%2C468x60%7C610x90%7C620x90%2C160x600%7C250x600%7C250x500%7C250x250%7C240x400%7C240x500%7C250x400%2C160x600%7C250x600%7C250x500%7C250x250%7C240x400%7C240x500%7C250x400%2C970x90%7C1420x90%7C1420x180&ifi=3&adks=1472868681%2C377900176%2C2541184592%2C2347727364%2C3757304322&sfv=1-0-38&ecs=20220326&fsapi=false&prev_scp=hb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST&eri=1&sc=1&cookie=ID%3D3f510d12f0aa8ce9%3AT%3D1648287258%3AS%3DALNI_Mblq5-9OOUoLUZ2_DNWWopUinTEcA&abxe=1&dt=1648287259015&lmt=1590667965&dlt=1648287257277&idt=974&biw=1600&bih=1200&adxs=315%2C500%2C1160%2C210%2C0&adys=40%2C2862%2C889%2C1373%2C1200&ucis=3%7C4%7C5%7C6%7C7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fbuhgalter.com.ua%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x-1%7C620x0%7C250x0%7C250x0%7C1600x-1&msz=1600x-1%7C620x0%7C250x0%7C250x0%7C1600x-1&fws=0%2C0%2C0%2C0%2C512&ohw=0%2C0%2C0%2C0%2C0&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=269659947.1648287258&ga_sid=1648287258&ga_hid=1322719615&ga_fc=true&btvi=0%7C2%7C0%7C3%7C4&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

522126d69977610f6b11d5095d015fa663564e3d65dd6574de7e07eef40f5c06

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJrhw8S84_YCFaKCgwcdRrMP2Q&gqi=&layout=/sadbundle/%24csp%253Der3%24/9177425597507305472/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJrhw8S84_YCFaKCgwcdRrMP2Q&gqi=&layout=/sadbundle/%24csp%253Der3%24/9177425597507305472/index.html
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
google-creative-id: -1,-1,-1,-1,138381187050
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77420
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,5924045903
pragma: no-cache
server: cafe
google-mediationtag-id: -2
date: Sat, 26 Mar 2022 09:34:19 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 group.php Show response
www.facebook.com/v3.2/plugins/ Frame 5A30 53 KB
16 KB 100ms
99ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v3.2/plugins/group.php?app_id=1264355410382750&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df94b7cbc252df4%26domain%3Dbuhgalter.com.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fbuhgalter.com.ua%252Ff1199fb2f43bd1c%26relation%3Dparent.parent&container_width=250&href=https%3A%2F%2Fwww.facebook.com%2Fgroups%2Fbuhgalter.com.ua%2F&locale=uk_UA&sdk=joey&show_metadata=false&show_social_context=true&width=250

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/uk_UA/sdk.js?hash=dd5885b753d5d38845c72a7ee4bcbf57

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9f9616bd459c26508ca3fe8b275542833b28014db6945057cf653096e852275d

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: same-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version: v6.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: MbSf+Cnmb0idKmcbLlkVh+FRmEW3noYcAGs900D+K8yJ0a250neq1Erm//HS1ihNt+wnVOFrVx3/G9Y9/XhYnQ==
date: Sat, 26 Mar 2022 09:34:19 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
11 KB 149ms
56ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022031601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

091f75843fa6d5fafb4594bcb2f82870f8c01718d8fbf9ed69cefda61209b24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10471
x-xss-protection: 0

GET
H/1.1 200
OK info Show response
reactive.factor.ua/buhgalter911_chat/ 79 B
446 B 163ms
44ms XHR
application/json 37.97.131.40
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://reactive.factor.ua/buhgalter911_chat/info
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/sockjs/0.3.4/sockjs.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.97.131.40 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: 37-97-131-40.colo.transip.net
Software: nginx /
Resource Hash: 03869cd6d14cae48424868c0f3e452d319e96a8a501cec7e902bd5f23025ae26

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 09:34:19 GMT
Server: nginx
Vary: Origin
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://buhgalter.com.ua
Cache-Control: no-store, no-cache, no-transform, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 146ms
57ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Mar 2022 09:34:19 GMT

GET
H2 200 _mow9f44iuT.css
static.xx.fbcdn.net/rsrc.php/v3/yv/l/0,cross/ Frame 5A30 810 B
817 B 146ms
32ms Stylesheet
text/css 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yv/l/0,cross/_mow9f44iuT.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v3.2/plugins/group.php?app_id=1264355410382750&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df94b7cbc252df4%26domain%3Dbuhgalter.com.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fbuhgalter.com.ua%252Ff1199fb2f43bd1c%26relation%3Dparent.parent&container_width=250&href=https%3A%2F%2Fwww.facebook.com%2Fgroups%2Fbuhgalter.com.ua%2F&locale=uk_UA&sdk=joey&show_metadata=false&show_social_context=true&width=250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

11c218596cc6e20a1492060c81a96ba6b4c3e1e2b3f574d42ee5aed2a807c124

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: yEClpGUZnZFPUohyjdJ/UQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 341
x-fb-rlafr: 0
x-fb-debug: zv2P3/Iein7V9K3hNgecFqviO79GOnFSyDsqnqZhr8iU74AThkOLXEK7Oi4pT2ETIa3rRTGHsKt07ycLfCq5xA==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 25 Mar 2023 11:59:48 GMT

GET
H2 200 GeCwpLHBMSq.css
static.xx.fbcdn.net/rsrc.php/v3/yh/l/0,cross/ Frame 5A30 19 KB
5 KB 146ms
33ms Stylesheet
text/css 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yh/l/0,cross/GeCwpLHBMSq.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e9fb5f5f6ba8da8fb9de92a701ab1fc022f355e78bc52769b19cf78e04f9dc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: JlgKX24pStHz8NFTSOLznQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 4842
x-fb-rlafr: 0
x-fb-debug: Q8pJGgxomup8badXKGWMu00kwFMN5cqRfrwa/HzFYg+IKX4qT1XmBfwmeoo9u1Ew1aoKVL0oPmWZ9/vWjISo0A==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 25 Mar 2023 15:27:10 GMT

GET
H2 200 FPdNN1TK3wJ.css
static.xx.fbcdn.net/rsrc.php/v3/yF/l/0,cross/ Frame 5A30 2 KB
1008 B 146ms
33ms Stylesheet
text/css 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yF/l/0,cross/FPdNN1TK3wJ.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a33a18d3ade364ae94fdc88f786c869ff8b45cae9bf98f2e2a16dd1459d98cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: qki4Wy05mlz5CwH9oqDKag==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 815
x-fb-rlafr: 0
x-fb-debug: pOV3PxbQ+kdyfH6/bA40PC80dDpVF3+k9n+LnmUDKfs/scaJ7PgMwteVJDq///gcxK4uOEyXrTSP3gmkgYjVlA==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 25 Mar 2023 11:56:24 GMT

GET
H2 200 TZ9-7ckX4iU.css
static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/ Frame 5A30 20 KB
5 KB 146ms
33ms Stylesheet
text/css 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/TZ9-7ckX4iU.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e70443a7798166983565fe94bcab241e83fcb96dd4cea4bece170b4c4a308de1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 8LPsPQ2dMxTnygxTegu1BA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 4593
x-fb-rlafr: 0
x-fb-debug: wDEMUoa0jw2GLZx4YI7sfnRuYaQiyWQLmcVf5WROhmGKQscUIaUY1pvoK6aWfxsxEQuOzjZx2s7wPAfVnO6uxA==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 25 Mar 2023 08:31:28 GMT

GET
H2 200 _RlnFb6YbRm.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y6/r/ Frame 5A30 307 KB
83 KB 146ms
33ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/_RlnFb6YbRm.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8c376014be979d78b7b6a1cb77ceeb4dc39d4762316be13e286ab9627453a01d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: Wz0fUq1S0PlSuxLp4IT46A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 84480
x-fb-rlafr: 0
x-fb-debug: kI/oC/CjKezMY2evMfG9p7NKS/7XgNjW8zt29ozNEobRE4yjFQzDVaIiX9Vvmf+By4sB+tRdy9vvahEv0vxo0Q==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 24 Mar 2023 19:30:32 GMT

GET
H2 200 GG1Y0sYc7My.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame 5A30 5 KB
2 KB 146ms
33ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

de934a085817710cb3bbd98d33e5b0c91709425d89eada2a2c55909c8b3443de

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: yJ9Wq2491L53MWugs2kUlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1642
x-fb-rlafr: 0
x-fb-debug: 5qcz9LX8d38PuBUIOGXEG2+fhf8lvMhcArfMl9XN/WY0/T4VobdPifK4f+Zux2pHqbbF6iyWxhUKGdl4ur4xzg==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 23 Mar 2023 23:07:57 GMT

GET
H2 200 bn5IKAKfOiU.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yi/r/ Frame 5A30 42 KB
14 KB 230ms
118ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/bn5IKAKfOiU.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f957f0996053d409ed93207c211a1538f97466ba02605ed96fa6a66c42cc1c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: f8Otbo9uUTQ4mUqw1oEruQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 13686
x-fb-rlafr: 0
x-fb-debug: 5ko1Far/KpM1+DvwV1dYE1cNCrJEEmG74X3wT5+tV4WAKGaQSb0SzhAkNWDzAbmeeaGykoycsPSR7Zqazc155A==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Mon, 20 Mar 2023 17:17:55 GMT

GET
H2 200 gZafJ_MF82q.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yC/r/ Frame 5A30 49 KB
15 KB 209ms
96ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yC/r/gZafJ_MF82q.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5869f8b7a0c1419b0f8793234ae47779f4e1d46bc1aaf914bd037fe55d84ae6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: jmPv8gy3vfAa+iebuZyWGg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 15488
x-fb-rlafr: 0
x-fb-debug: zv0Swkr242nHlIUjIE4n2QkZSzoXOZeCwFccaMajbrUXcvAbo9h24s7sfrF9p5pCvOfnGauKrgfaQAIaYi2Saw==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 26 Mar 2023 00:51:12 GMT

GET
H2 200 F8LQ5-eKZbo.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yc/r/ Frame 5A30 4 KB
1 KB 209ms
96ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/F8LQ5-eKZbo.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

96e970758e57ddf48726b2e8a9680be23ae650acbaac94d68935c36a781fab52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: EmBvPivseOlEhX4pDcPOLQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1113
x-fb-rlafr: 0
x-fb-debug: HfpBnKG+BgiuCBAcrXeDZ/f91cGl3iL8c7D9gHzK9p9YC8a+KE/p+Sm8A8c6n0LEHo4oQevbzMwdDHv1GrHA3g==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 24 Mar 2023 12:59:18 GMT

GET
H2 200 201217635_5654539184618609_2513873357703081699_n.jpg
scontent-lcy1-1.xx.fbcdn.net/v/t1.6435-9/ Frame 5A30 8 KB
8 KB 124ms
53ms Image
image/jpeg 2a03:2880:f067:e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent-lcy1-1.xx.fbcdn.net/v/t1.6435-9/201217635_5654539184618609_2513873357703081699_n.jpg?stp=dst-jpg_p130x130&_nc_cat=107&ccb=1-5&_nc_sid=ac9ee4&_nc_ohc=AwdeyVyUnxsAX8emzTk&_nc_ht=scontent-lcy1-1.xx&edm=AJ9j6YYEAAAA&oh=00_AT_uUwolS5chSTmJQMZQrrJ3KvUCNjDnzGZrMmvcp56XTQ&oe=6266357F
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/v3.2/plugins/group.php?app_id=1264355410382750&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df94b7cbc252df4%26domain%3Dbuhgalter.com.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fbuhgalter.com.ua%252Ff1199fb2f43bd1c%26relation%3Dparent.parent&container_width=250&href=https%3A%2F%2Fwww.facebook.com%2Fgroups%2Fbuhgalter.com.ua%2F&locale=uk_UA&sdk=joey&show_metadata=false&show_social_context=true&width=250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f067:e:face:b00c:0:3 London, United Kingdom, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: dadc342d66fe74c55e27087590362734cad1eb09b0b788032e47a8211252f99c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-haystack-needlechecksum: 3724070233
date: Sat, 26 Mar 2022 09:34:19 GMT
x-fb-trip-id: 1679558926
last-modified: Wed, 16 Jun 2021 06:42:07 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=2148807180
cache-control: max-age=1209600, no-transform
x-fb-edge-debug: uYNXh2UFQf3cFvODblQxP1dmSeIPZsGLJSmEwD46VvGBXyGvP9T6QOw7EQ82kH1avELWs9ZXz0AHbWKD0qkSHQ
cross-origin-resource-policy: cross-origin
x-needle-checksum: 1476050430
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 7797

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6709 13 KB
5 KB 186ms
45ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Mar 2022 09:32:36 GMT
expires: Sun, 26 Mar 2023 09:32:36 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 103
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5EF9 783 B
536 B 54ms
54ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4484ae41809aa87df89b8091f08b0c8620c7a26b4bc6c38c84fa4f76e6bbb01c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WpDvORuLP5p1l6RkOC+2zw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 26 Mar 2022 09:34:19 GMT
date: Sat, 26 Mar 2022 09:34:19 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-WpDvORuLP5p1l6RkOC+2zw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 yZaM3V4JGqp.png
static.xx.fbcdn.net/rsrc.php/v3/yC/r/ Frame 5A30 434 B
486 B 40ms
40ms Image
image/png 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yC/r/yZaM3V4JGqp.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yv/l/0,cross/_mow9f44iuT.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b003d9352600682b23649cd757ca88a601667ccee1cd9e78da932862912ec0d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yv/l/0,cross/_mow9f44iuT.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
x-content-type-options: nosniff
content-md5: +8BW+7oFwjlER48ze9yVlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 434
x-fb-rlafr: 0
x-fb-debug: UboP9X3W/XmnbYYQl3FpHxZBpB0ADDQmjChPFktijRMy4XrxX1HhxXpWGo89/yBE2LERaMJmwG8x5EBBgp1EQQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 17 Mar 2023 05:11:23 GMT

GET
H3 200 SQdp1QIZvnh.js Show response
static.xx.fbcdn.net/rsrc.php/v3il1s4/yH/l/uk_UA/ Frame 5A30 83 KB
23 KB 44ms
43ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3il1s4/yH/l/uk_UA/SQdp1QIZvnh.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/_RlnFb6YbRm.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4c79b7769d37ba6aa2b8c0f48052c75287819ef2343659ec85122e9247819b7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: i7dqAGdtCg6CfAgajIu49w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 23080
x-fb-rlafr: 0
x-fb-debug: sPQ1AIW5RzY3LPaERDIr2Iu10scQrYNTJwcqpx5hi2Q6lTpDd3BwDxLiVCBq7Wd6hfXBlbQ/5j5lSvHSLtwM6g==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Fri, 24 Mar 2023 19:37:45 GMT

GET
H3 200 HUpsRw4A4la.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y0/r/ Frame 5A30 21 KB
7 KB 48ms
47ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/HUpsRw4A4la.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/_RlnFb6YbRm.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

662dae67065bef1763ed6d671404e7e86e7488a05c82147f7e2df1ef1809b1a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MiMMzhtCdKcDEaRbkM9vBg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 7041
x-fb-rlafr: 0
x-fb-debug: e815+ZwbOVLbT/0wOkoTY22rFrHmsyGJXdODrQbztLvtJvSiaEZyF5sn4Xv+dn+uko6/NVqMINfTDiClw+o/Tw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 24 Mar 2023 19:30:17 GMT

GET
H3 200 CWJINsGKrOS.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y3/r/ Frame 5A30 18 KB
6 KB 45ms
45ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/CWJINsGKrOS.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/_RlnFb6YbRm.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b0dd739c0e029cf3ccc53afcfaeac9d062ffe27325823314d830689726c8a034

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 13jUvIkjL6/WDwDC8XNWKw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 5954
x-fb-rlafr: 0
x-fb-debug: s3BSQvrvcOeT7LAS0J5LkMIamWQnl7+qwdU6bGlEgZyJ9lugzvKNgOT5sIvLrTtZr5FRBSq8MmhzzB8rKABS+A==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Thu, 23 Mar 2023 20:28:56 GMT

GET
H3 200 KWY7Edb5_DT.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 5A30 7 KB
2 KB 47ms
46ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/KWY7Edb5_DT.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/_RlnFb6YbRm.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4a724ff2a95b5a54c343317baf6090f082980a1989788544c59c24c70f0e125d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: Eoz73gpLVGWHqQXnDz/66Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 2272
x-fb-rlafr: 0
x-fb-debug: bb4Ua8JpzQSCTzuqTgUL8dP1tSnHSLDqWkZ/UxzIO8WKpH6BmbBO4ywZaJhD43w3wvoZTlwmJDsOUupn+Nahbw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Mon, 20 Mar 2023 17:14:53 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5EF9 0
0 138ms
88ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022031601&jk=1896040571986838&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 container.html Show response
b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D10F 6 KB
3 KB 102ms
48ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Mar 2022 09:34:18 GMT
expires: Sun, 26 Mar 2023 09:34:18 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js Show response
pagead2.googlesyndication.com/bg/ Frame 6709 35 KB
14 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 107
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13806
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Mar 2023 09:32:32 GMT

GET
H3 200 container.html Show response
b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0136 6 KB
3 KB 41ms
41ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Mar 2022 09:34:18 GMT
expires: Sun, 26 Mar 2023 09:34:18 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A1F2 6 KB
3 KB 47ms
47ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Mar 2022 09:34:18 GMT
expires: Sun, 26 Mar 2023 09:34:18 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 24B5 6 KB
3 KB 46ms
41ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Mar 2022 09:34:18 GMT
expires: Sun, 26 Mar 2023 09:34:18 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E829 0
0 78ms
77ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv6Pakk0lQJUIY-C1NgYf_mxpcD3UJlxXM3ietMk9I3xaW4xX04ZyE0ekDHurv2F4VaddTkO3XS9oEqJn5IG-1jfAf6nOc-sHZgFecpmSh1DPHW5mCxzA7nS-2bIWELsD_pj7abt_zYgSOrSFd8Xzkp8svYfjwF2WZPXd3sWnVO8OhzF18URkknpb7iX75ELj6ZyC1gvLWIw7zK0vCNtSkyWaA_J3e6aFGDfYJHviI-uHujq80CVvOXpYCVcWsB6nfBR5azgCDmX1pbx2hO4fuamGwcn9N6NcUvJIwYPp54gZr7lmcCsJ16GgMfhvZ88iLEF07_ntQ&sig=Cg0ArKJSzMoD9nI-UwHhEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Mar 2022 09:34:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 invocation.min.js Show response
ad.invamia.com/invamia/ Frame E829 25 KB
8 KB 242ms
35ms Script
application/javascript 185.180.223.67
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.invamia.com/invamia/invocation.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.180.223.67 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 185-180-223-67.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 1fbc78a20c780db9685ce47c142da7eb89646b34d6e65c21eed7c365bb4601f1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 16:48:38 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"61af9066-63bc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Sat, 26 Mar 2022 10:34:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E829 119 KB
36 KB 110ms
61ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Mar 2022 09:34:19 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6709 0
9 B 41ms
41ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?FIyvxQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H/1.1 204
No Content multitracking Show response
ghb.adtelligent.com/adunit/ 0
204 B 60ms
60ms XHR
text/plain 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/adunit/multitracking
Requested by: Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/457857/hbw_master_299506_4371.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://buhgalter.com.ua
Date: Sat, 26 Mar 2022 09:34:19 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive

GET
DATA 200
OK truncated
/ Frame E829 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad06b2972fba4a8c1e4277d1b62ae1738724d1e2c68057aa60ccbd8975315e81

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 51DA 624 B
297 B 53ms
53ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbsERDvjosCGLDprsQBMAE&v=APEucNVKDrI2MlIl-JHjrmMMMmgZHBXLI67pj5HNJ__HiKpHF53rydcCaipXUV9PhZZtKEcmZaqUaYz7iCJHyBPhLYBsZ1IyB0nQ7M5yYsmlvXw4fUzaF3h_clWFgBjvH51kfOOnnySKtb1-E-DHh-RH9N9H6s3aHOd1g9YCC8s86uzoEBxbiEc

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 26 Mar 2022 09:34:20 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D10F 64 KB
31 KB 89ms
89ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bc0krI8YjRhwhIucl9LLgwtd1q5TBzPc_1hJZwVgpZHxSZtbrCqcRkX9drWTSWgqGNj9pWw0dpcP_H_dABQM7wPYA0Jz5Qrl3teI46uUzHAykdunjlY_PlwBuV93fpizJkKc4RdgMdNsfaZ81Msn4zSM2xPQ&dbm_d=AKAmf-AfMvHDGlW5AERYrqiKWiAG4ik_huoMNYVVlNWVK3d8kOYTO_EpIhYbALvrPWd4zw7tRzS0_O7D6zYny1pRh9tyli6CtYZtM3nrgQFC92OSiDpAa7HPum9UIJ9qGsVoHaUeg8HNuJGVYQb-I3eRW8wByl3acR3JYnKdZDBfCRQnM1Q2u7cKfPsIer_44IMzFpihMo_423czq3H3WJhnOTJwnfogEfYdJd5sQEFOvXh8MnIeXRmj0auykfbVSyh47zqprIB8EHAUDDV_qD8mAtrO9ND8Gn0Nsx0sbrkcH7Y0NnCjPxyrDkHvVg5fAbWcGDWRe6O0pbpS_okwDoTiSjC7zYyv2_zmoVoDzzfyFU0rvE5_EkPiCwPx-NA2k6eLEBmt3lCsJW-2WtHWZf4sM0CSW0qY0x7MpdTnSmkZ-fbNqvH7mEp0RgqncspqurmKRZFcupPWSoXwi-dcG7xxBDI4UvD1aCjjTvQhqYI7vTI3NhhVN11sRx-rTSOBwDeVciIn05Auv4jpjsouBiURJrB8Yc5PqW2O6S-fKfsVe24d3vpMsfSma17Wl8fkRsT6uodyh3gPlBz5-urNwOkJGWuaUmlCMbB7LxowadPu1qaXlKeZfGD8WD9draIp1a7rFJ6EEvobd1ZJDSAgHr8ykOPN9FgXGHCTBOCrzDIaiXW1PUgsNX2aYMMfHEOr6V2UfFCFUH8KAle_QlYInYZwyuQSBrqt_sKuJkWGMCQU5IZVegVKHxNhnSJHxC5f9xzylzxtvM-6K2roINUWsQlLMcwoFoZ3lpkdHORVzYt4jGqaVVL7mr_9HzDTz1Fp8XEgq8JGU2OqEm_yvCl99spoDPnUOLzg4X8suq520Nl3cb8IkXenRTf-SonpKuNMd1kl4G7X5UnQBxRDcjjHQfmuddLroi_p_Y0AqnaLYp6AcBHLCra337cTdDV8WjIJXeP9Z1pOG9dhFbk3WIsBzjbTJKhhBl1YhxvJYxsG0yt9Axu_8Bjjnf4CjXVQ-lpORtytVPJd4SXg_24MXz_FVdHgYvpgrxhwarxmmFmJNLDknXgiW5X3Cq-R5ubvZqVsFn52673QEYv_KCD_WSsxOAw7LApdMaBZ6vwKRkzXMgvemo3n4RkWiwL_7HJ6O48EE4C-PppYQDv749gVrLjzje0nf-Ew8jlQuPhHesuxXHSq86F9JGM766noYGCJw49sGbfsjnGAygSSr0bqqw8NnhlD8cGcoB84KPD7qQoN8RHIhngudDtdmAwKq4__VdJV1vio1XvMrJnZddJjJihpI81B96ESIMJ3dqrXgdtdVx7nWGNHDfKqOao5NYJQk3P8APFYx0FyNfgPDHSqoh3pOh0A8zsNrbeJX-Ag1ui4TCh1xTykbVoe6EoRytr2FBNTvMsPMx_9eEKsRISrxjXeZIHnGNyl7sLVftP_fqgMi-MCQMme_1NUYUt_wq9nW9WcW9tV_KW0W45mpKqQwUVAehYP63O5PuFiY9PrpPBVbYETpDKwahZ77b8wMBCLm3TL5djblrn-iD94V0FEIphP8JsvZoL7JDkbjVDiHgxLbHAB6xtXvRted6CxcCMTZDuVLeTlpCMkYjzS2NFOP_RocohYkEVGagF1PAB2Lrzx-5MLJrM4C3cIcl6d43NKxB75syMYJBH9eZ8_mFa4tYXczwnDruLvo8CRRZ9SkJGVDx2x4t8mtnTk9P5Zmr5OomllPnKR0cZpcsL7htNKeuo85Zr3w8eW88VJhSq_EmvLWQzrXLlGTBbxUA4krmug1E3SLIv-uep_yIDySfiCVDj_jpO9KzcpkjOvu1EbKNbJ-9Ks8lGU5tvDnqWiCAKaS4WSq3cK47R00jBT7UBolF2CzM-gHlsCFeTITNA3kAE0476WpxXBL77F6qQRZGpg66m2Wb7VrdF0t2GCxd7TTt0sQPbNnjCCG85_DIsXshDfT026_MNRJkxDHi1AZ_O7pjM8OawoumBCNxCZYSL-n358D7C-Xg2-pbUW6e3ooPxnOJDKs7yOrYF9rkq0H9m8Qn3kS8FklEof7czag8TLnmThDjOjyKIQGckdD-Y5Wlbi6xClpxfJYFCdQoTvjSdFDr826zWAavkY3M6a5doBxzEj0obJervXV9oJZAadT76VG4Hc995DFMD9dRKSB9ythCk3LN0WcDq3ESZBGR4Zx5G3HV-lQWyo-k8_6LeOxjwGkFzzz8wdLxdaDAqy5lTbYrHs-eGf5JSvdTdfgII6CmqDdHRg5PKTa8jTW0ntM7GSo8CElEHanHnpZ7we32eTzw90sNG6JvDEj6BjZgT45c5O_Ujo7qxxI49tgc2G4WHXEDZlomUGtsc_nDERSu0vO2u_J4v2LMVUHSdjlTmEkV0zuGdElIe7wHdCtwctOztitO94aCXqcdYaJa4uHhLg904oRkqwUf2rWxw8NGOXfP06iAV0nuzpKl7gZfmTFHudbCqKaM8vq_KuL_ItxbkmAxCXhmSIeOjzeCzjr30HcHNgNJkWbXQWV7Gms5l5Rsm35menEjQVomcsoCckgsGsw11D2BAGeBa7VoHnLa9b4D1hLty4qOFKheQ_y1AmJxaMhMd6SNLfpmenNZxU84WAaJFE-nsxNWwIBPaUVSJoTTPgIvmV1XXPlQeF2wGUxvP-ZyoxO8lWlO-clkCVTNq-_0C0VMQkA4ebGDt5l70EGc2ZfMOeenFIJS5SENDWjOR3QrOp1owNu_T_up5QXFae1GJ6TcAr6fj85JFswHsn5Tra8f6X_mtvksTNiEg6bjfyYdxKMB0fbLcpec6QeoEVRe_rmIZs94Kjr5oJK51rTq1LWmK6FC-3UbQ7gEVrRKVVB0wd_oANeOhXP9tU_RDF5fpSPhjsZxznj8QPfbPKld8r7tOacxHTEDDihBzyNRic-pe9Um15jxL4hx_xcqD5NtSUT7FIvcdPuDL-y4ZadqIEJ2iTVxPb5Ubfb6JAstMpA4RO6hNnYQXS21_1BqUfyo27kynWVvUefleyT7v_aRR5L4tklMATBnE9D6dHKTumpeoJ9XQVRTNgEYtRweZQ_S79IsI_x7FF5cC05EnklxkwSdnRzUxseMETvhGZ8_4vquGx79BnZ8NpYCcWTFXCDXoaH9Zegc-ghBKEs2ybApZXbJ3SKP_PjbAdlDY_q6pXfAJL_TRimtHx67iYf_-_iXAlHokiWDd7DsR780J1d6haDpcZ9nShOQ1saEHqIvVB4UMK-Bbr7ceuaT0mNNOfcyy-weXrtrl0tTc2WB1UXGFHGjVa9AaZzhOQ1qMiSnk7nKHkgtonyKqtpLlJcTfeQg6nnGmB3CBtMb-9&cid=CAASJORoCKD0IxGJxNut7gahT5Cg8oXvCCcJEsgCzNL6QTvuSc2jAQ&rfl=1%2Chttps%253A%252F%252Fbuhgalter.com.ua%252F%240

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

31de094cbf59f91f33bea1b06c93e71570b87b8f1ac4bc7a7a0c0b753330a8b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31737
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D10F 42 B
63 B 76ms
76ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BdV8GWEmBmwmIXH_GGbI82SIccazuJ1NhnQ7WCnnWVcAqZJ_7IK0JCqrt45r4neSGLOZCGxGQVldOR9hhBx2a_KW0WaVY1YhADIWFV1wEBigJuitM

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame D10F 2 KB
1 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/window_focus_fy2019.js

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:30:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:30:35 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame D10F 15 KB
6 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:33:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:33:30 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D10F 0
0 49ms
49ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSSNi1kg7S043qevU-uj6E3fdMs-GJL2swFvjyvAb4sKh4gZOWR43Ob9heU9ujOnIYSfxqnsauu2McGyMPVmBrudlFwLQ
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D10F 119 KB
36 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Mar 2022 09:34:20 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4885 640 B
316 B 55ms
54ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6tv8YCEKjp3uQCGMzA9sIBMAE&v=APEucNUUVe-p_sNvPGGhHMWYLMSKy9rveEjcJNJKeVhZJ8k15R1w5PWJjb7KCsbRiaeccFGT4FnLpV2f8YlvCq0kACa5CArbcqI3gv2Lp0kWi9_wM9JOnm5oerX_37eELO-nXj7JtseknvHlod1ISBAA8KvvMPoysjutzWZEB8_PEzCCS3g2-PI

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 26 Mar 2022 09:34:20 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 8A56 106 KB
38 KB 150ms
39ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
Origin: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 14:41:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67957
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 26 Mar 2022 14:41:43 GMT

GET
H3 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220323/r20110914/elements/html/ Frame 8A56 6 KB
3 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220323/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:14:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1210
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2626
x-xss-protection: 0
server: cafe
etag: 8548655983161038638
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:14:10 GMT

GET
H3 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220323/r20110914/ Frame 8A56 19 KB
8 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220323/r20110914/abg_lite_fy2019.js

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:11:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1394
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:11:06 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame 8A56 2 KB
1 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/window_focus_fy2019.js

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:30:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:30:35 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame 8A56 15 KB
6 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:33:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:33:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8A56 119 KB
36 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Mar 2022 09:34:20 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8A56 42 B
63 B 74ms
74ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BDYKPJd-Gs16Uf2EedtAZpEHx3bfVcVoz3QjeveBxfZpGUbS0Z7nSjUPkri0J5hQULi7rY8zvltRkzJgxYG8lV1c12NobCIzfIH8b0dr0D6HoQs2A

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C822 499 B
334 B 57ms
55ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCsqIyVAxjv0qLCATAB&v=APEucNVKZIMeUjRTz0lQkvjPAL7z3pNyUo2NvCsdKOdZJ_-6fiGW35ETU7GoomI-YrimCQla6NKyo9oDAWPSRfGjdzjvH3NUcg8NrF8HP9WmayaGv-KTD0lhc6Hnl91ThcVJbBvh7yAer8Yfsk6Ejv8FnRBr1xQVMqVMjqeKfpCd0oSydZa19Qg

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 26 Mar 2022 09:34:20 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A1F2 14 KB
11 KB 95ms
94ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BG3Hkh69N83zCoVoe0eysR_jH1gaOe8TolsNJ5Gr-ZABgTdf_1eWYUD0CpM0mGBYSuVtjNY8wQgJjMaGAtFGD_VWBESt7UOXcJ-9NaT6QKKdGHRl2ttowB6JZE0xKk8g27pnUZGBYAMtIthO7X94VdSS9AhQ&cry=1&dbm_d=AKAmf-DMvDqA1LEFDy4zWscbHjBmi2on6t31-yWqnD-absHsBfSPZZoay7XitcjpQZ-HIOTZVHRHm87xxnqSuvZCZj-jYesi7eMhgE85Uag7Md8GO-zoZjFojGiJNovBuEzCnmY8cKS2E4RUcypCCdrXje7EtyrjM6ly2KmOJcokw9zrZxFctpk_z1hPHnhZlpkJSvS3FZzhPspcXvAaaLGerY77yBu-q4Msk1w1-UxXs0ZLh3_qLlHeaOauwg8Q_VqHNvzbdfdHwwX6NRCrxD95_Ih0g1yuIhvlHNS929OnGts7U58kCaKLm_mDxk2TqJ7GcEElMkoQFGa4zdlzSKirzuRwsnspE3n9fOpSv5s08qGrlNyr664nVRS_A1ydljyLjJ0By-8VMXyApo2JRY8U8422aKgL28IMCvjwYWyUSVJIQJLs7-S9hDkg1eiArmPPqivuZ554dWMbz27nfbUVAIXeZFxY054oFA1au15A6czPwdSNRZIgbINHTZtfGbEf19STTR1aQbEeyRxBlarj-cO34Nxbbr96hfYIMJuDv9cZ3luf6UM6wFq6TPulh9Ab-AZv8bQJIg_YHMV52Thwk40uLajwtny_3GAJ974VdUyVs1mOu9F57waz-ldIOe96W0HCv9yA7C3GFVIOY-kYubmgegye-gLUPRIWAqkS9Vsj3t8d4fNeyjEsKhd6a1V_Unv220b-0k99M_PZmUt8eg66T_Uwt_VtjMvG9UGqMrBrilBU56gg1FbT-Jrbz0YAhUXC4PiCfPFb3EIR4Gr37TAYm-9N3b7pM1brgleytaDsy-u6Buw8fVzrJ1j70bMGKLzZ6DMtlBCMxLxaxJy3Yh7Ece5ItdixFe3XTOC4BTbzVI4JnXj4PR2F_lkA_aSLyTWK5-3Q8ZVXckcIHsDUEggFhREXVaMdfeJak3r4pk63-kDmwOUaMw6UYwDejvfqCgrilo5nZUbY49TJVQSkPmLHdskzShtZ0fdyFXPCZymUbl_nClAIqritv7E20UTBk7c51rmyTEcSxN9M_k-GidlGV80PlXJZIVcI9MVCnV0dbGxLm3487azcIfurqAhP7Jhd_Hi_kj1Nd7sJadM50yRED49iJdfb3XKhxgFENOD2Gmc4h1nQ1kJYOPTpCYKh41K_FHOfnMWWmbHdObVdAxbIrj-QaJPYbE53UHINgKb-W7lqUkLNEfn6eEu1nsOUMxC88bh-TtKDwhwrfIfgq_Q9g5LVF8pg9HdKadWQdykkkmvmd0eVZHWkJHD3ul833kG634h1Q-a42fq4Ibt03fxiGY8yK7akPzrEln-Zw2jWftxFjC6siXDTgt79Vvo7EaC3uQJL_YX-9Xr0AD0hU7iMrZVePdpvbt103yPqqyrIc9x-zmBRNbT50h5OSKnR2fPW18cSd84CDN0dq3myJBeawPBC2vIpRvXn9I5MU4V4upOBOQCKdkqObJwdLlguwf6cEv_VdT2nvfhH7cJGtpy9CdeO877lzHjdM4oyDql1FmRjKOrHd8U2rQ0niRd2VUp8mLfcAYzeq-MkrDGRjPjaZ_Ir3AhJIeootgwYus0w2sjoUBtf8NAI3W-e-kLFIPpC6hTozxh94b3-4lZmakZl2GWvf-g9NCqXaKTdy9kuMo7QoUHOi1U2fPiLxguJ_DlIaeftxPkJqYFyK2YReGLMu6eXAIq2lWlNkS7pfE7LnKkOJo5_D1NRGSvSUvOUU_VaMv97WETcnZn_21sI4fg7SF72FrCnO42mbZFmLBoHcVQTnqvzLxkbAdg0rOv7JWyTlsyWTEy78Pe3a4l2qqyBNUGTDut027RJPKKo63B0VWXKW3LLIOclbfudyrcZknrMVLnXjvvyg117xJfTXe-IRvwLf9KVDtqCfqF15ZztnN4N4ZA9TlfUOKZdXkv-_CAbCKd5o-VknRTokS6YbQiqSGjh_erLTISZotHHyG6rXInbnJCy48rgxgHhHE1A8C2R7lBXzs3BI9qN-pVPqv77t9hrnNEP2UQvoShIqZFlbmAzeXRndOoSwwNFQsRDUuky73Luj3pJyu0YTj6sB9WR5aUGFadkRTLrkL2N4uMf9U6uJKjz0hIPm5yLGbNDWHMQaCDLqv-jN68Ah38kkOrCNgLsgeddX4h33-iRW8FNWWLL1sUrxODXmn84TDYM4Vw46HuWWKN4tkdrTmXXRKQyGSuAzuqgnYr431wCS3-AkzazteTIghq-V8oEGHVJ6BmUQpRpnVdWXFE_np5MPiWACgiI4ratjprKFVjeFcJMXZVz6wZEkW4Eaz9orRD3Xw2FeQQEAVKSykom7-eyWNMnxYkFUCP8i6Kd4gHW9Lod8TMEqvvkrodVju0XLQAjS-qNmSrV7D_1fzLW6j6WwdGiKr57XCHg1GjmdAwOGLLrcujF_p9IlX2giXSFcEaHsLl13wk-eH6Z-mBaJuQO1OcwdX10VVYshzSYfU_wtDurcFhUh1HVSPI631ziZzFEFK9i2NyQpX5zLAdWMV0CFmfmgob-ONYRlhLE4lDNin08aIVpm-YqcU3-_RvZxLrAsKBC9HUX5i1NZjcFwbT9-rPminLV4GfZTAiv8eY6RUNTCWBXQ-QfnAs1C4d0rws3bQMClCZHbu1UPwAEG5RKtY7nIBLGmdAGfipvafGg2zM1cENtW6wCFbFQregM8LPZswc1asx5n8vxaysJ9m-VdF9De5x6QuKXrcjFDFi1-yKoPQ8TvqRVlB_JYcHrEPZIXNn2IQIhcX8neWfvOvttEJQCUlloU0yyNmD1GIsXCU_J4HNG2OtnuwdYBY7XKEU8FRMj4sJtwVV7QwrTcO7nc99Qd4RF8Kd6ehSH6TDNTTri4OuSn5Ou5AUk3Bko0SlSGIrs9KRDxsXXwB2RiewBfFxlz2MgqLB7GcDQfHlcMtnBrUZEl24uQaEdwVbNH95fpISqZ2njQDEjHjy3e8LYMc9uD1r-FeHVdjktrbcsmyAFo_cLtt8My-VOk3EyiWQWmjcEnBQsNborNa25ZNNyJGtvJMvUECa5AZIo-cF3DX_ETDI5sSgSJp6krBeEGm-F4A0E_EWFf96fTE4OQsDPmY5e66PrXmYi7ELwJ8yJZPaRJj-X3KFNOjADXrfTMPe3x1vaBwhjSPdB3mZDdT0N0Jtabd-aBmXkNZ_F0eo1GtVcTHaBrlwqhzFDQiEKWBt_8vKvWSoEECq5G1N2FB8IjYjAF7NkaD71Wk9tUeFwZLH6RE6tDseVhNAwxiIwo5_ihw2A57FxD8XW5HMZvP9CFrYCpXocgtwv2cWcpjdAUwlsEnAVX9zGqDpg8iSH48SvW0P1d5ZsQj0Vl_-NhRT_VhVj-gaGBa6b-z2YJV1AyZSv1YyftaQB0DVZrfQ6J_EcuCzntcYzHAY4cSB3tG3wRZOQOHijJFmMqPiNN31YJVhBcyYtr-2896_IvAkm8SVndlStooHqErmVUnfM-i79G8o-GzDuwhq7wbHV_1FVMjwTZnHg-4d0U2pSH1Zt_GUad1xqw5jfiG_ZNRhrmZL_-WP_yf7F3clu6GGk1vtHjLKEASMmZl2rNrd0mhYsxGPTF-byqXnrz4T-SsinRQunLKFUBHoUZob0MkNVZqf9q9BDGENuA4XD8B6zXptTpkzB41ArHl5s42n5LZRzIV3p-7jhSBKl4KAu20ZhmoB8ITpY7HlAuRxHg21WPsOJfOu-4tZzDPG546toD0NswZc9JJTtS8F0kYuStsJsJj2nQPLuYgDr4OVTpZMRwNEbatuQWPIrM6Vl&cid=CAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA&rfl=1%2Chttps%253A%252F%252Fbuhgalter.com.ua%252F%240

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1cccbd22805c0bfbac192d4b5962ad62e41bbeb7f5c409e7477b4c31da8cb9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10755
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A1F2 42 B
63 B 78ms
77ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D6WPrLCEQ_fgulFZnemx5C4SwRbpQD8zGvdugIX52EIiGOJIVqc_AiPz2ieYnAWGmPfOmW7gAAiUPFgXUyCQ-nYcLTdj_w4HwKdthu66V82ctRSHc

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adServer.bs Show response
fw.adsafeprotected.com/rjss/bs.serving-sys.com/958741/61007899/Serving/ Frame A1F2 235 KB
72 KB 145ms
41ms Script
application/javascript 52.213.113.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bs.serving-sys.com/958741/61007899/Serving/adServer.bs?c=28&cn=display&pli=1077596117&gdpr=&gdpr_consent=&w=250&h=250&ord=1648287259095059&ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%26sig%3DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%26client%3Dca-pub-8618771545316321%26dbm_c%3DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%26cry%3D1%26dbm_d%3DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%26adurl%3D$$&ifrm=-1&ebaddid=$$[Device_Advertising_ID_MACRO]$$&z=0
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.113.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-113-49.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a543df459d2d753d575d5de96527a3331b29a514d8e1aa9aabbeb32de5b98eab

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame A1F2 47 KB
13 KB 145ms
47ms Script
application/javascript 18.200.47.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=10933&advId=27050060&campId=16456523419&pubId=1&chanId=44380725758&placementId=407415151&dealId=&adsafe_par&impId=ABAjH0hWXwMNvShyj5ufQOjgA1Xd&bidurl=https://buhgalter.com.ua/
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.200.47.85 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-200-47-85.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d4ec2ca8d759f86eb921166802e02bd8e9382839383ce1b3b8db9438505766d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame A1F2 2 KB
1 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/window_focus_fy2019.js

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:30:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:30:35 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame A1F2 15 KB
6 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:33:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:33:30 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A1F2 0
0 52ms
50ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQMzcWwhSNDUXAxr1WEEYcbnUaW2SNi1G50toFRFQ5MFsE-Eyzx1DCuyG3KQOE_dNwPgvH6fRkVVP7hecawZEpY5W8MVA
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A1F2 119 KB
36 KB 86ms
85ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Mar 2022 09:34:20 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/ Frame 5CC9 127 KB
32 KB 43ms
43ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/index.html

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

689b25634cb0d84e592e43cc1e3f1a43589cacd8f8faa3dfb582a200b1109246

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 32975
date: Tue, 22 Mar 2022 10:12:38 GMT
expires: Wed, 22 Mar 2023 10:12:38 GMT
cache-control: public, max-age=31536000
age: 343302
last-modified: Thu, 12 Nov 2020 01:42:25 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 24B5 0
0 89ms
89ms Fetch
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=ClhBVG94-YtrnBaKFjuwPxua-yA2VjMfNaO2dz8TcDNrZHhABINHfjB9gu4aAgNAKoAGo5Nr-AsgBCakC-AbWMDM3qT7gAgCoAwHIAwKqBJMCT9B52nJICCF_m0Uhh2M8fPEMEQrjteZW8DUPRpx7et9jI6VGNU6EWV9Joe9u_LeT3XbrEmfXVJzg1zZUednNX_o3rZZw-3MsyVXMhRdQpwyWNJhQoKlgCGAEyLPpVk_lg_gmsNtDOdfGTfmfjVcZbXWgpt0U-wBgl9lQhUhx2HQQAWKsdGm862NoNFBr6DlYrBWy9yIs-7wwS6MsHhMxe0vzPI9Z5eojHuh0bbYnXjuiIoEfdqME1Pi7zXcbUES9sWnMoZnGN9bSGeG2yWaPhE5rX6f8iuZr-0BVzvYxXf0OEO7rOhzO67a0JEgmPRNI0DNXMPpbF9JK91Oxn7lA8WG4UsXOiHspUtTihHOtDyuGo5TABKSslO3JA-AEAZIFBAgEGAGSBQQIBRgEoAZrgAfAm6WBAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAfIHBBDTywXSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ1NjAwMjUxMjE2OTU1OTKACgPICwHYEw2IFALQFQGYFgGAFwGyFx4KHAgAEhRwdWItNzQ2MjU0Njc3ODk3OTkyMBi84Bc&sigh=Lw0zLXh4Glg&uach_m=[UACH]
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 936D 143 B
163 B 43ms
42ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Sat, 26 Mar 2022 09:06:58 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 1642
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame 24B5 2 KB
1 KB 78ms
78ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/window_focus_fy2019.js

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:30:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:30:35 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame 24B5 15 KB
6 KB 73ms
73ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:33:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:33:30 GMT

GET
H2 200 impress Show response
ad.invamia.com/delivery/ Frame E829 18 KB
10 KB 75ms
74ms XHR
application/json 185.180.223.67
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.invamia.com/delivery/impress?ctype=div&width=970&height=250&tld=buhgalter.com.ua&pzoneid=7443&in_iframe=1&position=atf&screen_width=1600&screen_height=1200&top_domain=buhgalter.com.ua&top_url=https%3A%2F%2Fbuhgalter.com.ua%2F&domain=buhgalter.com.ua&url=https%3A%2F%2Fbuhgalter.com.ua%2F&referrer=&async=1&uid=2927789180
Requested by: Host: ad.invamia.com
URL: https://ad.invamia.com/invamia/invocation.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.180.223.67 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 185-180-223-67.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: aec49ea121142e36ce4ba520d03ad083e428295fe7ae692e96e70e6bf2a48909

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://buhgalter.com.ua
date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E829 0
0 130ms
77ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssk00YAU_24EqFAz8jwoFW6_vW6TDv_0DJX6QWBwBIDuIR4lejW5MyBQDqyHbLnkH53HUTDoNLAHn1KRtx3w4UnkQHWzSlfZzHJWDBEkLSRoki1pkrUOBJPmwdgN5o9YHxFvwK1RP2hPvE451FOWrF_b6Zg-C7s-7tz0dRnRC6hPk-PpE2fmOZC9qguDANN65tBlwJgpzgg714EEnw9GA0xaU0DT2ql3tZwPGXNDd_XH_Xt6_N8molGqLiauU-KKGq4wSeW7snN4NsO2iADfjqtc4T160wHHoVKTg8oqmnaMScP5HLoxogLqkOybOHYpWdJ1wykpoexNQ&sig=Cg0ArKJSzEeckRCQjpUbEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Mar 2022 09:34:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 26 Mar 2022 09:34:20 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 51DA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIPfkn-BRzmCcP3ra6bdryk&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIPfkn-BRzmCcP3ra6bdryk&google_cver=1&C=1

43 B
1012 B

57ms
57ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIPfkn-BRzmCcP3ra6bdryk&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbsERDvjosCGLDprsQBMAE&v=APEucNVKDrI2MlIl-JHjrmMMMmgZHBXLI67pj5HNJ__HiKpHF53rydcCaipXUV9PhZZtKEcmZaqUaYz7iCJHyBPhLYBsZ1IyB0nQ7M5yYsmlvXw4fUzaF3h_clWFgBjvH51kfOOnnySKtb1-E-DHh-RH9N9H6s3aHOd1g9YCC8s86uzoEBxbiEc
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:20 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 26 Mar 2022 09:34:20 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:20 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIPfkn-BRzmCcP3ra6bdryk&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Sat, 26 Mar 2022 09:34:20 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 51DA
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yj7eHFaybP9gPUY3oi5abgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIPfkn-BRzmCcP3ra6bdryk&google_cver=1

43 B
892 B

60ms
58ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIPfkn-BRzmCcP3ra6bdryk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbsERDvjosCGLDprsQBMAE&v=APEucNVKDrI2MlIl-JHjrmMMMmgZHBXLI67pj5HNJ__HiKpHF53rydcCaipXUV9PhZZtKEcmZaqUaYz7iCJHyBPhLYBsZ1IyB0nQ7M5yYsmlvXw4fUzaF3h_clWFgBjvH51kfOOnnySKtb1-E-DHh-RH9N9H6s3aHOd1g9YCC8s86uzoEBxbiEc
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:20 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 26 Mar 2022 09:34:20 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIPfkn-BRzmCcP3ra6bdryk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 51DA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPjXw6F2Othx7QmJQXhkFY8&google_cver=1

43 B
1020 B

43ms
38ms

Image
image/gif

185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPjXw6F2Othx7QmJQXhkFY8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbsERDvjosCGLDprsQBMAE&v=APEucNVKDrI2MlIl-JHjrmMMMmgZHBXLI67pj5HNJ__HiKpHF53rydcCaipXUV9PhZZtKEcmZaqUaYz7iCJHyBPhLYBsZ1IyB0nQ7M5yYsmlvXw4fUzaF3h_clWFgBjvH51kfOOnnySKtb1-E-DHh-RH9N9H6s3aHOd1g9YCC8s86uzoEBxbiEc

Protocol

HTTP/1.1

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:20 GMT
X-Proxy-Origin: 217.138.196.106; 217.138.196.106; 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: ce1d2ea3-2281-4ed1-bb53-35e05d8a1fba
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPjXw6F2Othx7QmJQXhkFY8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 51DA
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ4NjgyNDczNDMzNTYzNjg5OQ%3D%3D

170 B
243 B

87ms
54ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ4NjgyNDczNDMzNTYzNjg5OQ%3D%3D

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:20 GMT
X-Proxy-Origin: 217.138.196.106; 217.138.196.106; 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: c787fb48-9e33-4536-a46d-3d452065bdf3
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ4NjgyNDczNDMzNTYzNjg5OQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8A56 41 KB
15 KB 47ms
42ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 09:34:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 172792
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:34:28 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 61C9 1 KB
749 B 47ms
43ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 26 Mar 2022 05:53:44 GMT
expires: Sun, 27 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 13236
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 8A56 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a80d9ff59b837def607683ef0f0410775fe307e74b9765fec576f6cb4fcc1051

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 4885
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMexOXAHvl7YUTXMTCZAdmU&google_cver=1

43 B
61 B

79ms
34ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMexOXAHvl7YUTXMTCZAdmU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6tv8YCEKjp3uQCGMzA9sIBMAE&v=APEucNUUVe-p_sNvPGGhHMWYLMSKy9rveEjcJNJKeVhZJ8k15R1w5PWJjb7KCsbRiaeccFGT4FnLpV2f8YlvCq0kACa5CArbcqI3gv2Lp0kWi9_wM9JOnm5oerX_37eELO-nXj7JtseknvHlod1ISBAA8KvvMPoysjutzWZEB8_PEzCCS3g2-PI
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
via: 1.1 google
server: OXGW/17.2.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMexOXAHvl7YUTXMTCZAdmU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 4885 43 B
305 B 95ms
33ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6tv8YCEKjp3uQCGMzA9sIBMAE&v=APEucNUUVe-p_sNvPGGhHMWYLMSKy9rveEjcJNJKeVhZJ8k15R1w5PWJjb7KCsbRiaeccFGT4FnLpV2f8YlvCq0kACa5CArbcqI3gv2Lp0kWi9_wM9JOnm5oerX_37eELO-nXj7JtseknvHlod1ISBAA8KvvMPoysjutzWZEB8_PEzCCS3g2-PI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
server: OXGW/17.2.1
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 4885
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEPj7R_aQFb5vty-LJanYlE4&google_cver=1

23 B
172 B

78ms
70ms

Image
image/gif

104.92.106.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEPj7R_aQFb5vty-LJanYlE4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6tv8YCEKjp3uQCGMzA9sIBMAE&v=APEucNUUVe-p_sNvPGGhHMWYLMSKy9rveEjcJNJKeVhZJ8k15R1w5PWJjb7KCsbRiaeccFGT4FnLpV2f8YlvCq0kACa5CArbcqI3gv2Lp0kWi9_wM9JOnm5oerX_37eELO-nXj7JtseknvHlod1ISBAA8KvvMPoysjutzWZEB8_PEzCCS3g2-PI
Protocol: H2
Server: 104.92.106.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-106-130.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 26 Mar 2022 09:34:20 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEPj7R_aQFb5vty-LJanYlE4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 4885 23 B
172 B 226ms
67ms Image
image/gif 104.92.106.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6tv8YCEKjp3uQCGMzA9sIBMAE&v=APEucNUUVe-p_sNvPGGhHMWYLMSKy9rveEjcJNJKeVhZJ8k15R1w5PWJjb7KCsbRiaeccFGT4FnLpV2f8YlvCq0kACa5CArbcqI3gv2Lp0kWi9_wM9JOnm5oerX_37eELO-nXj7JtseknvHlod1ISBAA8KvvMPoysjutzWZEB8_PEzCCS3g2-PI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.106.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-106-130.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 26 Mar 2022 09:34:20 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H3 200 css
fonts.googleapis.com/ Frame 5CC9 11 KB
822 B 113ms
55ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:700,regular,600|Montserrat:700,regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6af97b9a2d1bc07d8d5386efecca516ff8c107e4c9bf5165d7cc38741db5597a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 09:34:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 26 Mar 2022 09:34:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 26 Mar 2022 09:34:20 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5CC9 16 KB
6 KB 48ms
40ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 07:29:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7473
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 27 Mar 2022 07:29:47 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5CC9 26 KB
10 KB 51ms
43ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 14:22:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69135
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 26 Mar 2022 14:22:05 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame C822
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENYMTERgWSmM8k-QvmwpfJo&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENYMTERgWSmM8k-QvmwpfJo&google_cver=1&__user_check__=1&sync_id=e9f64460-ace7-11ec-a4d0-102ad03c0306

43 B
549 B

46ms
45ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENYMTERgWSmM8k-QvmwpfJo&google_cver=1&__user_check__=1&sync_id=e9f64460-ace7-11ec-a4d0-102ad03c0306
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCsqIyVAxjv0qLCATAB&v=APEucNVKZIMeUjRTz0lQkvjPAL7z3pNyUo2NvCsdKOdZJ_-6fiGW35ETU7GoomI-YrimCQla6NKyo9oDAWPSRfGjdzjvH3NUcg8NrF8HP9WmayaGv-KTD0lhc6Hnl91ThcVJbBvh7yAer8Yfsk6Ejv8FnRBr1xQVMqVMjqeKfpCd0oSydZa19Qg
Protocol: HTTP/1.1
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 09:34:20 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 112
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sat, 26 Mar 2022 09:34:20 GMT
Server: nginx
Location: /partner?adv_id=7025&uid=CAESENYMTERgWSmM8k-QvmwpfJo&google_cver=1&__user_check__=1&sync_id=e9f64460-ace7-11ec-a4d0-102ad03c0306
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 134
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C822
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZTllYjM1M2MtYWNlNy0xMWVjLTliYjAtMTEzMTE3NGMwMzA2

170 B
188 B

92ms
54ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZTllYjM1M2MtYWNlNy0xMWVjLTliYjAtMTEzMTE3NGMwMzA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCsqIyVAxjv0qLCATAB&v=APEucNVKZIMeUjRTz0lQkvjPAL7z3pNyUo2NvCsdKOdZJ_-6fiGW35ETU7GoomI-YrimCQla6NKyo9oDAWPSRfGjdzjvH3NUcg8NrF8HP9WmayaGv-KTD0lhc6Hnl91ThcVJbBvh7yAer8Yfsk6Ejv8FnRBr1xQVMqVMjqeKfpCd0oSydZa19Qg

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 26 Mar 2022 09:34:20 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZTllYjM1M2MtYWNlNy0xMWVjLTliYjAtMTEzMTE3NGMwMzA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 99
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame C822 0
194 B 160ms
44ms Image
text/plain 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 936D
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

110ms
108ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 26 Mar 2022 09:34:20 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 26 Mar 2022 09:34:20 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 26 Mar 2022 09:34:20 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220323/r20110914/ Frame D10F 25 KB
9 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220323/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bc0krI8YjRhwhIucl9LLgwtd1q5TBzPc_1hJZwVgpZHxSZtbrCqcRkX9drWTSWgqGNj9pWw0dpcP_H_dABQM7wPYA0Jz5Qrl3teI46uUzHAykdunjlY_PlwBuV93fpizJkKc4RdgMdNsfaZ81Msn4zSM2xPQ&dbm_d=AKAmf-AfMvHDGlW5AERYrqiKWiAG4ik_huoMNYVVlNWVK3d8kOYTO_EpIhYbALvrPWd4zw7tRzS0_O7D6zYny1pRh9tyli6CtYZtM3nrgQFC92OSiDpAa7HPum9UIJ9qGsVoHaUeg8HNuJGVYQb-I3eRW8wByl3acR3JYnKdZDBfCRQnM1Q2u7cKfPsIer_44IMzFpihMo_423czq3H3WJhnOTJwnfogEfYdJd5sQEFOvXh8MnIeXRmj0auykfbVSyh47zqprIB8EHAUDDV_qD8mAtrO9ND8Gn0Nsx0sbrkcH7Y0NnCjPxyrDkHvVg5fAbWcGDWRe6O0pbpS_okwDoTiSjC7zYyv2_zmoVoDzzfyFU0rvE5_EkPiCwPx-NA2k6eLEBmt3lCsJW-2WtHWZf4sM0CSW0qY0x7MpdTnSmkZ-fbNqvH7mEp0RgqncspqurmKRZFcupPWSoXwi-dcG7xxBDI4UvD1aCjjTvQhqYI7vTI3NhhVN11sRx-rTSOBwDeVciIn05Auv4jpjsouBiURJrB8Yc5PqW2O6S-fKfsVe24d3vpMsfSma17Wl8fkRsT6uodyh3gPlBz5-urNwOkJGWuaUmlCMbB7LxowadPu1qaXlKeZfGD8WD9draIp1a7rFJ6EEvobd1ZJDSAgHr8ykOPN9FgXGHCTBOCrzDIaiXW1PUgsNX2aYMMfHEOr6V2UfFCFUH8KAle_QlYInYZwyuQSBrqt_sKuJkWGMCQU5IZVegVKHxNhnSJHxC5f9xzylzxtvM-6K2roINUWsQlLMcwoFoZ3lpkdHORVzYt4jGqaVVL7mr_9HzDTz1Fp8XEgq8JGU2OqEm_yvCl99spoDPnUOLzg4X8suq520Nl3cb8IkXenRTf-SonpKuNMd1kl4G7X5UnQBxRDcjjHQfmuddLroi_p_Y0AqnaLYp6AcBHLCra337cTdDV8WjIJXeP9Z1pOG9dhFbk3WIsBzjbTJKhhBl1YhxvJYxsG0yt9Axu_8Bjjnf4CjXVQ-lpORtytVPJd4SXg_24MXz_FVdHgYvpgrxhwarxmmFmJNLDknXgiW5X3Cq-R5ubvZqVsFn52673QEYv_KCD_WSsxOAw7LApdMaBZ6vwKRkzXMgvemo3n4RkWiwL_7HJ6O48EE4C-PppYQDv749gVrLjzje0nf-Ew8jlQuPhHesuxXHSq86F9JGM766noYGCJw49sGbfsjnGAygSSr0bqqw8NnhlD8cGcoB84KPD7qQoN8RHIhngudDtdmAwKq4__VdJV1vio1XvMrJnZddJjJihpI81B96ESIMJ3dqrXgdtdVx7nWGNHDfKqOao5NYJQk3P8APFYx0FyNfgPDHSqoh3pOh0A8zsNrbeJX-Ag1ui4TCh1xTykbVoe6EoRytr2FBNTvMsPMx_9eEKsRISrxjXeZIHnGNyl7sLVftP_fqgMi-MCQMme_1NUYUt_wq9nW9WcW9tV_KW0W45mpKqQwUVAehYP63O5PuFiY9PrpPBVbYETpDKwahZ77b8wMBCLm3TL5djblrn-iD94V0FEIphP8JsvZoL7JDkbjVDiHgxLbHAB6xtXvRted6CxcCMTZDuVLeTlpCMkYjzS2NFOP_RocohYkEVGagF1PAB2Lrzx-5MLJrM4C3cIcl6d43NKxB75syMYJBH9eZ8_mFa4tYXczwnDruLvo8CRRZ9SkJGVDx2x4t8mtnTk9P5Zmr5OomllPnKR0cZpcsL7htNKeuo85Zr3w8eW88VJhSq_EmvLWQzrXLlGTBbxUA4krmug1E3SLIv-uep_yIDySfiCVDj_jpO9KzcpkjOvu1EbKNbJ-9Ks8lGU5tvDnqWiCAKaS4WSq3cK47R00jBT7UBolF2CzM-gHlsCFeTITNA3kAE0476WpxXBL77F6qQRZGpg66m2Wb7VrdF0t2GCxd7TTt0sQPbNnjCCG85_DIsXshDfT026_MNRJkxDHi1AZ_O7pjM8OawoumBCNxCZYSL-n358D7C-Xg2-pbUW6e3ooPxnOJDKs7yOrYF9rkq0H9m8Qn3kS8FklEof7czag8TLnmThDjOjyKIQGckdD-Y5Wlbi6xClpxfJYFCdQoTvjSdFDr826zWAavkY3M6a5doBxzEj0obJervXV9oJZAadT76VG4Hc995DFMD9dRKSB9ythCk3LN0WcDq3ESZBGR4Zx5G3HV-lQWyo-k8_6LeOxjwGkFzzz8wdLxdaDAqy5lTbYrHs-eGf5JSvdTdfgII6CmqDdHRg5PKTa8jTW0ntM7GSo8CElEHanHnpZ7we32eTzw90sNG6JvDEj6BjZgT45c5O_Ujo7qxxI49tgc2G4WHXEDZlomUGtsc_nDERSu0vO2u_J4v2LMVUHSdjlTmEkV0zuGdElIe7wHdCtwctOztitO94aCXqcdYaJa4uHhLg904oRkqwUf2rWxw8NGOXfP06iAV0nuzpKl7gZfmTFHudbCqKaM8vq_KuL_ItxbkmAxCXhmSIeOjzeCzjr30HcHNgNJkWbXQWV7Gms5l5Rsm35menEjQVomcsoCckgsGsw11D2BAGeBa7VoHnLa9b4D1hLty4qOFKheQ_y1AmJxaMhMd6SNLfpmenNZxU84WAaJFE-nsxNWwIBPaUVSJoTTPgIvmV1XXPlQeF2wGUxvP-ZyoxO8lWlO-clkCVTNq-_0C0VMQkA4ebGDt5l70EGc2ZfMOeenFIJS5SENDWjOR3QrOp1owNu_T_up5QXFae1GJ6TcAr6fj85JFswHsn5Tra8f6X_mtvksTNiEg6bjfyYdxKMB0fbLcpec6QeoEVRe_rmIZs94Kjr5oJK51rTq1LWmK6FC-3UbQ7gEVrRKVVB0wd_oANeOhXP9tU_RDF5fpSPhjsZxznj8QPfbPKld8r7tOacxHTEDDihBzyNRic-pe9Um15jxL4hx_xcqD5NtSUT7FIvcdPuDL-y4ZadqIEJ2iTVxPb5Ubfb6JAstMpA4RO6hNnYQXS21_1BqUfyo27kynWVvUefleyT7v_aRR5L4tklMATBnE9D6dHKTumpeoJ9XQVRTNgEYtRweZQ_S79IsI_x7FF5cC05EnklxkwSdnRzUxseMETvhGZ8_4vquGx79BnZ8NpYCcWTFXCDXoaH9Zegc-ghBKEs2ybApZXbJ3SKP_PjbAdlDY_q6pXfAJL_TRimtHx67iYf_-_iXAlHokiWDd7DsR780J1d6haDpcZ9nShOQ1saEHqIvVB4UMK-Bbr7ceuaT0mNNOfcyy-weXrtrl0tTc2WB1UXGFHGjVa9AaZzhOQ1qMiSnk7nKHkgtonyKqtpLlJcTfeQg6nnGmB3CBtMb-9&cid=CAASJORoCKD0IxGJxNut7gahT5Cg8oXvCCcJEsgCzNL6QTvuSc2jAQ&rfl=1%2Chttps%253A%252F%252Fbuhgalter.com.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:33:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 16576748017229546422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:33:14 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220323/r20110914/elements/html/ Frame D10F 8 KB
3 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220323/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:31:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 196
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:31:04 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D10F 0
571 B 182ms
87ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstfUxlZPb6PrraWHRQQy4uGwUSM-B40xK3tnKDUR4JbzsSDSku2VALKrDuadcX8DJOdah8U1rfcPuDzten58IALKC0R2qrmWIUdW46waFhZKNnvkecMX3WuZAEGVRO3lMJz7g8YNdPIY9ibonJVh9dO2KX8tOuBL4JaoMw5EMiMapX1U3fHmf3Jn_vSNee8i08BmDqX0ZYv9EdXKuNsZuHi6D6xRvKRNPXxyG-loIIMuUEGpFHJjGHenqgeIxA131MVdry_FiO2yVwMYqfqG075XVYRkl-V8noL3F1u9j6miLZhxFyqWj4dM4W8jHl9WNPr5HVeMk1RjDV-UaVaZ1XrIMD-XglpPw02sPJfLzx2BoArp9-MxKO6g84COI7cqMGTf9bKZUx0ClXsV574_9ef4JUJ53Ite8pNQl5Fa4GZzlTDFyFrDyBAODQwa8RAepoz0zy1AzsHe_ZbAkiHPlD9l4FA8rZKm6J7M4xJJPGxm9zIBR2XE3BHb_LOtpR-n6IdXlLw8-p8KSGhAUqU6jmNVdY2OFqnOsVuouV8VuvQ90IPGuFSfg-DlMcG_ytTxk9sCxZUjs8XYs-lphRvM--Mdv2phWWHSB6jYu_dHEydVAmO9Md1DARwsPlxanZSO-KHS4L5XoyHO1OzzAlOHHi6a_V-UeZxCrTdWn6rjnHkI6PmnvQe6V6NUAcFWiWPMNI6a37RCST7-KNnX5zFOq5WDisAkk9FiGa6MCZ8nbZwOE6qR0SHvJk9mka_eejWO9bEkHXJIuk1YTdEfRktr_0fEa8LD7dwWT_mphAhfATATcT9RaR32VsyjQ_b9NuwmUSleOry000b8TQNDl4MTlnoRPwejh21ke5VQbLYtUrvyvncoRqeb64I_uFT4DEgKyrCuona_EQarNMzCqni0-g3EQEu60KGGC6qc8SoA8hO43ExcLl3VLb3lb-yu15L-CD7xN3XogZgiPNy_mpu3J7Q4zzYs0uVVYI1sF5ZFzIVjup_erGQmFA2A5pfMa6cvYoY1LYBl4tWnkZlwtD7Kj6SUOVM6V4YMC1go-GEMA3tbt7fQudm9TdZfu60aVvFPx9H-hag4Zo1nREAR-e-of-bYqdtiQzsQbUyC0wVExNFh9qXDMznfPGqGiqGvDtg9mco20ADr9YvU6PS3cZgy74sNFHzARJOjP1SlE3pylZ2oqqi9MONFZoUeMa4LFMtIxh9myBT_--WFgTEYd5l7dEW-FRTVpXxLGJtD7-1uEZJAT-wN8ffL2J_Z86XdMI3zPkNvcy6g9UfpB1cIf0iyJqM_1sy0WLBa9I&sai=AMfl-YRALC8o5HLWwntPegJlFZ-DTbN0jN3epAMZARQ6iE7h0HDkQDziHaFjHj4g4f5bWCDwwYC27Hejb4vrkt5wSeUAEkbMGMkIlglezlArOjnWdVzBk9GL7z7rsJfYITdUOg2ges8i5iIrmMR0BAhGSrHfTO4-c7ZXq_GEnA6jnZdpghfx-QZ8CDE9vyfrOb-g6-o1Qomccl0mK-eLiwxaLw&sig=Cg0ArKJSzGdxqKicNwEyEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220323.67736&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 26 Mar 2022 09:34:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK tfav_adl_57.js Show response
j.adlooxtracking.com/ads/js/ Frame D10F 64 KB
64 KB 168ms
74ms Script
application/javascript 37.187.27.147
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://j.adlooxtracking.com/ads/js/tfav_adl_57.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bc0krI8YjRhwhIucl9LLgwtd1q5TBzPc_1hJZwVgpZHxSZtbrCqcRkX9drWTSWgqGNj9pWw0dpcP_H_dABQM7wPYA0Jz5Qrl3teI46uUzHAykdunjlY_PlwBuV93fpizJkKc4RdgMdNsfaZ81Msn4zSM2xPQ&dbm_d=AKAmf-AfMvHDGlW5AERYrqiKWiAG4ik_huoMNYVVlNWVK3d8kOYTO_EpIhYbALvrPWd4zw7tRzS0_O7D6zYny1pRh9tyli6CtYZtM3nrgQFC92OSiDpAa7HPum9UIJ9qGsVoHaUeg8HNuJGVYQb-I3eRW8wByl3acR3JYnKdZDBfCRQnM1Q2u7cKfPsIer_44IMzFpihMo_423czq3H3WJhnOTJwnfogEfYdJd5sQEFOvXh8MnIeXRmj0auykfbVSyh47zqprIB8EHAUDDV_qD8mAtrO9ND8Gn0Nsx0sbrkcH7Y0NnCjPxyrDkHvVg5fAbWcGDWRe6O0pbpS_okwDoTiSjC7zYyv2_zmoVoDzzfyFU0rvE5_EkPiCwPx-NA2k6eLEBmt3lCsJW-2WtHWZf4sM0CSW0qY0x7MpdTnSmkZ-fbNqvH7mEp0RgqncspqurmKRZFcupPWSoXwi-dcG7xxBDI4UvD1aCjjTvQhqYI7vTI3NhhVN11sRx-rTSOBwDeVciIn05Auv4jpjsouBiURJrB8Yc5PqW2O6S-fKfsVe24d3vpMsfSma17Wl8fkRsT6uodyh3gPlBz5-urNwOkJGWuaUmlCMbB7LxowadPu1qaXlKeZfGD8WD9draIp1a7rFJ6EEvobd1ZJDSAgHr8ykOPN9FgXGHCTBOCrzDIaiXW1PUgsNX2aYMMfHEOr6V2UfFCFUH8KAle_QlYInYZwyuQSBrqt_sKuJkWGMCQU5IZVegVKHxNhnSJHxC5f9xzylzxtvM-6K2roINUWsQlLMcwoFoZ3lpkdHORVzYt4jGqaVVL7mr_9HzDTz1Fp8XEgq8JGU2OqEm_yvCl99spoDPnUOLzg4X8suq520Nl3cb8IkXenRTf-SonpKuNMd1kl4G7X5UnQBxRDcjjHQfmuddLroi_p_Y0AqnaLYp6AcBHLCra337cTdDV8WjIJXeP9Z1pOG9dhFbk3WIsBzjbTJKhhBl1YhxvJYxsG0yt9Axu_8Bjjnf4CjXVQ-lpORtytVPJd4SXg_24MXz_FVdHgYvpgrxhwarxmmFmJNLDknXgiW5X3Cq-R5ubvZqVsFn52673QEYv_KCD_WSsxOAw7LApdMaBZ6vwKRkzXMgvemo3n4RkWiwL_7HJ6O48EE4C-PppYQDv749gVrLjzje0nf-Ew8jlQuPhHesuxXHSq86F9JGM766noYGCJw49sGbfsjnGAygSSr0bqqw8NnhlD8cGcoB84KPD7qQoN8RHIhngudDtdmAwKq4__VdJV1vio1XvMrJnZddJjJihpI81B96ESIMJ3dqrXgdtdVx7nWGNHDfKqOao5NYJQk3P8APFYx0FyNfgPDHSqoh3pOh0A8zsNrbeJX-Ag1ui4TCh1xTykbVoe6EoRytr2FBNTvMsPMx_9eEKsRISrxjXeZIHnGNyl7sLVftP_fqgMi-MCQMme_1NUYUt_wq9nW9WcW9tV_KW0W45mpKqQwUVAehYP63O5PuFiY9PrpPBVbYETpDKwahZ77b8wMBCLm3TL5djblrn-iD94V0FEIphP8JsvZoL7JDkbjVDiHgxLbHAB6xtXvRted6CxcCMTZDuVLeTlpCMkYjzS2NFOP_RocohYkEVGagF1PAB2Lrzx-5MLJrM4C3cIcl6d43NKxB75syMYJBH9eZ8_mFa4tYXczwnDruLvo8CRRZ9SkJGVDx2x4t8mtnTk9P5Zmr5OomllPnKR0cZpcsL7htNKeuo85Zr3w8eW88VJhSq_EmvLWQzrXLlGTBbxUA4krmug1E3SLIv-uep_yIDySfiCVDj_jpO9KzcpkjOvu1EbKNbJ-9Ks8lGU5tvDnqWiCAKaS4WSq3cK47R00jBT7UBolF2CzM-gHlsCFeTITNA3kAE0476WpxXBL77F6qQRZGpg66m2Wb7VrdF0t2GCxd7TTt0sQPbNnjCCG85_DIsXshDfT026_MNRJkxDHi1AZ_O7pjM8OawoumBCNxCZYSL-n358D7C-Xg2-pbUW6e3ooPxnOJDKs7yOrYF9rkq0H9m8Qn3kS8FklEof7czag8TLnmThDjOjyKIQGckdD-Y5Wlbi6xClpxfJYFCdQoTvjSdFDr826zWAavkY3M6a5doBxzEj0obJervXV9oJZAadT76VG4Hc995DFMD9dRKSB9ythCk3LN0WcDq3ESZBGR4Zx5G3HV-lQWyo-k8_6LeOxjwGkFzzz8wdLxdaDAqy5lTbYrHs-eGf5JSvdTdfgII6CmqDdHRg5PKTa8jTW0ntM7GSo8CElEHanHnpZ7we32eTzw90sNG6JvDEj6BjZgT45c5O_Ujo7qxxI49tgc2G4WHXEDZlomUGtsc_nDERSu0vO2u_J4v2LMVUHSdjlTmEkV0zuGdElIe7wHdCtwctOztitO94aCXqcdYaJa4uHhLg904oRkqwUf2rWxw8NGOXfP06iAV0nuzpKl7gZfmTFHudbCqKaM8vq_KuL_ItxbkmAxCXhmSIeOjzeCzjr30HcHNgNJkWbXQWV7Gms5l5Rsm35menEjQVomcsoCckgsGsw11D2BAGeBa7VoHnLa9b4D1hLty4qOFKheQ_y1AmJxaMhMd6SNLfpmenNZxU84WAaJFE-nsxNWwIBPaUVSJoTTPgIvmV1XXPlQeF2wGUxvP-ZyoxO8lWlO-clkCVTNq-_0C0VMQkA4ebGDt5l70EGc2ZfMOeenFIJS5SENDWjOR3QrOp1owNu_T_up5QXFae1GJ6TcAr6fj85JFswHsn5Tra8f6X_mtvksTNiEg6bjfyYdxKMB0fbLcpec6QeoEVRe_rmIZs94Kjr5oJK51rTq1LWmK6FC-3UbQ7gEVrRKVVB0wd_oANeOhXP9tU_RDF5fpSPhjsZxznj8QPfbPKld8r7tOacxHTEDDihBzyNRic-pe9Um15jxL4hx_xcqD5NtSUT7FIvcdPuDL-y4ZadqIEJ2iTVxPb5Ubfb6JAstMpA4RO6hNnYQXS21_1BqUfyo27kynWVvUefleyT7v_aRR5L4tklMATBnE9D6dHKTumpeoJ9XQVRTNgEYtRweZQ_S79IsI_x7FF5cC05EnklxkwSdnRzUxseMETvhGZ8_4vquGx79BnZ8NpYCcWTFXCDXoaH9Zegc-ghBKEs2ybApZXbJ3SKP_PjbAdlDY_q6pXfAJL_TRimtHx67iYf_-_iXAlHokiWDd7DsR780J1d6haDpcZ9nShOQ1saEHqIvVB4UMK-Bbr7ceuaT0mNNOfcyy-weXrtrl0tTc2WB1UXGFHGjVa9AaZzhOQ1qMiSnk7nKHkgtonyKqtpLlJcTfeQg6nnGmB3CBtMb-9&cid=CAASJORoCKD0IxGJxNut7gahT5Cg8oXvCCcJEsgCzNL6QTvuSc2jAQ&rfl=1%2Chttps%253A%252F%252Fbuhgalter.com.ua%252F%240
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.187.27.147 , France, ASN16276 (OVH, FR),
Reverse DNS: js12.adlooxtracking.com
Software: nginx/1.15.8 /
Resource Hash: d36253140224d3e65922719329cba306a98af2154419ee3b571399b1ddc0bdf9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 09:34:20 GMT
Last-Modified: Tue, 14 Dec 2021 10:16:32 GMT
Server: nginx/1.15.8
ETag: "61b86f00-ffaa"
Content-Type: application/javascript
Cache-Control: no-cache, max-age=60
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 65450

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D10F 41 KB
15 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 09:34:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 172792
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:34:28 GMT

GET
H2 200 1014031966750151554
s0.2mdn.net/simgad/ Frame D10F 72 KB
73 KB 138ms
44ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/1014031966750151554

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1e4efe7233fbb9a90348afd9731a677423fbb0195aa0d21f381cef00007250d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 20:56:01 GMT
x-content-type-options: nosniff
age: 391099
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74149
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 12:54:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 20:56:01 GMT

GET
H2 200 swiper-bundle.min.css
unpkg.com/swiper@7.3.0/ Frame E829 15 KB
5 KB 157ms
59ms Stylesheet
text/css 2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@7.3.0/swiper-bundle.min.css

Requested by

Host: ad.invamia.com
URL: https://ad.invamia.com/invamia/invocation.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ca8fddb17d96df80923b284c7e07888f947eb3dd03974cd31e85f4d5e9dc6dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 11058266
fly-request-id: 01FMS77QYFR7T91A14VZPZC4YW
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"3ccb-bbg35pXUy1EXOpXHxlwOip0M+cE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6f1ee3d14fd4021d-ZRH

GET
H2 200 achernar.min.js Show response
ad.invamia.com/js/achernar/ Frame E829 11 KB
4 KB 39ms
37ms Script
application/javascript 185.180.223.67
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.invamia.com/js/achernar/achernar.min.js
Requested by: Host: ad.invamia.com
URL: https://ad.invamia.com/invamia/invocation.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.180.223.67 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 185-180-223-67.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: fce742d7814055a224b9e7b2a36bccfba4547644a968e838bf0b9d2f730866dc

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
last-modified: Mon, 21 Feb 2022 14:47:09 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"6213a5ed-2b1e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Sat, 26 Mar 2022 10:34:20 GMT

GET
H2 200 prebid.js Show response
ad.invamia.com/js/achernar/ Frame E829 212 KB
66 KB 41ms
39ms Script
application/javascript 185.180.223.67
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.invamia.com/js/achernar/prebid.js
Requested by: Host: ad.invamia.com
URL: https://ad.invamia.com/invamia/invocation.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.180.223.67 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 185-180-223-67.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: abda83b7b0fcad530a82341fef5a3b7acdfa13778c13debf5bddcc21beea49c5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
last-modified: Mon, 27 Sep 2021 12:39:02 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"6151bb66-34fc0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Sat, 26 Mar 2022 10:34:20 GMT

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame E829 82 KB
27 KB 52ms
50ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: ad.invamia.com
URL: https://ad.invamia.com/invamia/invocation.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ffbf0901d91c2643b9aef55cc55cb461e8be565f7b47289a03c321cb1cc4441

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28045
x-xss-protection: 0
server: sffe
etag: "1169 / 229 of 1000 / last-modified: 1648245909"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 26 Mar 2022 09:34:20 GMT

GET
H2 200 swiper-bundle.min.js Show response
unpkg.com/swiper@7.3.0/ Frame E829 132 KB
38 KB 174ms
78ms Script
application/javascript 2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@7.3.0/swiper-bundle.min.js

Requested by

Host: ad.invamia.com
URL: https://ad.invamia.com/invamia/invocation.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

159c24eb0b9d044c0507e36e693d0ff23bbb990ae90523cc25f3683253ee43d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 11058308
fly-request-id: 01FMS76ETJSXZKGZGFZVHH4A5S
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"211c1-rxAEOIj0DtL1iihSDpsruCFXSHs"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6f1ee3d14fd8021d-ZRH

GET
H2 200 invocation.min.css
ad.invamia.com/invamia/ Frame E829 3 KB
850 B 108ms
107ms Stylesheet
text/css 185.180.223.67
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.invamia.com/invamia/invocation.min.css
Requested by: Host: ad.invamia.com
URL: https://ad.invamia.com/invamia/invocation.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.180.223.67 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 185-180-223-67.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 60f74110267d386c033ca330fc5bbd7d2472c972b63b33fa8000e87c8f815de6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
last-modified: Sat, 29 Aug 2020 19:45:19 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"5f4ab04f-a0a"
vary: Accept-Encoding
content-type: text/css

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A1F2 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BG3Hkh69N83zCoVoe0eysR_jH1gaOe8TolsNJ5Gr-ZABgTdf_1eWYUD0CpM0mGBYSuVtjNY8wQgJjMaGAtFGD_VWBESt7UOXcJ-9NaT6QKKdGHRl2ttowB6JZE0xKk8g27pnUZGBYAMtIthO7X94VdSS9AhQ&cry=1&dbm_d=AKAmf-DMvDqA1LEFDy4zWscbHjBmi2on6t31-yWqnD-absHsBfSPZZoay7XitcjpQZ-HIOTZVHRHm87xxnqSuvZCZj-jYesi7eMhgE85Uag7Md8GO-zoZjFojGiJNovBuEzCnmY8cKS2E4RUcypCCdrXje7EtyrjM6ly2KmOJcokw9zrZxFctpk_z1hPHnhZlpkJSvS3FZzhPspcXvAaaLGerY77yBu-q4Msk1w1-UxXs0ZLh3_qLlHeaOauwg8Q_VqHNvzbdfdHwwX6NRCrxD95_Ih0g1yuIhvlHNS929OnGts7U58kCaKLm_mDxk2TqJ7GcEElMkoQFGa4zdlzSKirzuRwsnspE3n9fOpSv5s08qGrlNyr664nVRS_A1ydljyLjJ0By-8VMXyApo2JRY8U8422aKgL28IMCvjwYWyUSVJIQJLs7-S9hDkg1eiArmPPqivuZ554dWMbz27nfbUVAIXeZFxY054oFA1au15A6czPwdSNRZIgbINHTZtfGbEf19STTR1aQbEeyRxBlarj-cO34Nxbbr96hfYIMJuDv9cZ3luf6UM6wFq6TPulh9Ab-AZv8bQJIg_YHMV52Thwk40uLajwtny_3GAJ974VdUyVs1mOu9F57waz-ldIOe96W0HCv9yA7C3GFVIOY-kYubmgegye-gLUPRIWAqkS9Vsj3t8d4fNeyjEsKhd6a1V_Unv220b-0k99M_PZmUt8eg66T_Uwt_VtjMvG9UGqMrBrilBU56gg1FbT-Jrbz0YAhUXC4PiCfPFb3EIR4Gr37TAYm-9N3b7pM1brgleytaDsy-u6Buw8fVzrJ1j70bMGKLzZ6DMtlBCMxLxaxJy3Yh7Ece5ItdixFe3XTOC4BTbzVI4JnXj4PR2F_lkA_aSLyTWK5-3Q8ZVXckcIHsDUEggFhREXVaMdfeJak3r4pk63-kDmwOUaMw6UYwDejvfqCgrilo5nZUbY49TJVQSkPmLHdskzShtZ0fdyFXPCZymUbl_nClAIqritv7E20UTBk7c51rmyTEcSxN9M_k-GidlGV80PlXJZIVcI9MVCnV0dbGxLm3487azcIfurqAhP7Jhd_Hi_kj1Nd7sJadM50yRED49iJdfb3XKhxgFENOD2Gmc4h1nQ1kJYOPTpCYKh41K_FHOfnMWWmbHdObVdAxbIrj-QaJPYbE53UHINgKb-W7lqUkLNEfn6eEu1nsOUMxC88bh-TtKDwhwrfIfgq_Q9g5LVF8pg9HdKadWQdykkkmvmd0eVZHWkJHD3ul833kG634h1Q-a42fq4Ibt03fxiGY8yK7akPzrEln-Zw2jWftxFjC6siXDTgt79Vvo7EaC3uQJL_YX-9Xr0AD0hU7iMrZVePdpvbt103yPqqyrIc9x-zmBRNbT50h5OSKnR2fPW18cSd84CDN0dq3myJBeawPBC2vIpRvXn9I5MU4V4upOBOQCKdkqObJwdLlguwf6cEv_VdT2nvfhH7cJGtpy9CdeO877lzHjdM4oyDql1FmRjKOrHd8U2rQ0niRd2VUp8mLfcAYzeq-MkrDGRjPjaZ_Ir3AhJIeootgwYus0w2sjoUBtf8NAI3W-e-kLFIPpC6hTozxh94b3-4lZmakZl2GWvf-g9NCqXaKTdy9kuMo7QoUHOi1U2fPiLxguJ_DlIaeftxPkJqYFyK2YReGLMu6eXAIq2lWlNkS7pfE7LnKkOJo5_D1NRGSvSUvOUU_VaMv97WETcnZn_21sI4fg7SF72FrCnO42mbZFmLBoHcVQTnqvzLxkbAdg0rOv7JWyTlsyWTEy78Pe3a4l2qqyBNUGTDut027RJPKKo63B0VWXKW3LLIOclbfudyrcZknrMVLnXjvvyg117xJfTXe-IRvwLf9KVDtqCfqF15ZztnN4N4ZA9TlfUOKZdXkv-_CAbCKd5o-VknRTokS6YbQiqSGjh_erLTISZotHHyG6rXInbnJCy48rgxgHhHE1A8C2R7lBXzs3BI9qN-pVPqv77t9hrnNEP2UQvoShIqZFlbmAzeXRndOoSwwNFQsRDUuky73Luj3pJyu0YTj6sB9WR5aUGFadkRTLrkL2N4uMf9U6uJKjz0hIPm5yLGbNDWHMQaCDLqv-jN68Ah38kkOrCNgLsgeddX4h33-iRW8FNWWLL1sUrxODXmn84TDYM4Vw46HuWWKN4tkdrTmXXRKQyGSuAzuqgnYr431wCS3-AkzazteTIghq-V8oEGHVJ6BmUQpRpnVdWXFE_np5MPiWACgiI4ratjprKFVjeFcJMXZVz6wZEkW4Eaz9orRD3Xw2FeQQEAVKSykom7-eyWNMnxYkFUCP8i6Kd4gHW9Lod8TMEqvvkrodVju0XLQAjS-qNmSrV7D_1fzLW6j6WwdGiKr57XCHg1GjmdAwOGLLrcujF_p9IlX2giXSFcEaHsLl13wk-eH6Z-mBaJuQO1OcwdX10VVYshzSYfU_wtDurcFhUh1HVSPI631ziZzFEFK9i2NyQpX5zLAdWMV0CFmfmgob-ONYRlhLE4lDNin08aIVpm-YqcU3-_RvZxLrAsKBC9HUX5i1NZjcFwbT9-rPminLV4GfZTAiv8eY6RUNTCWBXQ-QfnAs1C4d0rws3bQMClCZHbu1UPwAEG5RKtY7nIBLGmdAGfipvafGg2zM1cENtW6wCFbFQregM8LPZswc1asx5n8vxaysJ9m-VdF9De5x6QuKXrcjFDFi1-yKoPQ8TvqRVlB_JYcHrEPZIXNn2IQIhcX8neWfvOvttEJQCUlloU0yyNmD1GIsXCU_J4HNG2OtnuwdYBY7XKEU8FRMj4sJtwVV7QwrTcO7nc99Qd4RF8Kd6ehSH6TDNTTri4OuSn5Ou5AUk3Bko0SlSGIrs9KRDxsXXwB2RiewBfFxlz2MgqLB7GcDQfHlcMtnBrUZEl24uQaEdwVbNH95fpISqZ2njQDEjHjy3e8LYMc9uD1r-FeHVdjktrbcsmyAFo_cLtt8My-VOk3EyiWQWmjcEnBQsNborNa25ZNNyJGtvJMvUECa5AZIo-cF3DX_ETDI5sSgSJp6krBeEGm-F4A0E_EWFf96fTE4OQsDPmY5e66PrXmYi7ELwJ8yJZPaRJj-X3KFNOjADXrfTMPe3x1vaBwhjSPdB3mZDdT0N0Jtabd-aBmXkNZ_F0eo1GtVcTHaBrlwqhzFDQiEKWBt_8vKvWSoEECq5G1N2FB8IjYjAF7NkaD71Wk9tUeFwZLH6RE6tDseVhNAwxiIwo5_ihw2A57FxD8XW5HMZvP9CFrYCpXocgtwv2cWcpjdAUwlsEnAVX9zGqDpg8iSH48SvW0P1d5ZsQj0Vl_-NhRT_VhVj-gaGBa6b-z2YJV1AyZSv1YyftaQB0DVZrfQ6J_EcuCzntcYzHAY4cSB3tG3wRZOQOHijJFmMqPiNN31YJVhBcyYtr-2896_IvAkm8SVndlStooHqErmVUnfM-i79G8o-GzDuwhq7wbHV_1FVMjwTZnHg-4d0U2pSH1Zt_GUad1xqw5jfiG_ZNRhrmZL_-WP_yf7F3clu6GGk1vtHjLKEASMmZl2rNrd0mhYsxGPTF-byqXnrz4T-SsinRQunLKFUBHoUZob0MkNVZqf9q9BDGENuA4XD8B6zXptTpkzB41ArHl5s42n5LZRzIV3p-7jhSBKl4KAu20ZhmoB8ITpY7HlAuRxHg21WPsOJfOu-4tZzDPG546toD0NswZc9JJTtS8F0kYuStsJsJj2nQPLuYgDr4OVTpZMRwNEbatuQWPIrM6Vl&cid=CAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA&rfl=1%2Chttps%253A%252F%252Fbuhgalter.com.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 09:34:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 172792
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:34:28 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 24B5 119 KB
36 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Mar 2022 09:34:20 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E9C1 22 KB
8 KB 44ms
44ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Mar 2022 09:34:28 GMT
expires: Fri, 24 Mar 2023 09:34:28 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 172792
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 24B5 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b31653790eaa8fccf7b13668d89bf7796aa481e2199fcf513d4e869c079e34b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 61C9 35 B
463 B 160ms
41ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECTKbxGQS9CCmAF1BWzImrI&google_cver=1&google_push=AYg5qPKojolr3mjO9D7fjgP-shmzisCzt03TMQFaTXzMzMpmxH9fRQLzhQxR4z5zsY2LOvvfg-vvtqkY5xn6OPnVyiD2GCeKGx38

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 61C9
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPLlmxR1...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPLlmxR1...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAzMjYwOTM0MjAwMDAzMDM1NzE3MjU3NA%3D%3D&google_push=AYg5qPLlmxR1uWzZI8K_pdBuYqjP-gWzhHmIyYW2YAA-aLsEykuHMbrUV2Y5o5LDn6KJ0z...

170 B
188 B

53ms
51ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAzMjYwOTM0MjAwMDAzMDM1NzE3MjU3NA%3D%3D&google_push=AYg5qPLlmxR1uWzZI8K_pdBuYqjP-gWzhHmIyYW2YAA-aLsEykuHMbrUV2Y5o5LDn6KJ0zBN6b0NhAV8n0Wswo7KUVYOU0TR6Iql

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAzMjYwOTM0MjAwMDAzMDM1NzE3MjU3NA%3D%3D&google_push=AYg5qPLlmxR1uWzZI8K_pdBuYqjP-gWzhHmIyYW2YAA-aLsEykuHMbrUV2Y5o5LDn6KJ0zBN6b0NhAV8n0Wswo7KUVYOU0TR6Iql
pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Sat, 26 Mar 2022 09:34:20 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 61C9 43 B
349 B 109ms
35ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEB9VpSzlTy5DXELxvH_5l2A&google_cver=1&google_push=AYg5qPJ3DezFktdmmIpga2rUKdONzBssK2Yj0NyPAdJNP2aTkNC0SDYnIfNS-h_c64FKOjSUCbnR_ODrPIValmvWQGLNQSeKxHpu
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:19 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 20odr73oeefcl1mf3imloo33ot11ncfs

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 61C9
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=uEpm240MS7WiMiktcAQOjA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

99ms
55ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=uEpm240MS7WiMiktcAQOjA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ25K0eDJ2NTsArlmzsJadSxDQoWizsnR-A2QqtaP-uZL8x__lxKX8S9FtnlJG0Kubggu2X7wtAvg_hEUc_mDHDxuNzN4Mx

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=uEpm240MS7WiMiktcAQOjA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ25K0eDJ2NTsArlmzsJadSxDQoWizsnR-A2QqtaP-uZL8x__lxKX8S9FtnlJG0Kubggu2X7wtAvg_hEUc_mDHDxuNzN4Mx
date: Sat, 26 Mar 2022 09:34:19 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 61C9
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEETJ42rYOX8bnVwJB9ux7ho&google_cver=1&google_push=AYg5qPI6KtMmoMuCvzDNT1Tewap7ScKwUDDTV4QHn_hlqls1gUrwoCO9AWG3A3oWpHvmTxjWcR6...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDE3Tk9DSEctMTAtSktVUw==&google_push=AYg5qPI6KtMmoMuCvzDNT1Tewap7ScKwUDDTV4QHn_hlqls1gUrwoCO9AWG3A3oWpHvmTxjWcR6iS_CtN-oeJuTsmMj2EEuqcds

170 B
188 B

108ms
55ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDE3Tk9DSEctMTAtSktVUw==&google_push=AYg5qPI6KtMmoMuCvzDNT1Tewap7ScKwUDDTV4QHn_hlqls1gUrwoCO9AWG3A3oWpHvmTxjWcR6iS_CtN-oeJuTsmMj2EEuqcds

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDE3Tk9DSEctMTAtSktVUw==&google_push=AYg5qPI6KtMmoMuCvzDNT1Tewap7ScKwUDDTV4QHn_hlqls1gUrwoCO9AWG3A3oWpHvmTxjWcR6iS_CtN-oeJuTsmMj2EEuqcds
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 61C9
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 61C9 43 B
297 B 290ms
37ms Image
image/gif 2a05:d01c:1d8:8102:a946:f0fe:2301:5b7a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEFz8VLSBy6fsvxlgmPCMr6o&google_cver=1&google_push=AYg5qPIVUegVHxhlbX92IFTDyd0xYdgKRocsaq0fHPTXp5jlfVFZaPcaw-vtgdPEZM0YhgqPwi64bYAHkgw1aAeuJtZdRlunKaWU
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:a946:f0fe:2301:5b7a London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 61C9 0
50 B 51ms
51ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JhX1QuY2G2YJD50Wnuzn3k1KizWbM5HOwZsv16K_RLEfstNqlzOQTUOk8Ln7oEm42-xzft

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 945F 1 KB
749 B 44ms
44ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 26 Mar 2022 05:53:44 GMT
expires: Sun, 27 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 13236
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D10F 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b17159bcb4cfca2795c6c00797ef9f6323d72474d03133eade4826beab6f498

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8CFA 22 KB
8 KB 49ms
42ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Mar 2022 09:34:28 GMT
expires: Fri, 24 Mar 2023 09:34:28 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 172792
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame DB1C 22 KB
8 KB 62ms
53ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Mar 2022 09:34:28 GMT
expires: Fri, 24 Mar 2023 09:34:28 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 172792
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_2022031601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame E829 365 KB
124 KB 55ms
50ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

5042f25c3eb1530880fa3b05325462c028492caf22141409999cdd7e6364b8ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:32:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126823
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 08:34:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 26 Mar 2023 09:32:21 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15654399513907747201/ Frame 0878 87 KB
19 KB 117ms
54ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15654399513907747201/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7dfecd6e97c88fdefc02ab2c9fec266255f057d69b2e877f29b67d443e325cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 19367
date: Tue, 22 Mar 2022 06:59:41 GMT
expires: Wed, 22 Mar 2023 06:59:41 GMT
cache-control: public, max-age=31536000
age: 354879
last-modified: Tue, 22 Feb 2022 16:08:43 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8A56 0
61 B 92ms
83ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstiZNG04srpRAudxlBzTYN2rBoZcuTQWNCNXzgzakoVz1KMkjLwhzAy1t_7xNUhd8PUMRjV0NmaahhWu8ULPmEG1Qxfa1j2I9HSNNZxx8jAFoTJXurZefmoM-fIZErIx8OswL75jliqIOdWo6djNu7b5C2zSL7ErLefnISDaeT-CfPMN0j83TeUG2iGaA9ZEJo7D-zqTvlDb6QLu2cDKEE8s39uCDdq3CZV0un4SixsjNovOLhgCK9VX5q-0O96it7WBHWF01eAl2g7XZvhWKZeBbOQqjMRNB-L-wTNw6sQng_v_BFJP7u3gZtnH4jtsRGZaiTAx2NaGQEUiqMAs5nN1TyAIYXjTFltg__NZ_COyvzE0uPTgX75Eac_OcZjMgzTXh6rVBJY04Ah10MfvxEL6zREiX4YzTsqf1ElP_qqQxGlFvEYwzWFNeqIRLn9l9qx2nlw-FsFIrqAowVS11JRmJcQNfFueuNYwbR2T5zoSCAkeOdKybChMupnslkqMf18sMl_2aHjngQmLDf6_l1CPYuQFyMoSFIuvzEfTYwD3IBP60y9cneKQ_qJMTloZ5xdm7AlJZU_BZXarTxRZYk8LQfn6RTA9JvOBWyYF8gjnVQrSCs40jIY9IqxsHt7RzuX__1kjp8MB490V03l-wSzsdtwe4i6IFgtf3L545EUBwlE3cM620C2JHG0OwcE04j5HbbLXjVpBPL7PGybqKRdYyxBqKlLGYdaEYC4UdMVGwOzw1ecLSVlc7uFaWeyCclctYUQWy9RYxYyXi_ovpntbA_bGMX7hKTTxhc2iNJUrmZbTglc2eqVDrZw9vxs-pu-5Bd8EdWZljLATVkxCBHUHMRMKfUEFybIAOeeKWjuUDKG9y8ChN3RvZS7q8zTYNRz-2EApTo-TndypqV9DH2FleE-Mx_W5IssH2q8jDbdAuRM9glipXxaAu0zdfhynD9QVlnrYswSTul1uES3FvfRg5z7W4whLQzWTKSs6ovpc4OyRvvE_3sBHzWvaY2RbkkNRyyIaP3aSvjhwr8U_GogqopMWuam0hrFQdJgAglSxGpjvsV3RM4WChBrYv7ICqQRLvw_wAQD09NiAxsilFbCOc4ygTYIBFHXccpD_LZTVxLZ6ITZKVCObBaOY9Y0RD2QUnuym-0cuPqD0xkzN5neYdICb0c-6DmR-_-rA_VBJnWEwmLzjTx_kZUH-QwWyPtTigFQtEJ2F766DQ5qzVlb3XpYeM0ZFo9P6XIvz5KLo5WR4TeOLXX3h70m2BraMW5YUR-kblz1DLw7&sai=AMfl-YTUhlX54gI7yrvzYJuVFAV9oNSKTB81AX85GJe8s3Ib16jOkMw7jNlyZmuijWbTDtBoMpwlZtNOkJfzfcMUunOo5wrFSA8QaJPdb6JQHIOoskWXmzHAxiQohQU7UdV2o1LOXoF9B_5FtuY9du1dosts_GGbt8yLpbEPfKKWradPJPc1msFMbdfsjf7MM3rsiWLnEuWVq1UWZZR1RtwPkLruWzysRS-Zw0Rk9bzfpGdJPp77hd-O6JDPKn4bXI5EE6dxZ7m1RUBT9Q_5aqyxFVyufM-98onuWCmrm14ay7RlMaNyoB4dkmvQxOGt1yqa&sig=Cg0ArKJSzFY2QsPs3RpdEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=247&cbvp=1&cstd=220&cisv=r20220323.41134&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 26 Mar 2022 09:34:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2

200

adServer.bs Show response
bs.serving-sys.com/Serving/ Frame A1F2
Redirect Chain

https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/958741/61007899/Serving/adServer.bs?c=28&cn=display&pli=1077596117&gdpr=&gdpr_consent=&w=250&h=250&ord=1648287259095059&ncu=$$https://googleads...
https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1077596117&gdpr=&gdpr_consent=&w=250&h=250&ord=1648287259095059&ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3D...

19 KB
7 KB

425ms
42ms

Script
text/html

3.126.134.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1077596117&gdpr=&gdpr_consent=&w=250&h=250&ord=1648287259095059&ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%26sig%3DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%26client%3Dca-pub-8618771545316321%26dbm_c%3DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%26cry%3D1%26dbm_d%3DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%26adurl%3D$$&ifrm=-1&ebaddid=$$[Device_Advertising_ID_MACRO]$$&z=0
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 3.126.134.118 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-134-118.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1103dead2c84761ac4059e654c95377a9a4ae80d5c5b37eb8058eaf1d2bfd93a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: text/html; charset=UTF-8
content-length: 7060
expires: Sun, 05-Jun-2005 22:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
x-server-name: app16.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1077596117&gdpr=&gdpr_consent=&w=250&h=250&ord=1648287259095059&ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%26sig%3DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%26client%3Dca-pub-8618771545316321%26dbm_c%3DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%26cry%3D1%26dbm_d%3DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%26adurl%3D$$&ifrm=-1&ebaddid=$$[Device_Advertising_ID_MACRO]$$&z=0
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 1242 80 KB
21 KB 169ms
48ms Script
application/javascript 2600:9000:2156:b400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:b400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
content-encoding: gzip
age: 3353777
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: hGc1ebi5vMqOncMDcZ17Lpwk33vlKj1kEqr1OsEwg6B9QTkxANsgwA==

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ 87 KB
28 KB 125ms
42ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 27 Mar 2022 09:34:20 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
216 B 550ms
107ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=958741&asId=6cc4dcd4-fb3c-9059-c9da-214cb7ba7c94&tv=%7Bc:7XuK2d,pingTime:-3,time:67,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:250,h:250,t:19%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:67,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B62~0%5D,as:%5B62~250.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C182%7C183%7C1911%7C1912%7C1913%7C1914%7C1a*.958741-61007899%7C1a1%7C1a2%7C1b1%7C1b2%7C1b3%7C1c,idMap:1a*,rmeas:1,rend:0,renddet:IMG.us%7D&br=c
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 550ms
108ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=958741&asId=6cc4dcd4-fb3c-9059-c9da-214cb7ba7c94&tv=%7Bc:7XuK2e,pingTime:-6,time:68,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:68,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B63~0%5D,as:%5B63~250.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C182%7C183%7C1911%7C1912%7C1913%7C1914%7C1a*.958741-61007899%7C1a1%7C1a2%7C1b1%7C1b2%7C1b3%7C1c,idMap:1a*,rmeas:1,rend:0,renddet:IMG.us%7D&tpiLookup=ao:buhgalter.com.ua*&br=c
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 488ms
108ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=958741&asId=6cc4dcd4-fb3c-9059-c9da-214cb7ba7c94&tv=%7Bc:7XuK3i,pingTime:-2,time:134,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:581,beZ:582,mfA:583,cmA:584,inA:584,inZ:588,prA:588,prZ:595,si:600,poA:602,poZ:621,cmZ:621,mfZ:621,loA:648,loZ:650,ltA:714,ltZ:714%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:250,h:250,t:19%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:134,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B129~0%5D,as:%5B129~250.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C182%7C183%7C1911%7C1912%7C1913%7C1914%7C1a*.958741-61007899%7C1a1%7C1a2%7C1b1%7C1b2%7C1b3%7C1c,idMap:1a*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,sinceFw:113,readyFired:false%7D&br=c
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js Show response
pagead2.googlesyndication.com/bg/ Frame E9C1 35 KB
13 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bee92aa99304c2229f3b9888402d90be283f3f5101c118ba1c7fa7ed6df18521

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 12:51:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74589
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13603
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Mar 2023 12:51:11 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 945F
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECTKbxGQS9CCmAF1BWzImrI&google_cver=1&google_push=AYg5qPK1sv18x1jr-0SRIldkkMm_QQQj18QsUzWbKgmMAoI-3BtMnidvTW...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPK1sv18x1jr-0SRIldkkMm_QQQj18QsUzWbKgmMAoI-3BtMnidvTWMz1ID6dLztUHajjAR_u1kvW9lDBPCb9ov2Ef8Sww&google_hm=Uaq56NGayPd668...

170 B
188 B

55ms
55ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPK1sv18x1jr-0SRIldkkMm_QQQj18QsUzWbKgmMAoI-3BtMnidvTWMz1ID6dLztUHajjAR_u1kvW9lDBPCb9ov2Ef8Sww&google_hm=Uaq56NGayPd668uoGHEKxw

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPK1sv18x1jr-0SRIldkkMm_QQQj18QsUzWbKgmMAoI-3BtMnidvTWMz1ID6dLztUHajjAR_u1kvW9lDBPCb9ov2Ef8Sww&google_hm=Uaq56NGayPd668uoGHEKxw
pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 945F
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJ5zhZZ9sR9wBMe_XGsff2HBSDrA5yEHiB_5b1...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWo3ZUhBQUFCU1hlM1YxRQ&google_push=AYg5qPJ5zhZZ9sR9wBMe_XGsff2HBSDrA5yEHiB_5b1KLUVMeSHkuEHDrm60cmhr7A-4mY0aH9RgIVPL9KkhESVaznb4M-nL9co

170 B
188 B

56ms
53ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWo3ZUhBQUFCU1hlM1YxRQ&google_push=AYg5qPJ5zhZZ9sR9wBMe_XGsff2HBSDrA5yEHiB_5b1KLUVMeSHkuEHDrm60cmhr7A-4mY0aH9RgIVPL9KkhESVaznb4M-nL9co

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWo3ZUhBQUFCU1hlM1YxRQ&google_push=AYg5qPJ5zhZZ9sR9wBMe_XGsff2HBSDrA5yEHiB_5b1KLUVMeSHkuEHDrm60cmhr7A-4mY0aH9RgIVPL9KkhESVaznb4M-nL9co
Date: Sat, 26 Mar 2022 09:34:20 GMT
Server: Apache
Connection: keep-alive
Content-Length: 390
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 945F
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEKY5rPhc-81dAYtl9-OBCgw&google_cver=1&google_push=AYg5qPLcNLg8eWBQEZGoxY0Eiby7q8GqMPQ5NWQv36wldhGjjGo9NpsN_5ZFvfjwr_9mG2ZYMnmcKYA7bG-M0y1uRmwpm9Oych8
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLcNLg8eWBQEZGoxY0Eiby7q8GqMPQ5NWQv36wldhGjjGo9NpsN_5ZFvfjwr_9mG2ZYMnmcKYA7bG-M0y1uRmwpm9Oych8&google_hm=Q0FFU0VLWTVyUGhjLTgxZE...

170 B
188 B

58ms
56ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLcNLg8eWBQEZGoxY0Eiby7q8GqMPQ5NWQv36wldhGjjGo9NpsN_5ZFvfjwr_9mG2ZYMnmcKYA7bG-M0y1uRmwpm9Oych8&google_hm=Q0FFU0VLWTVyUGhjLTgxZEFZdGw5LU9CQ2d3

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:20 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLcNLg8eWBQEZGoxY0Eiby7q8GqMPQ5NWQv36wldhGjjGo9NpsN_5ZFvfjwr_9mG2ZYMnmcKYA7bG-M0y1uRmwpm9Oych8&google_hm=Q0FFU0VLWTVyUGhjLTgxZEFZdGw5LU9CQ2d3
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame 945F 43 B
64 B 69ms
34ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEB9VpSzlTy5DXELxvH_5l2A&google_cver=1&google_push=AYg5qPI0GE1qcK0kH6s0r2GtgWVsnWl7U5e5ks1vfZkT5FcPwA3Y_8TDfEy5W-bc59hy5pGa-QlsbuKbaZadRTZPNSXxLnuyhnw
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:19 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 70nhtnga679ag3hhhfea3g4vudcd2k6j

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 945F
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=uEpm240MS7WiMiktcAQOjA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

56ms
56ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=uEpm240MS7WiMiktcAQOjA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ4z1FViYihJGlTUM6zNFe31iUgUPe-53iFMyGvEILFwm8ur7MQpPzQH_78EWv5pwN44cmZZ15J1noqQy4ioqLRzIO2gPo

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=uEpm240MS7WiMiktcAQOjA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ4z1FViYihJGlTUM6zNFe31iUgUPe-53iFMyGvEILFwm8ur7MQpPzQH_78EWv5pwN44cmZZ15J1noqQy4ioqLRzIO2gPo
date: Sat, 26 Mar 2022 09:34:19 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 945F
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEETJ42rYOX8bnVwJB9ux7ho&google_cver=1&google_push=AYg5qPJU7mAziqYhCoeRCkGV81fbHNKh1F5PjfGkp8h6_8qY2e5JTE_Hh3OqWmKZr-4v5XyPLWp...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDE3Tk9DSEctMTAtSktVUw==&google_push=AYg5qPJU7mAziqYhCoeRCkGV81fbHNKh1F5PjfGkp8h6_8qY2e5JTE_Hh3OqWmKZr-4v5XyPLWpntSXT248vlv585ds09hn4x1E

170 B
188 B

54ms
54ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDE3Tk9DSEctMTAtSktVUw==&google_push=AYg5qPJU7mAziqYhCoeRCkGV81fbHNKh1F5PjfGkp8h6_8qY2e5JTE_Hh3OqWmKZr-4v5XyPLWpntSXT248vlv585ds09hn4x1E

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDE3Tk9DSEctMTAtSktVUw==&google_push=AYg5qPJU7mAziqYhCoeRCkGV81fbHNKh1F5PjfGkp8h6_8qY2e5JTE_Hh3OqWmKZr-4v5XyPLWpntSXT248vlv585ds09hn4x1E
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 945F
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrL...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 945F 0
12 B 87ms
54ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LI0Dxz7WpIf8UEZNfY-ZRfW2hy66WD6aiFQqjj6I6WNGGmYIAhoqJo-SHAVYFelOGz3-83

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame D10F 0
23 B 128ms
79ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Mar 2022 09:34:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 css
fonts.googleapis.com/ Frame 0878 2 KB
525 B 51ms
51ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:600

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15654399513907747201/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9273b477f4fef4a4676b673d25b775558dc37dac7961b141f402236862e3adec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 09:34:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 26 Mar 2022 09:34:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 26 Mar 2022 09:34:20 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 0878 29 KB
10 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15654399513907747201/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15654399513907747201/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 12:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74798
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 26 Mar 2022 12:47:42 GMT

GET
H3 200 CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js Show response
pagead2.googlesyndication.com/bg/ Frame 8CFA 35 KB
14 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13806
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Mar 2023 09:32:32 GMT

GET
H3 200 CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js Show response
pagead2.googlesyndication.com/bg/ Frame DB1C 35 KB
14 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13806
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Mar 2023 09:32:32 GMT

GET
H2 200 12176326043079878322_15074395238323109386.jpeg
static.doubleclick.net/dynamic/5/173091021/ Frame 5CC9 34 KB
35 KB 376ms
38ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/173091021/12176326043079878322_15074395238323109386.jpeg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ac63a8cb878281a780c3e55c2d0365fcfa69ee37dcf4561963b4d22905e5ab8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 19 Mar 2022 13:19:42 GMT
x-content-type-options: nosniff
age: 591278
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34800
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 07:47:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Mar 2023 13:19:42 GMT

GET
H2 200 4909866660199748629_11192439161167227090.png
static.doubleclick.net/dynamic/5/173091021/ Frame 5CC9 26 KB
26 KB 472ms
135ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/173091021/4909866660199748629_11192439161167227090.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e968c9b982a7c78e187a35238d2d1f84956d7755938a74748cb6b5887d6a9d62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 14:49:22 GMT
x-content-type-options: nosniff
age: 326698
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26691
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 07:47:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 22 Mar 2023 14:49:22 GMT

GET
H3 200 _Google_Dynamic_Display_Ad_160_x_600_1_.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/ Frame 5CC9 7 KB
7 KB 47ms
43ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/_Google_Dynamic_Display_Ad_160_x_600_1_.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2fc6b7b81c4f68e12b4c2e30e5027499a62f604a40ce524ddd37ca4b5b51fa0a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 251454
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6999
x-xss-protection: 0
last-modified: Thu, 12 Nov 2020 01:42:25 GMT
server: sffe
date: Wed, 23 Mar 2022 11:43:26 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Mar 2023 11:43:26 GMT

GET
H3 200 Google_Dynamic_Display_Ad_728_x_90_1_.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/ Frame 5CC9 8 KB
8 KB 46ms
43ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/Google_Dynamic_Display_Ad_728_x_90_1_.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c366c2607202adba86c9859c759f1840703ac157360248f5bb71987868dd270b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 237181
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8097
x-xss-protection: 0
last-modified: Thu, 12 Nov 2020 01:42:25 GMT
server: sffe
date: Wed, 23 Mar 2022 15:41:19 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Mar 2023 15:41:19 GMT

GET
H3 200 Google_Dynamic_Display_Ad_468_x_60_2_.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/ Frame 5CC9 5 KB
5 KB 62ms
59ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/Google_Dynamic_Display_Ad_468_x_60_2_.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c764a032b92ca26c29a916fafd3f9a0c31a4b4bf9f5ce6ec2fe54f916a912e5

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 374263
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5101
x-xss-protection: 0
last-modified: Thu, 12 Nov 2020 01:42:25 GMT
server: sffe
date: Tue, 22 Mar 2022 01:36:37 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 22 Mar 2023 01:36:37 GMT

GET
H3 200 Google_Dynamic_Display_Ad_336_x_280_1_.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/ Frame 5CC9 10 KB
10 KB 61ms
58ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/Google_Dynamic_Display_Ad_336_x_280_1_.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a58f5012ac311a63cec9b7ec64bed5cd95b85bec8c887658de0fedd7121515c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 237181
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10096
x-xss-protection: 0
last-modified: Thu, 12 Nov 2020 01:42:25 GMT
server: sffe
date: Wed, 23 Mar 2022 15:41:19 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Mar 2023 15:41:19 GMT

GET
H3 200 Google_Dynamic_Display_Ad_300_x_600_1_.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/ Frame 5CC9 14 KB
14 KB 53ms
50ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/Google_Dynamic_Display_Ad_300_x_600_1_.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1bd8279cdd86c374c92e8bc61ad52b9dea7afb69d7e8ffba7b13bb28c3fcd72

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 251454
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13870
x-xss-protection: 0
last-modified: Thu, 12 Nov 2020 01:42:25 GMT
server: sffe
date: Wed, 23 Mar 2022 11:43:26 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Mar 2023 11:43:26 GMT

GET
H3 200 Google_Dynamic_Display_Ad_300_x_250_1_.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/ Frame 5CC9 8 KB
8 KB 51ms
48ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/Google_Dynamic_Display_Ad_300_x_250_1_.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c8cc85f7ce109c357d903d6ce6ced65b2a8137e177cacd0c42b77ea328407f8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 83543
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8646
x-xss-protection: 0
last-modified: Thu, 12 Nov 2020 01:42:25 GMT
server: sffe
date: Fri, 25 Mar 2022 10:21:57 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 25 Mar 2023 10:21:57 GMT

GET
H3 200 Google_Dynamic_Display_Ad_180_x_150_1_.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/ Frame 5CC9 6 KB
6 KB 60ms
58ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9177425597507305472/Google_Dynamic_Display_Ad_180_x_150_1_.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d8bed03cbf7fcb49bdbf150b1a0f8579a6469c36de41b7a790da906c83c620c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 321113
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6502
x-xss-protection: 0
last-modified: Thu, 12 Nov 2020 01:42:25 GMT
server: sffe
date: Tue, 22 Mar 2022 16:22:27 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 22 Mar 2023 16:22:27 GMT

GET
H2 200 ic5.php Show response
data00.adlooxtracking.com/ads/ Frame D10F 13 KB
3 KB 289ms
51ms XHR
text/plain 35.241.31.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://data00.adlooxtracking.com/ads/ic5.php?d1=%7B%22tag_hash%22%3A%22platform%3D7%26scriptname%3Dadl_57%26tagid%3D529%26typejs%3Dtvaf%26fwtype%3D1%26creatype%3D2%26targetelt%3D%26custom1area%3D50%26custom1sec%3D1%26custom2area%3D0%26custom2sec%3D0%22%7D&adloox_io=1&client=nmp&campagne=57&banniere=0&visite_id=53791524958&seq=0&timezone=0&js=tfav_adl_57.js&date_regen=2021-12-14%2010%3A16%3A28&plat=7&tagid=529&fw=1&version=1&type_crea=2&sl=%22sm%22%3A%22browser%22&id1=9295572&id2=27377933&id3=330734833&id4=5325044&id5=167554420&id14=%24ADLOOX_WEBSITE&id15=display&id20=614b730&p_d=0.124&d5=800&d3=1600x1200&d6=found-wabbit&d7=0&appname=Netscape&fai=frame%20without%20title&iframe=1&fake=010000&resolution=1600x1200&nav_lang=en-US&debug=6%3A%20top%20%21%3D%20window%20-%3E%20GLOBAL.document.referrer%20https%3A%2F%2Fb5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&url_referrer=https%3A%2F%2Fbuhgalter.com.ua%2F&ao=https%3A%2F%2Fbuhgalter.com.ua&nb_cpu=4&data=522662463ftttttttffffffttttftffffffffttttf&activetab=1
Requested by: Host: j.adlooxtracking.com
URL: https://j.adlooxtracking.com/ads/js/tfav_adl_57.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.31.249 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 249.31.241.35.bc.googleusercontent.com
Software: nginx/1.19.8 / PHP/7.4.28
Resource Hash: 33b5d3b7aad26d60afa01ea0817bd0b26c8e480ce5bb777b41a1b5eac78cc37f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
access-control-allow-origin: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
x-powered-by: PHP/7.4.28
route: ads-prod-7898dcb597-2j8gd
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pragma: no-cache
server: nginx/1.19.8
vary: Accept-Encoding
accept-ch-lifetime: 86400
content-type: text/plain; charset=utf-8
via: 1.1 google
cache-control: no-cache, no-store, must-revalidate
accept-ch: UA-Arch, UA-Model, UA-Platform, UA-Platform-Version, UA-Mobile, UA, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Platform, Arch, Model, Mobile
timing-allow-origin: *
expires: 0

GET
DATA 200
OK truncated
/ Frame E829 211 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 363832ce22d752de90a8074c063a729895ac3cf4c5650e1a5b82cfe2f5ee7674

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 invamia.svg
ad.invamia.com/images/logos/ Frame E829 723 B
860 B 50ms
28ms Image
image/svg+xml 185.180.223.67
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.invamia.com/images/logos/invamia.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.180.223.67 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 185-180-223-67.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 00ff3d800f0331daf779375be423ca2a75a86ed17074ce745decd398b56d3326

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
last-modified: Tue, 02 Nov 2021 13:38:25 GMT
server: nginx/1.14.0 (Ubuntu)
accept-ranges: bytes
etag: "61813f51-2d3"
content-length: 723
content-type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E829 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7683702fa7b021af2839f5ed4c2c009956332805b0c4e2c054346993fa2ec07b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ Frame E829 107 B
122 B 61ms
50ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=buhgalter.com.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame E829 107 B
122 B 58ms
48ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=buhgalter.com.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame E829 23 KB
11 KB 393ms
392ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=478551931505792&correlator=2445079821060920&eid=31065713%2C31065783%2C31065802%2C31065653&output=ldjh&gdfp_req=1&vrg=2022031601&ptt=17&impl=fifs&iu_parts=21986089839%3A22684163321%2Civm_display%2Civm_buhgalter.com.ua_banner_970x90&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C970x90%7C970x66%7C960x90%7C950x90%7C930x180%7C750x200%7C750x100%7C728x90%7C468x60%7C336x90%7C321x123%7C320x100%7C320x50%7C300x100%7C300x75%7C300x50%7C300x31%7C292x30%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x200%7C180x150%7C168x42%7C168x28%7C125x125%7C120x90%7C120x60%7C120x30%7C120x20%7C88x31&fluid=height&ifi=1&adks=2091550451&sfv=1-0-38&ecs=20220326&fsapi=false&prev_scp=mt_fln%3D0.3&sc=1&cookie=ID%3D3f510d12f0aa8ce9%3AT%3D1648287258%3AS%3DALNI_Mblq5-9OOUoLUZ2_DNWWopUinTEcA&cdm=buhgalter.com.ua&abxe=1&dt=1648287260711&lmt=1648287260&dlt=1648287259811&idt=726&biw=1600&bih=1200&isw=970&ish=90&adxs=315&adys=1225&ucis=ye0dvvmb4fjh&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fbuhgalter.com.ua%2F&top=https%3A%2F%2Fbuhgalter.com.ua%2F&frm=23&vis=1&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&fws=772&ohw=970&ea=0&ga_vid=269659947.1648287258&ga_sid=1648287261&ga_hid=2056297558&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

00b653bfebb5f96f51d571d67f1c7d71b27e6243e98ff235a2d238d997e8a750

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11296
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E829 14 KB
10 KB 105ms
57ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022031601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

32179751d722b2035ef26c068daba6a4a66b67e54a4c3a50c2d52654cf5fc49e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10497
x-xss-protection: 0

GET
H2 200 container.html Show response
19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8222 6 KB
3 KB 79ms
50ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 26 Mar 2022 09:34:20 GMT
expires: Sun, 26 Mar 2023 09:34:20 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 007B 13 KB
5 KB 177ms
58ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=buhgalter.com.ua

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 2119
date: Sat, 26 Mar 2022 09:34:20 GMT
content-length: 5147
strict-transport-security: max-age=31536000; preload;

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 97 KB
31 KB 183ms
55ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ff6956c6d9b77bdecabeef7eafb5625c810cf5694db1204d0a48e102ecd73c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
last-modified: Tue, 08 Mar 2022 02:42:25 GMT
server: nginx
etag: W/"6226c291-1834f"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 27 Mar 2022 09:34:20 GMT

GET
H3 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2
fonts.gstatic.com/s/montserrat/v23/ Frame 0878 12 KB
12 KB 98ms
42ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v23/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae308e0f954dd9a45304361e81dffc8a3893584af53b9779722bbb51a7c71e08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 15:07:27 GMT
x-content-type-options: nosniff
age: 239213
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12636
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:11:57 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Mar 2023 15:07:27 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 78ms
76ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022031601&jk=1896040571986838&bg=!ExClEFTNAAbzJazn0yU7ACkAdvg8Wt9MtGW5WbfEeBtYmRZ2wA807Cewj72z1CzrfnfUrXT_uc7HMwIAAAD2UgAAAAJoAQeZAunYwGqzJjQnPz55QCIGY2SxcyzCe4R7Zs-s8vNAHlcfR0QcO3qnJSKaVkjNBAgkGVm85n1qeUqjVDi1g4skmE8k0qoGKqurMwnAC-nTIymD5LfNjfYAT5_NiLtJDyTAb0ZVwe4Qrh6i3syzETrL2-37ooBeLjIr5C5V1pgfSOQ6s35ia-EgDwTXLUGm2JQG8Tn-dekNlF7efXFwwi72PfIqBubfDbG3txu7rK9RsJcJ4TPmZ5EMzlTZ021OOtprrs4H637VG__vPPQXsPnDZmqwRzqQU6ZP4X87sxHQU1uCF5wx7ya5UD-OWGMsibj3jVkvdAf8xT62nJzV8QgfJ4iKo0b8of4PsAhQr-TBU2ZSHbg3-kdkAJG4vVuFPCsDoyb40ItrivZbN_MDLUIoYxLx3L49My_-zgDh964LbQy-rjXMzHnRL4SmeTXt2jFYQNXc66dDNcyiM7F5rffOyLceuQOtQn9mBOVuvMddex38JztqcvHxUw2clTgN19jnIAeMqUNutSsYwUHPSdSWBl4YoCFjT6ZVi0cCGf2viSC86nnCoxUvBNDSzBtbE14A1rSjfE8vpb6lU0OsSL6bmvG_-D1QnQqr5PVm87peZBWRYGomHkwHcDhYIi0B_r-kxh80wWEWQSFvWQA9LO388giAFS87bQ1Da9zaiHeOIk_8ozyDJN03p39u9f_OtqYDLb9sCcporQ3Qz63IsUI0hDRKRb2sF9FjOnOLK_QYwEBN-kemtFN4pQ95B5kJFH2UKIv4Ke1MFrLdN0Twb3omzQ2cU_vbi_VQ9MIYbiZqcGszibESenZe-NJ1m-xsjkIHIVIKZIK5SfZtGtXZUcXKItX7GvckZbO4WqZo7naNnc3WwnpV4hVl4nxNrPVHG4Cj6eVh-6cS_YzNWObAXBgWAKm-siAaVvMNdsbc4-NyEXxLCa40GTbhZP-4i3U0FKXtpCbGpczJfwzeGoD9WyF48FYmcEvoipb9_sbJ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8A56 0
23 B 81ms
80ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstiZNG04srpRAudxlBzTYN2rBoZcuTQWNCNXzgzakoVz1KMkjLwhzAy1t_7xNUhd8PUMRjV0NmaahhWu8ULPmEG1Qxfa1j2I9HSNNZxx8jAFoTJXurZefmoM-fIZErIx8OswL75jliqIOdWo6djNu7b5C2zSL7ErLefnISDaeT-CfPMN0j83TeUG2iGaA9ZEJo7D-zqTvlDb6QLu2cDKEE8s39uCDdq3CZV0un4SixsjNovOLhgCK9VX5q-0O96it7WBHWF01eAl2g7XZvhWKZeBbOQqjMRNB-L-wTNw6sQng_v_BFJP7u3gZtnH4jtsRGZaiTAx2NaGQEUiqMAs5nN1TyAIYXjTFltg__NZ_COyvzE0uPTgX75Eac_OcZjMgzTXh6rVBJY04Ah10MfvxEL6zREiX4YzTsqf1ElP_qqQxGlFvEYwzWFNeqIRLn9l9qx2nlw-FsFIrqAowVS11JRmJcQNfFueuNYwbR2T5zoSCAkeOdKybChMupnslkqMf18sMl_2aHjngQmLDf6_l1CPYuQFyMoSFIuvzEfTYwD3IBP60y9cneKQ_qJMTloZ5xdm7AlJZU_BZXarTxRZYk8LQfn6RTA9JvOBWyYF8gjnVQrSCs40jIY9IqxsHt7RzuX__1kjp8MB490V03l-wSzsdtwe4i6IFgtf3L545EUBwlE3cM620C2JHG0OwcE04j5HbbLXjVpBPL7PGybqKRdYyxBqKlLGYdaEYC4UdMVGwOzw1ecLSVlc7uFaWeyCclctYUQWy9RYxYyXi_ovpntbA_bGMX7hKTTxhc2iNJUrmZbTglc2eqVDrZw9vxs-pu-5Bd8EdWZljLATVkxCBHUHMRMKfUEFybIAOeeKWjuUDKG9y8ChN3RvZS7q8zTYNRz-2EApTo-TndypqV9DH2FleE-Mx_W5IssH2q8jDbdAuRM9glipXxaAu0zdfhynD9QVlnrYswSTul1uES3FvfRg5z7W4whLQzWTKSs6ovpc4OyRvvE_3sBHzWvaY2RbkkNRyyIaP3aSvjhwr8U_GogqopMWuam0hrFQdJgAglSxGpjvsV3RM4WChBrYv7ICqQRLvw_wAQD09NiAxsilFbCOc4ygTYIBFHXccpD_LZTVxLZ6ITZKVCObBaOY9Y0RD2QUnuym-0cuPqD0xkzN5neYdICb0c-6DmR-_-rA_VBJnWEwmLzjTx_kZUH-QwWyPtTigFQtEJ2F766DQ5qzVlb3XpYeM0ZFo9P6XIvz5KLo5WR4TeOLXX3h70m2BraMW5YUR-kblz1DLw7&sai=AMfl-YTUhlX54gI7yrvzYJuVFAV9oNSKTB81AX85GJe8s3Ib16jOkMw7jNlyZmuijWbTDtBoMpwlZtNOkJfzfcMUunOo5wrFSA8QaJPdb6JQHIOoskWXmzHAxiQohQU7UdV2o1LOXoF9B_5FtuY9du1dosts_GGbt8yLpbEPfKKWradPJPc1msFMbdfsjf7MM3rsiWLnEuWVq1UWZZR1RtwPkLruWzysRS-Zw0Rk9bzfpGdJPp77hd-O6JDPKn4bXI5EE6dxZ7m1RUBT9Q_5aqyxFVyufM-98onuWCmrm14ay7RlMaNyoB4dkmvQxOGt1yqa&sig=Cg0ArKJSzFY2QsPs3RpdEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=830&vt=11&dtpt=583&dett=3&cstd=220&cisv=r20220323.41134&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 26 Mar 2022 09:34:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E829 17 KB
6 KB 54ms
52ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Mar 2022 09:34:20 GMT

GET
H3 200 app_buttons.png
s0.2mdn.net/sadbundle/15654399513907747201/ Frame 0878 8 KB
8 KB 44ms
43ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15654399513907747201/app_buttons.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6044ea8cfc80c34e7dd648a07a39047f99135cb4404dc20ad4076a013ac2be3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15654399513907747201/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 06:59:41 GMT
x-content-type-options: nosniff
age: 354879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7861
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 16:08:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 06:59:41 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/15654399513907747201/ Frame 0878 3 KB
3 KB 43ms
42ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15654399513907747201/logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

17f305280c8adcc37db648e59ac434732bf1a0ca43d1cd890fa8225f0d081f9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15654399513907747201/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 21:10:14 GMT
x-content-type-options: nosniff
age: 390246
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3011
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 16:08:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Mar 2023 21:10:14 GMT

GET
H2 200 lato.woff2
cdn.gravitec.net/fonts/ 14 KB
14 KB 53ms
53ms Font
application/octet-stream 45.133.44.4
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/fonts/lato.woff2
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6

Request headers

Referer: https://buhgalter.com.ua/
Origin: https://buhgalter.com.ua
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:21 GMT
last-modified: Wed, 02 Feb 2022 09:01:35 GMT
server: nginx
etag: "61fa486f-36dc"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
expires: Wed, 02 Feb 2022 09:06:28 GMT
cache-control: max-age=10
accept-ranges: bytes
content-length: 14044
x-proxy-cache: HIT

GET
H2 200 ebHtml5PoliteBanner.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_218_3_0/ Frame A1F2 316 KB
83 KB 279ms
50ms Script
application/javascript 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_218_3_0/ebHtml5PoliteBanner.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/958741/61007899/Serving/adServer.bs?c=28&cn=display&pli=1077596117&gdpr=&gdpr_consent=&w=250&h=250&ord=1648287259095059&ncu=$$https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%26sig%3DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%26client%3Dca-pub-8618771545316321%26dbm_c%3DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%26cry%3D1%26dbm_d%3DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%26adurl%3D$$&ifrm=-1&ebaddid=$$[Device_Advertising_ID_MACRO]$$&z=0&adsafe_url=https%3A%2F%2Fbuhgalter.com.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fb5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fb5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:6cc4dcd4-fb3c-9059-c9da-214cb7ba7c94,c:7XuK1r,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67cb66fbd5-x7nvk,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:2,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C182%7C183%7C1911%7C1912%7C1913%7C1914%7C1a*.958741-61007899%7C1a1%7C1a2%7C1b1%7C1b2%7C1b3%7C1c,idMap:1a*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:20,oid:e9d9a384-ace7-11ec-b187-6ab2fcee59df,v:19.8.299,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 3dd2076fdf435f4e8832916bf225c47d674271f270845594dd2508846f875bc8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:21 GMT
content-encoding: gzip
last-modified: Wed, 23 Mar 2022 13:01:17 GMT
server: AmazonS3
x-amz-cf-pop: EWR52-C1
etag: W/"8523fd0272383bcc31681a4fc2c6fa70"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2350307
accept-ranges: bytes
content-length: 84484
x-amz-cf-id: PsVWwR8m1qWXXgC0YeKU4PjWon-yz_AbDwyNxvvBXpLFC8Gsh4Podw==

GET
H2 200 main.gr.19.8.299.js Show response
static.adsafeprotected.com/ Frame A1F2 189 KB
60 KB 49ms
48ms Script
application/javascript 2600:9000:2156:b400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.299.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=10933&advId=27050060&campId=16456523419&pubId=1&chanId=44380725758&placementId=407415151&dealId=&adsafe_par&impId=ABAjH0hWXwMNvShyj5ufQOjgA1Xd&bidurl=https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:b400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 86a676d25a23c478b5064a3f6d9275179f67de2bbebe1bfa842719f73658650a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 07 Mar 2022 20:37:01 GMT
content-encoding: gzip
age: 1601841
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 01 Mar 2022 19:11:01 GMT
server: AmazonS3
etag: W/"587738d3e44b43a2620f42eb51d89fbf"
vary: Accept-Encoding
x-amz-version-id: kp2GPcLunARmvxyYiu0RKpd0_UaoR.nW
via: 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: Ebf3ZdKdSkkABMjcLKxOUIa9FVrLi3sYIGrc5ALBCJwJVJ48m5wB3w==

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C983 1 KB
749 B 42ms
40ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 26 Mar 2022 05:53:44 GMT
expires: Sun, 27 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 13237
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A1F2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 69e38f310e0971612f991585cdfccb97837b8aa4f51bf8499ace3dc947a6afec

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 5CC9 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 sourcesanspro.woff2
cdn.gravitec.net/fonts/ 8 KB
8 KB 34ms
34ms Font
application/octet-stream 45.133.44.4
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gravitec.net/fonts/sourcesanspro.woff2
Requested by: Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: 2bc69c1c1c4bf49e80a77f83010c01e575fd6922229943b9feb8864a492ac441

Request headers

Referer: https://buhgalter.com.ua/
Origin: https://buhgalter.com.ua
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:21 GMT
last-modified: Wed, 02 Feb 2022 09:01:35 GMT
server: nginx
etag: "61fa486f-1e44"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
expires: Wed, 02 Feb 2022 09:06:29 GMT
cache-control: max-age=10
accept-ranges: bytes
content-length: 7748
x-proxy-cache: HIT

GET
H3 200 4909866660199748629_11192439161167227090.png
static.doubleclick.net/dynamic/5/173091021/ Frame 5CC9 26 KB
26 KB 98ms
48ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/173091021/4909866660199748629_11192439161167227090.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e968c9b982a7c78e187a35238d2d1f84956d7755938a74748cb6b5887d6a9d62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 14:49:22 GMT
x-content-type-options: nosniff
age: 326699
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26691
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 07:47:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 22 Mar 2023 14:49:22 GMT

GET
H3 200 12176326043079878322_15074395238323109386.jpeg
static.doubleclick.net/dynamic/5/173091021/ Frame 5CC9 34 KB
34 KB 92ms
44ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/173091021/12176326043079878322_15074395238323109386.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ac63a8cb878281a780c3e55c2d0365fcfa69ee37dcf4561963b4d22905e5ab8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 19 Mar 2022 13:19:42 GMT
x-content-type-options: nosniff
age: 591279
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34800
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 07:47:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Mar 2023 13:19:42 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BDA0 13 KB
5 KB 40ms
40ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Mar 2022 09:32:36 GMT
expires: Sun, 26 Mar 2023 09:32:36 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 105
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2C10 783 B
535 B 53ms
53ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b10a4670d0af0bb5b45d7ec39453f6fffab67b8b4dd8fa2da7f3b1af3a9efbe2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-A1Pr39e4qGdvMMsT71MP7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 26 Mar 2022 09:34:21 GMT
date: Sat, 26 Mar 2022 09:34:21 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-A1Pr39e4qGdvMMsT71MP7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7704 6 KB
3 KB 42ms
41ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Mar 2022 09:34:20 GMT
expires: Sun, 26 Mar 2023 09:34:20 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 tracking
ad.invamia.com/delivery/ Frame E829 51 B
51 B 42ms
42ms Image
text/html 185.180.223.67
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.invamia.com/delivery/tracking?hash=ZzVMengwZWFaSDYrTjd2UXowVXU1YnhWSVVzMUxmbTVyV09GYW1GYTZ2QThOVGplbkpTblhpdXpOUUhUMGF3eFAvZzFoZG5acTRjazNYUGFKbTBERE83S01oNWowSlM3NjJDUVBGQTF1cTE4YXpqT0sxKzJWNGxzWXZtekhlN3l4NEduNWY4TGkwMjJZdmtTdzZzekEySzZBWlI5clFCQzZVdlBXRDByVkExbDkzRUpzRkM0WjRDb3BIam14dTZxOEhlYURzY21zTGljTFN2akg1SnZlK1V0WjlFMU90b2NBbDdudFQ4Z1puWFVPWDRtdVIrbDlJWjhONk1nNTA1Wg%3D%3D&params=WU5hbjdEMFYwSjFoSjB4VmZOWlNFUT09
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.180.223.67 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 185-180-223-67.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:21 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2

200

sid Show response
mug.criteo.com/ Frame 007B
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=buhgalter.com.ua&sn=ChromeSyncframe&so=0&topUrl=buhgalter.com.ua&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=w0cn8HxxYThQWlhQM2ZXNHVCQTNmeXg5UGpGckhVR2IrQ0crQytHVFNoaUFPNVUvYXRqNGZ5bDd1elB6UXQ1Q0Zwc0wyT0ZqVytJN2VvTFdBa1hGSnRSYUVqZXR1YW1lNWRaaWJrMHhKTHczMXpMQ2djVFZicE9qdDNad1...

420 B
630 B

118ms
42ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=w0cn8HxxYThQWlhQM2ZXNHVCQTNmeXg5UGpGckhVR2IrQ0crQytHVFNoaUFPNVUvYXRqNGZ5bDd1elB6UXQ1Q0Zwc0wyT0ZqVytJN2VvTFdBa1hGSnRSYUVqZXR1YW1lNWRaaWJrMHhKTHczMXpMQ2djVFZicE9qdDNad1ZzenBOaXJyNEZMVURSMHVpRjJtSEpXM0JNMEFBRDNYaVhNUXdTMC9UbG01MFNYTkQ4Q2lNZWNDTjk5Sjh2NkJLZmJxbGR4Z3BUOU0wRGw1SWVIaGZLcmh6bjFHZUJhaHVjblR3cmdmSGJmS0J6TzVaWW1kQ3lpemo4c28vWnplY0IyWkNQakRCQ3VCcnNadXFvV3JUZTZ4WjVzbE1lQT09fA&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

114620b1a178f4035894e8fcef6c6dd7e603fa43e9b8de7967f3baeea99cb4ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 5381
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:20 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=w0cn8HxxYThQWlhQM2ZXNHVCQTNmeXg5UGpGckhVR2IrQ0crQytHVFNoaUFPNVUvYXRqNGZ5bDd1elB6UXQ1Q0Zwc0wyT0ZqVytJN2VvTFdBa1hGSnRSYUVqZXR1YW1lNWRaaWJrMHhKTHczMXpMQ2djVFZicE9qdDNad1ZzenBOaXJyNEZMVURSMHVpRjJtSEpXM0JNMEFBRDNYaVhNUXdTMC9UbG01MFNYTkQ4Q2lNZWNDTjk5Sjh2NkJLZmJxbGR4Z3BUOU0wRGw1SWVIaGZLcmh6bjFHZUJhaHVjblR3cmdmSGJmS0J6TzVaWW1kQ3lpemo4c28vWnplY0IyWkNQakRCQ3VCcnNadXFvV3JUZTZ4WjVzbE1lQT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2465
content-length: 541
expires: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E829 42 B
64 B 75ms
74ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstd1FvYZFNBhfpGWiiOoDemhJvEw_U0a-vREd3Yz54Dxip8xlzKzO2OGXkHbLBplXoafQjZF6Yqxfb8OZ2ORN_p_CMGT-_hDq7AV-j3OC2D3oVvHVch&sig=Cg0ArKJSzFUVS9srJZZWEAE&id=lidar2&mcvt=1036&p=1110,315,1200,1285&mtos=1036,1036,1036,1036,1036&tos=1036,0,0,0,0&v=20220323&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3757304322&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1648287259811&rpt=343&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 113ms
113ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=958741&asId=6cc4dcd4-fb3c-9059-c9da-214cb7ba7c94&tv=%7Bc:7XuKev,pingTime:-10,time:829,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85OS4wLjQ4NDQuNTEgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1648287261211%7C%7C6fd1e4a7e8d1a55b25b6f6257ccb5bdf%7C%7C6b9a00393fb1607b0ada13520f814ab5%7C%7Cd0c42013fa70cde2225bbec9b6d199fc%7C%7Cffcb0b13ef56cd0d3a5f18e6d7ebd82a%7C%7C5669d3f3fcf1d08c5608cf61a5bcf0f9%7C%7C376c533b563d92c44da1ab9bdcfef8a6%7C%7C1eb1788b0f2b68d00cac83c7d2499b9a%7C%7C1629390669%7D
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 266733644.jpeg
cdn.gravitec.net/images/users/1641839148018958336/ 9 KB
9 KB 34ms
32ms Image
image/jpeg 45.133.44.4
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.gravitec.net/images/users/1641839148018958336/266733644.jpeg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx /
Resource Hash: cd27dc3c0cc40b5e5691a2317a7a03e4189fa6d32becac6f390a0dceccb80205

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: public
date: Sat, 26 Mar 2022 09:34:21 GMT
last-modified: Tue, 15 Jun 2021 13:39:31 GMT
server: nginx
etag: "60c8ad93-2343"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 9027
x-proxy-cache: HIT

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 92FA 80 KB
21 KB 44ms
44ms Script
application/javascript 2600:9000:2156:b400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:b400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
content-encoding: gzip
age: 3353778
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: XilNlWVtZyoAtwFGU87xLMM_oNPGU5VIZ6ErgBj_siUsxr953dMjxQ==

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame A1F2 43 B
215 B 45ms
45ms Image
image/gif 18.200.47.85
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=10933&advId=27050060&campId=16456523419&pubId=1&chanId=44380725758&placementId=407415151&dealId=&adsafe_par&impId=ABAjH0hWXwMNvShyj5ufQOjgA1Xd&bidurl=https://buhgalter.com.ua/&adsafe_url=https%3A%2F%2Fbuhgalter.com.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fb5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fb5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:97b7b737-1961-ea60-98b1-e8e03ac7d02a,c:7XuKg2,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-67cb66fbd5-sxsjn,rg:ie,pt:1-5-15,br:c,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:264,fm:t1b7mXC+11%7C12%7C13%7C14%7C15%7C16%7C171%7C172%7C1731%7C1811%7C1812%7C18131%7C1814%7C19*.10933%7C191%7C1921%7C193%7C194%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3%7C1b4%7C1c,idMap:19*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:283,oid:e9d955b3-ace7-11ec-8a29-56d6921f51fc,v:19.8.299,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.200.47.85 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-200-47-85.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-server-name: app10.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 120ms
116ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=97b7b737-1961-ea60-98b1-e8e03ac7d02a&tv=%7Bc:7XuKhu,pingTime:-3,time:372,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:250,h:250,t:282%7D,%7Bpiv:0,vs:o,r:l,t:371%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:372,n:371,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:282,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B103~1,0~0%5D,as:%5B103~250.250%5D%7D%7D,%7Bsl:o,t:371,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~250.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:t1b7mXC+11%7C12%7C13%7C14%7C15%7C16%7C171%7C172%7C1731%7C1811%7C1812%7C18131%7C1814%7C19*.10933%7C191%7C1921%7C193%7C194%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3%7C1b4%7C1c,idMap:19*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-server-name: dt09.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 116ms
116ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=97b7b737-1961-ea60-98b1-e8e03ac7d02a&tv=%7Bc:7XuKhv,pingTime:-6,time:373,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:374,n:371,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:282,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B103~1,0~0%5D,as:%5B103~250.250%5D%7D%7D,%7Bsl:o,t:371,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B3~0%5D,as:%5B3~250.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:t1b7mXC+11%7C12%7C13%7C14%7C15%7C16%7C171%7C172%7C1731%7C1811%7C1812%7C18131%7C1814%7C19*.10933%7C191%7C1921%7C193%7C194%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3%7C1b4%7C1c,idMap:19*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&tpiLookup=ao:buhgalter.com.ua*&br=c
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 113ms
112ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=97b7b737-1961-ea60-98b1-e8e03ac7d02a&tv=%7Bc:7XuKhP,pingTime:-2,time:393,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1223,beZ:1223,mfA:1487,cmA:1488,inA:1489,inZ:1493,prA:1493,prZ:1499,si:1505,poA:1506,poZ:1522,cmZ:1522,mfZ:1522,loA:1596,loZ:1599,ltA:1616,ltZ:1616,idA:1522,idZ:1568%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:250,h:250,t:282%7D,%7Bpiv:0,vs:o,r:l,t:371%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:393,n:371,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:282,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B103~1,0~0%5D,as:%5B103~250.250%5D%7D%7D,%7Bsl:o,t:371,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B22~0%5D,as:%5B22~250.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C171%7C172%7C1731%7C1811%7C1812%7C18131%7C1814%7C19*.10933%7C191%7C1921%7C193%7C194%7C1a.958741-61007899%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3%7C1b4%7C1c,idMap:19*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:110,readyFired:true%7D&br=c
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-server-name: dt03.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B7E4 363 B
227 B 54ms
53ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPwBENm9sbICGMSfq8IBMAE&v=APEucNWMCrsR0eNIOdxa3CsZFF01PUcEX-xlThvgxxSwdCf4LmxJM8AMiVZeRuxfyDU--_-k1mFzYFFgjyLL6I2BaTn78pRR5l2k67dzNO0xg7NcksDK-roHyOGxxTP0TQ7DdgeSyKsOzk7v-dgJmnfHRoCTFEsmX03jFHGYZDoGsJG2o94S4Ck

Requested by

Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6edfad1d5d6275fc7ade68ffb1f07d480fdbb39579fa359bc9c7ea1d4649fce9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 26 Mar 2022 09:34:21 GMT
server: cafe
cache-control: private
content-length: 206
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7704 27 KB
16 KB 77ms
77ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cdyrq2txFKhrzi2POEkEqsSQWVTMD13Jrn8Wwoios6lS22VjqeE4V5UXFZZWBUTAIJUpIcET8f97Ju0Ej5zlH3wCffA4zuY6kEj4aiNH4NrPgKo5Koc6LlIhVDR6yLIn2urgMR71egHTyGRoDrXQm8QK0WfA&cry=1&dbm_d=AKAmf-CS2rmaWh_WtChxhePqPKa7KsvaUCgWScv-6kbZZUyuLJD6owM_E29IS8pj5SALZ7knnTXybsgDwZZRUSzXkNKavcw-4ehIhGD7T8yEu0dJy_spDdK6rHl9QSJtB3ca5LoMMY4W5M_Pk8FbEa3jvCar67rEY42qCtOXoqaN1Yp6Dsc76kl0e95CtXGGERZAlkTD3uLzfUV6yi1-YYA6LdKPi35jxLdwPovVKZQIe4e3KZvDNgQSANDUumgdNPjh1TNsqD-boGmpD5xUuH3-mu37g5tR4X6Bwe-NEaB_eCGcZ74WRls75qc0o15EFZ6yoO_byeiuLHHAoYK7Fm8vOp3sktqPCQwWWOvNeu9uTtwHikW6cpXqLevNk3dMK4I19VmUolxG7D80jGhY2NPyNkLEXOgSsaV5KgHLhIPu4frtzzR9u1pLfr9Sojlj5l9Uang_m8xqpAsN7Bn2bk4Vzo0z6en9BVKvc5XrMI3POWbgAXB3ueVlImIeBXRA97VcCsgGRUn4cbM_34V9zuPPu4nHAWAMVreSaMOgV3op7H1qV--AxcANG96pGflK51VOFsB_f5vi5-QOV9_2_Hd8p68ctqKIndHepvnctMpBG4KHEnU4U45UexsxDDFqRTiOjdpMEsj-b7A-xQOgOsA-ZCc7LJASWyOr6dtqHzE99ktNyEqa8guPmh4bb8MK3QaG0QVrTvESukqt-ZVgbZzPFkpHeEmvY6knSKia2mRtyqskDhre1mOOOFCUZDAr2vk8louBSUDiAcuaWsTq-aZxVPKjTB0-iW_ZgPyhO60lXiXPdZvSjX4eklv7jwNfBiFxcsr9PWxnDAhiaPSTJAcjjD4ELGH5cFOKqlqCYQYSLYb7L587Ye0pwhRLBbRPRi6InDhAqgHzt37jq9VZoATfkHn42Ih9_02_SDi2mwfB7t52M72oGnTDNRrlOMNlRTXUuPmZPny2Z9nrAaGtqFSbMV84DUEybd6j8rPAAAuqkLr_qW9R4-yE-R49RZdFV6Xuw6inSnn1hn5diP_U3s8wnpTOumrQ1-QBAlHjtHQp83WtUaFfV_w1XrAvC0qJ2RsIGId13ycXZYKzEGS0SOg0HC4iNX1txsNe0PL-E-QIw-Y5hQaiPEfiB3zt8hwuAourNdyf-uH13zvjsqtaNu7aOHt3ttDC9JvgGskhBALg5NTKeEaZJ-PIkfkEUPDC2iF1tVtdSoQHH8GpOpy7SuA_eLs1_6sC3JvYcoAKvjsuucHx6Kf2-p6ysbSZTvre-oGhu77Q-JbQ8Yswc-5HgcOGBm-7hxEc476It685xQ-OapEmuZ7Bz0s5gfDO-32sgwNEnyNHp1fyJLznYNgiGDU81FLeTREa8RsU7SBZ4bRphMqWJAHCcYPzHnG_JttJTnZ4Cu9jiAiuTsF-mG5L4hPeDxdZP0PIOTcfjnCXRsiF6Uxnvs5OnyuYOgHLZNlbZTKpoUyP99EpJDVbY_hU93f7dzxakUHvV57YmT2OwHVMaxphM6fChMaBlupqHvrr486er8fD0-CTbMjH3g-RqL-fsm54PpV0afvxVX9rBXM-e3k5YtYS9U1OECc3nW0GKFg1VqIQiKRrPz92wLEg5-Qtz8iqgj3fvvF_G5LvfLBJ3V8ySikErEVkwePq8XcK1Ab_La7A7dXiZEwDExmoQBnabXTZWHmZURrREBnQ8KUqpp6YDH4JJxJqS5bgosQ7jN9S8Y6W2cj9S_sWIOS-pj493rVhG01tZwpQnEKpPwnyWmldzYNZd1ezuHi6o2-0JGDAtbGygKlQZ7cy-xAWY1Rj-wDADklgyQnaa7R_5p-djTlWEx1t7bPlmdbchAq-d5MIzOwoUEr8MOenwtZF-qZEt4vOCv2NHApVdi3saH-JinA2-PV87KT1TlgulXrnxjKnaQglJFULTRdnmEVvLH-AATc8PtFDYQhjQVFXpDwOUgqo24F7ia5oxkGDnO0FwLG--QhNdJEUCIo1ZbFIHogrFb-8Vpa7sVAqj1GpNKVObLxi4895y3rs43hIZpTOJJdNBiCwpVVP7Dmx9xe3rZUiTdJJfJ8X-tc_2KtDxngiq7oghtcWKWW_yxzfkV3wazAgkPOhduN-nGWDxoMHEzkDiwHLCh0m7duhy46jKOp0Gti79PquTyrfju5uVc4BlGXiZ-oqZB1jTP3a6qXdhkfjvl5XE39iFURMtMht-wIvghPe6K6eQxR6jGtp8tnHok1lVIr8NLmGpp-LEz7HqsfSnF34SPRKD6sNZ6e-XE71i-OUmxrXD_vMk2E9fdNrz_--yoETW10tecsce0XOBSQuHaexhyVIhzYwvwCd8NEmgvhmmLniAFsGpVvcqfqls5MAUgDT-IUI3CJbe95XjbaQPEz7gkSJ79GZ-Mre4znjriyHHM9jlYPb6dwRZcVkgm_C7jMWdj-fScASF5wnTFwOAaBD-VDByFDvc_RHLUFo5UkpQjRBAvFG7txEl9K4sBeFiWdKS5QY4pE0JwrjzPd1XDscesnOo94snd6e9U_VFxcYoVhdNGU5hk5fNar72fEOncj7juYztzfnXw1It4pVF8LJanbF-ywbVJaDS0u0HS81dD_pYVtU5Ex5tKcIEGU7hapxPi0T9RTlKETZ7uZx8SBmS_L00EkgNvMkAKhatwJxWAN11IoAng5VRsAFIUadgwUvXEKWqfds89zwyQF6RJottJCo65NUbaEZ5bqqbGoy2saEXlCT2kAyz2ybNYdA7C1JEB8PHmJMCac25ozl_9e_wCfDUXTjKjuVYEQ6VhVqLOTlK-7QVmsT2vuYc-okA5-4rSBFJ8XixMeM6de5MYcOcv7nASdj6JS1gt_Xa52QOO8GHt3V1i0cNAkh0qgucjLaPr7rtLvUwncy8V-hC17ThqBOZiN6vWWwTBBGL6zPq4A4j_6IczXbV4Lhm0N-Qr7zz0UoYZqjDzt_wtURVusqXnrn6phOIqbvnxS8mgoiL8yjPKDCtKVKqPPq6GWr-3OSh1a4DhySSBVYzKuH0Z1P7uAzSTwYgBc3pek--WZ69DC2gmp2GCarWe3DIez-j0MOrL5LlU-i2ZcnspXm1nGgC5YgFf88GKP0ZywjS7vgG4LnktyJjpajStwuFQsie_NNjdgrpXtta7Iilzcxx80AC4vvDJBhfFH8JI4g6eIjSL-stsKKR9dYbHW86d4RMk_QBvC-RwKXckTQfB_-SopDuKya59xDiOGXqlkOUlz70llfYJtJnNQhmd98RzA715cONFggtPZC757U9Ee1wA5Bfo0-dIa_btaRtoJriu1jUi4FHUQ3eNIG8CHL79pL5SJXZdIk0_rDKvmF8XvHwOiyNFKvcpk748NmG7PjFwFPTIj6kLLUUi0N5iNNjc8fCoXNkV68_x9muxvJ_KQVteBwp4wy9plJvzn78M7vbNQej_XFJp0&cid=CAASJORo7NLDL7qwtTqe0aDTTwRofOZLknsr6eOINTtZizK1STOjYg&rfl=2%2Chttps%253A%252F%252Fbuhgalter.com.ua%242%2Chttps%253A%252F%252Fbuhgalter.com.ua%252F%240

Requested by

Host: buhgalter.com.ua
URL: https://buhgalter.com.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09581d5edca900f500900be68c38b26c20e8cc2ec562400f468955e98229f65e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16626
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7704 42 B
63 B 73ms
73ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DAu6QUvTQpAEZGfgqzelyNUttD5rME8KUCSXwm-cdq3xkUqIWs6qL-p8Z83iP0XQ-ZKaKr3S6oDm3PgRBAAemS5LL4DS4T3tvpHdk11vS25eLj8N4

Requested by

Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame 7704 2 KB
1 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/window_focus_fy2019.js

Requested by

Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:30:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 226
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:30:35 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame 7704 15 KB
6 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:33:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:33:30 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7704 0
0 50ms
49ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR7GdUYgvDc9WhJ-zrwYdDjudiltAeJC2qv21ln84AODgpBnp7KVAe6KKZm1jxI1fJ7Ly8p39tySWH7Bsb1YYgiSuyY6Q
Requested by: Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7704 119 KB
36 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 26 Mar 2022 09:34:21 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C983
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECTKbxGQS9CCmAF1BWzImrI&google_cver=1&google_push=AYg5qPLU4h_v3Sa9u5TRdoA7tSGg90Y0gNXs7OHuQ4ZjEjcTkHlZDhbk1Y...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLU4h_v3Sa9u5TRdoA7tSGg90Y0gNXs7OHuQ4ZjEjcTkHlZDhbk1YhMjLhYr1z8rM7w3fza2rKV6QdJIJZdgbg3A3eWs3U&google_hm=Uaq56NGayPd66...

170 B
188 B

53ms
52ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLU4h_v3Sa9u5TRdoA7tSGg90Y0gNXs7OHuQ4ZjEjcTkHlZDhbk1YhMjLhYr1z8rM7w3fza2rKV6QdJIJZdgbg3A3eWs3U&google_hm=Uaq56NGayPd668uoGHEKxw

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLU4h_v3Sa9u5TRdoA7tSGg90Y0gNXs7OHuQ4ZjEjcTkHlZDhbk1YhMjLhYr1z8rM7w3fza2rKV6QdJIJZdgbg3A3eWs3U&google_hm=Uaq56NGayPd668uoGHEKxw
pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C983
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPL0VdyE8jPrQ6Qk7RSWB7vNRqtM-exA6tc1DwV...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWo3ZUhRQUFBR0dqTmp4Qg&google_push=AYg5qPL0VdyE8jPrQ6Qk7RSWB7vNRqtM-exA6tc1DwVJyx7kTO8GKobAT2Z0b9ipFVYAqdZqmPwpbBxFwgEU8TBUxTTDXiuaUC0

170 B
188 B

54ms
53ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWo3ZUhRQUFBR0dqTmp4Qg&google_push=AYg5qPL0VdyE8jPrQ6Qk7RSWB7vNRqtM-exA6tc1DwVJyx7kTO8GKobAT2Z0b9ipFVYAqdZqmPwpbBxFwgEU8TBUxTTDXiuaUC0

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWo3ZUhRQUFBR0dqTmp4Qg&google_push=AYg5qPL0VdyE8jPrQ6Qk7RSWB7vNRqtM-exA6tc1DwVJyx7kTO8GKobAT2Z0b9ipFVYAqdZqmPwpbBxFwgEU8TBUxTTDXiuaUC0
Date: Sat, 26 Mar 2022 09:34:21 GMT
Server: Apache
Connection: keep-alive
Content-Length: 390
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame C983 43 B
324 B 105ms
41ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEMmBSVuFWJJPA_ZBsIXCIlo&google_push=AYg5qPLMstNdZXVTypa_21-D51Bvf9PHYey3rTQQsEKP3BZbAQHw4i-mtTf_s06tH0xX4T_RAYzpgMoipD82EIIduSFYQkwqBZw&google_cver=1
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame C983 43 B
64 B 35ms
33ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEB9VpSzlTy5DXELxvH_5l2A&google_cver=1&google_push=AYg5qPIj4_PNn49qkf2TvphLjWSxE1FyYyAWDFcWcpY48Y3eugC3pCrgGNVjPxSaCOWTMBe8Gv-aqpPR2rGcd0ZBTlu7ZKw_KfA
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: r0g47ffvj15tsjufma68m2r8folvmpmn

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C983
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=uEpm240MS7WiMiktcAQOjA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

52ms
52ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=uEpm240MS7WiMiktcAQOjA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI6L3R394w969un3231s9KnDRS5b6UlF5AHAD3162jqZEG47_SGL_e7VKdjmZI-bUSnLVq_cuj_tSYrf9gJM1lfG35kSA

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=uEpm240MS7WiMiktcAQOjA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI6L3R394w969un3231s9KnDRS5b6UlF5AHAD3162jqZEG47_SGL_e7VKdjmZI-bUSnLVq_cuj_tSYrf9gJM1lfG35kSA
date: Sat, 26 Mar 2022 09:34:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C983
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEETJ42rYOX8bnVwJB9ux7ho&google_cver=1&google_push=AYg5qPKd8BRbKGfik0f70g9LFOKIkFiEhGZuAQTRswY3cOrhKY7jcFHw9ASmCV8K0--uMBs1QeU...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDE3Tk9DSEctMTAtSktVUw==&google_push=AYg5qPKd8BRbKGfik0f70g9LFOKIkFiEhGZuAQTRswY3cOrhKY7jcFHw9ASmCV8K0--uMBs1QeURVy60Vwrig47J0OmeLPjpYfQ

170 B
188 B

53ms
52ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDE3Tk9DSEctMTAtSktVUw==&google_push=AYg5qPKd8BRbKGfik0f70g9LFOKIkFiEhGZuAQTRswY3cOrhKY7jcFHw9ASmCV8K0--uMBs1QeURVy60Vwrig47J0OmeLPjpYfQ

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDE3Tk9DSEctMTAtSktVUw==&google_push=AYg5qPKd8BRbKGfik0f70g9LFOKIkFiEhGZuAQTRswY3cOrhKY7jcFHw9ASmCV8K0--uMBs1QeURVy60Vwrig47J0OmeLPjpYfQ
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame C983
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0z...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame C983 0
12 B 110ms
109ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K6yHDCadgEzRv2VJvmXOeILRgF75Nxta3DPlGnTT2qiK8zE2nYS__uDvCXCkRa_xEN4Hhe

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E9C1 0
20 B 77ms
76ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BgRSqG94-Yq_lBaKFjuwPxua-yA0AAAAAOAHgBAI&bg=!KyilKGzNAAbzJazn0yU7ACkAdvg8WsvQo-RmYdAkActTqGM98mfNhChh2uH8nlP5abFtAPolWB4eqwIAAAJXUgAAAANoAQeZA2PLq1gMUro1RmhascUupsZozSbqS-wAPTHgwdfcrQwSHY6vdDVa37sgdL_ejEox8oXsKa6-HxF4bloSnqSU5F3bULzvCauHeY3B0ymX9FEz7t9VJR3HQnhmfr_tVV01IfHt4zNMXc-hycgor87jAajUbi_1ViUWR4fR-aZzKyzDLF6xAxwAcFtAhkBRGbo3259lnu2WgF68udjmzF72H4_IznOH6670b_G8UHePxovokVZCBkfI5CZcOP_q9czZIysYWnXy8F8WtDfTpf5a9vkX6vMkYrY4F3AG5_KpR8wNrEWymT1Ghx26SIeAJc8RcSiNRQclizQvTUYzjW_tgbcJufdNZGMBMT7idNp6emKPoOEmXCbaEYs1RN_DinqHvmQmyKxsswxIUzsJUfp3-O5lgj_g3RgyNCSvpb4YXw-J5casiRUU1X570eAnGbl_lmQu47naxLmSYKue4qwpjC40loif2g3oyNWF2jDFR0wrz2mHdmh7J6COLSzaeaXNanGwWb9V2q1VGQ57xD43xbn4d25fPlzZ9xeMjKiWUN7D0kL_YQlUGe6ujHMQBFDF-wTknS1fHsPjKv8OmahnpIyNSw1ccIzaQ6-fmWqryJrWsydxnzlOufNjHjF99j5quYbHIshOdYewdgQxOJ6wdt9o5NaU5DgFdjq83-9iWvXcghGJz8Km7OY92glOLMWenSTpKwhN8uafRXvkOAOtn7zO8dndM_O-jFo_UYyTn7fjGoXvRD-wnVR4FlRhqaO_B4A4nXNSqpyUcX6TRdMYJ5uw9gJogt8AA3ChJh3WXVrqkArh24l3KzwMGDMm1nLQ6w3AppEI2Yu3zUgGl7eRJTGemksrPih_opepNbWNr70UyWpO_MR7F5tewSy5MRIOzm_9nFvz_iXFUf3zmwPiOwOav_TX2TqznFuOAVVSx-GT-DWwX2XBcDtLzB79AAOGBEcqe87alUHzknBiaVbQblVFNOrt2I1dbb6wFVIUcgwx8eaeXcA6iFXkO8ydSz_5dXTAXOFLYUuIFILC6wT6l1tt2SchnpVTOhfQqgsPKw78-vY64KD4zdJ-eVU5xwmvKEIqhe8-x_uVWtW1mEKkEvO2-JSsP1WobJmt7KRo4hrVtHgXNSRxVHMmbUoS2Nyl4EdH5x8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 URLUtil.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_85_0_0/ Frame A1F2 7 KB
2 KB 50ms
49ms Script
application/javascript 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_85_0_0/URLUtil.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_218_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 269bd69d6c1d25e848132ecfb48ec214040e49fd45e444760c3e226ca5fd7962

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:21 GMT
content-encoding: gzip
last-modified: Wed, 23 Mar 2022 13:01:17 GMT
server: AmazonS3
x-amz-cf-pop: EWR52-C1
etag: W/"5ac70b83663a79f3a383c3a53f62eafd"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2350291
accept-ranges: bytes
content-length: 1947
x-amz-cf-id: rHTFJej_-IZERX-f4gD-yoXdQJl7K3Pqrd7rSyYjL_pNyZvlUUY65A==

GET
H2 200 IntersectionObserverVisibilityProvider.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_85_0_0/ Frame A1F2 10 KB
3 KB 50ms
49ms Script
application/javascript 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_85_0_0/IntersectionObserverVisibilityProvider.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_218_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 34db11d23b1b71496d67661f658d3f0e00bd9537b98c02c32f5b621f838be247

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:21 GMT
content-encoding: gzip
last-modified: Wed, 23 Mar 2022 13:01:17 GMT
server: AmazonS3
x-amz-cf-pop: EWR52-C1
etag: W/"e3dd27b7ab9e71c38170980ebbfc1df7"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2350371
accept-ranges: bytes
content-length: 2962
x-amz-cf-id: Ba2TL5wp_AUkRo2t1L8UEhlgt7yzG959GhDQyX8EleO2wuqLUSwKlw==

GET
H2 200 1_250x250_backup.jpg
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/ Frame A1F2 22 KB
22 KB 220ms
220ms Image
image/jpeg 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/1_250x250_backup.jpg
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: 71ff8330220a7319dc2278bf35faa571f8713f91124ec192ae00673f7386c74f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: X1DY7__GzPxyDhFzdAVUYv8bukvXombd
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: KKFWG1XJQBG6K10X
etag: "08bc6a8ed94a7cd05dd2ee13ec7cb71b"
content-type: image/jpeg
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:21 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 22492
x-amz-id-2: MFSjc83rT2DWUz99XgI730MLTH97lQhqOiCdiCN4AyfyQTGwCnnJogcQi20ulTp0n3yZfq+B+u0=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 114ms
113ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=97b7b737-1961-ea60-98b1-e8e03ac7d02a&tv=%7Bc:7XuKin,pingTime:0,time:427,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:250,h:250,t:282%7D,%7Bpiv:0,vs:o,r:l,t:371%7D,%7Bpiv:100,vs:i,r:,t:426%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1,o:426,n:371,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:282,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B103~1,0~0%5D,as:%5B103~250.250%5D%7D%7D,%7Bsl:o,t:371,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B55~0%5D,as:%5B55~250.250%5D%7D%7D,%7Bsl:i,t:426,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~100%5D,as:%5B1~250.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:0,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C171%7C172%7C1731%7C1811%7C1812%7C18131%7C1814%7C19*.10933%7C191%7C1921%7C193%7C194%7C1a.958741-61007899%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3%7C1b4%7C1c,idMap:19*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8CFA 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BF_9-HN4-Yp_UB5yBjuwPnNe5qAQAAAAAOAHgBAI&bg=!y8ilyIzNAAbzJazn0yU7ACkAdvg8Wqvoa1WfOX7mI_BUWIJroZK09zvMlgu047xKUG2bRtwyLnWwbwIAAAJdUgAAAAJoAQeZAzMTNztIWJ59WV0KUkFV5L-85AZZf_YnUsbulXyWIkhpk9jkW80FqcWQxM3YkvEHUxITuaRB5VjEFcxBQ79I-ZYMPMqZpwOIXWIN0ZB1e9uwLp1bPKSXhnsdGR5YN_TC0LZmsJb8X2keGWVKlSJnaT0vM6Z71zfvCkj7EAP1qVGJ_hRoSVd8oce5voKWNc9Qj_o8hRihuPYAV1nP5c0ACkgEqtekIb1BQhACp8O3jKHeIyFBlB6LJQRg_fjhBsslRSoqSbsFK91s7Nky7dCKxFpo1IN7C37jTWAjDrzU4a0HsH4a6O3pq81Cy9HCwlx-dKVAUdLF_2SQXNRV_gLU0gMl-9Cv9VgJeDxDGwk7NW2KtKNnqpXWT5NDs2yI7lUAE_PiQX6MIoyFp5GECuPUuI8aG_uRaYG2I_4dA4N_H7zui3Gz3wNi2W8QR3KYq6wC2Ye--WCNZsP9TFjMP31BD61yKtbQupGkV8Ea4RDfHTuaDwQ3qNMpR6AZ7ikPg5fErhpHUlNTyiLySQAoP3buO6rfHEvhn-Mgl4ycfyOHnNCPe3HhVkxaga1RQAPG8rhpvQJ0cg-mr5Ng6tkYLQoqHwCD1fCa6SxMO6XpsCHa-Qlq-YYZQx7NRphqVvZwFWH0pdnqkOXEPaUgQ-BQNWUIs__Kq2RQz0ndBytkUwi4V0cmFi5DXewN1PDa1XEQQ_fvGJGwd5nJV5_Jl0xtBq-3n2Jinatd4235Alt7NGJRvRq_YY2OP0YTHyOduWWGFpkaYnQ3czBtMAIzsT0Oitd05keQz4x-_l0LZ63Uv5ltvBAI172_TPqkBHXFupYjCQfkK_iGFS-9HEUYVp-BHUJ2BQnHuq1cCE1fIKQmIGGcIS5-fDqEEXQ2-MUpzfU3INKKYBMduK_XFFPv2X2uI285nrr6Oj5d18Bkr3S-Fgc6iVU9VE2qN7TWiY3FpRXsICwZMwhbX-yNYjoBMaapJicA5--PXlYPdjo4IiTGXDnfk5J3vvtvHAWkF0X1_pEkaDubSpPD97ZF-8fJi2i4yk2MW6Ejv6mPDy8teCZWTaOm0OfECp0-7y1kvy4Grlnl3c233pCUYFQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2C10 0
0 121ms
121ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022031601&jk=478551931505792&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DB1C 0
20 B 78ms
76ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bex9DHN4-YvypCYi63wOX36GoDQAAAAA4AeAEAg&bg=!bG-lbyvNAAbzJazn0yU7ACkAdvg8Wvq8I3tOx1kvmgGiVrzCYB0N7JPKt_QAnMzB2QXm95PkTPquCgIAAAJmUgAAAAJoAQeZAzEt2yV1n2HohEcnaDtfxMYEZzCla-i7IYNlU7MnzzSuA-jOSSTvM0CJJY8io9Ea5_q6IRxN_KErZqQYHVqVIG2qnacHGiYZfQxazueMuCn1gmgOhwRnhA9M3r-m7x12hewblI_UHL1PNf_AWQqKxSvMhzG0jF8_3eN5p5eny7hVgLCgdnJF339lDWNyYnRPVBtWnNIzInVMa-X0wLJIeOXKEQvpupgOYZ2h9z_PtFTiFs357gtHW8iz253bzQACj7Mr4SgOExKWZQNiM4tGa0udPMLnD-ZLiPqedlQPEp-3cfkp-8mkXPvXB9p5MYzNBxuO9A99_6j2-nYXG-ux83Uz2k5FrU9R512k5I760tptlUTD8WN7vN0hM30AsfkcvYH0-kZv18lWWtqt2PI9rndFFHOGP8E1csXguJKNEGx35tSlJw5BbRjiahK61XniQn2PFk1_dimzJ-8ZVH1vqK52cIgKCbvKuVTUJKwzNc4V9lQ5P88dfXtGjhLPBPqEgXRFTGDU9blMcNTdE9cpvl6USvipbroEdDMGnNTZpvCCfhGTUqsCj-DeivwceRpwj256g099pk6q_0I78NCWEAjUxZwTFQQDdf5LPqHRGQHphJp64Ooaz9neYD6cBCT6PL6UBJQqJDv84HPJCKW8ronbbczhUC1ztnWY5MEbNbK4UAckB7ZFbNVPeg9YIcGevy5lD8yOa8hNGUpIVGfM0rWnA43eV1ISaPbXR_M2uVZb01HynTVD8AJ817gMUJtHcKTEqEOoKOcdIU5xFrnkAGuC0jeCrYSJBtP11GrVamBvDqgQly92yl_x5cG25w4z-ujcBNlOi7t9FhgjTkDCoZ1c7f-QPDYuUDELMhTPhBvL7X_9fY_ro9QrA99kdzwA-yoHHhHP8wMzMU9uMdpcCZxaTFOfuyXCjEobez00s-dl686KiUBOd5ZHV-t5BLshiI-sVWcYu2mC3YJ-ZGw5NTdxccJs6B8wYZn5SALrXtrN2GOZko7HNai0dKOlM5YBcTnO3cQdWu_4TkYJfA5MDUzW3TRYjlUE4xLwP_wwrAZQj8tutHQ7cKJj0BqWZL_-_PJe

Requested by

Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js Show response
pagead2.googlesyndication.com/bg/ Frame BDA0 35 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 109
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13806
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Mar 2023 09:32:32 GMT

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55946/ Frame B7E4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1
https://pixel.advertising.com/ups/55946/sync?uid=CAESEPHztHYYeBXmw-M4eBDQdpw&_origin=1&google_cver=1
https://pixel.advertising.com/ups/55946/sync?uid=CAESEPHztHYYeBXmw-M4eBDQdpw&_origin=1&google_cver=1&verify=true
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEPHztHYYeBXmw-M4eBDQdpw&_origin=1&google_cver=1&apid=UPeaabc126-ace7-11ec-a3a7-0670dee0be50

0
133 B

46ms
46ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEPHztHYYeBXmw-M4eBDQdpw&_origin=1&google_cver=1&apid=UPeaabc126-ace7-11ec-a3a7-0670dee0be50

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPwBENm9sbICGMSfq8IBMAE&v=APEucNWMCrsR0eNIOdxa3CsZFF01PUcEX-xlThvgxxSwdCf4LmxJM8AMiVZeRuxfyDU--_-k1mFzYFFgjyLL6I2BaTn78pRR5l2k67dzNO0xg7NcksDK-roHyOGxxTP0TQ7DdgeSyKsOzk7v-dgJmnfHRoCTFEsmX03jFHGYZDoGsJG2o94S4Ck

Protocol

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:21 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEPHztHYYeBXmw-M4eBDQdpw&_origin=1&google_cver=1&apid=UPeaabc126-ace7-11ec-a3a7-0670dee0be50
date: Sat, 26 Mar 2022 09:34:21 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B7E4
Redirect Chain

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true
https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UPeaabc0c9-ace7-11ec-8cf2-028b24df2e74
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBlYWFiYzBjOS1hY2U3LTExZWMtOGNmMi0wMjhiMjRkZjJlNzQ%3D

170 B
188 B

57ms
56ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBlYWFiYzBjOS1hY2U3LTExZWMtOGNmMi0wMjhiMjRkZjJlNzQ%3D

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBlYWFiYzBjOS1hY2U3LTExZWMtOGNmMi0wMjhiMjRkZjJlNzQ%3D
date: Sat, 26 Mar 2022 09:34:21 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B7E4
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1hdlFTaDVCRTJ1R1FjV2lUVzZxS3dGY1kuOXJfR0p5Vn5B

170 B
188 B

52ms
52ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1hdlFTaDVCRTJ1R1FjV2lUVzZxS3dGY1kuOXJfR0p5Vn5B

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1hdlFTaDVCRTJ1R1FjV2lUVzZxS3dGY1kuOXJfR0p5Vn5B
date: Sat, 26 Mar 2022 09:34:21 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220323/r20110914/ Frame 7704 25 KB
9 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220323/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cdyrq2txFKhrzi2POEkEqsSQWVTMD13Jrn8Wwoios6lS22VjqeE4V5UXFZZWBUTAIJUpIcET8f97Ju0Ej5zlH3wCffA4zuY6kEj4aiNH4NrPgKo5Koc6LlIhVDR6yLIn2urgMR71egHTyGRoDrXQm8QK0WfA&cry=1&dbm_d=AKAmf-CS2rmaWh_WtChxhePqPKa7KsvaUCgWScv-6kbZZUyuLJD6owM_E29IS8pj5SALZ7knnTXybsgDwZZRUSzXkNKavcw-4ehIhGD7T8yEu0dJy_spDdK6rHl9QSJtB3ca5LoMMY4W5M_Pk8FbEa3jvCar67rEY42qCtOXoqaN1Yp6Dsc76kl0e95CtXGGERZAlkTD3uLzfUV6yi1-YYA6LdKPi35jxLdwPovVKZQIe4e3KZvDNgQSANDUumgdNPjh1TNsqD-boGmpD5xUuH3-mu37g5tR4X6Bwe-NEaB_eCGcZ74WRls75qc0o15EFZ6yoO_byeiuLHHAoYK7Fm8vOp3sktqPCQwWWOvNeu9uTtwHikW6cpXqLevNk3dMK4I19VmUolxG7D80jGhY2NPyNkLEXOgSsaV5KgHLhIPu4frtzzR9u1pLfr9Sojlj5l9Uang_m8xqpAsN7Bn2bk4Vzo0z6en9BVKvc5XrMI3POWbgAXB3ueVlImIeBXRA97VcCsgGRUn4cbM_34V9zuPPu4nHAWAMVreSaMOgV3op7H1qV--AxcANG96pGflK51VOFsB_f5vi5-QOV9_2_Hd8p68ctqKIndHepvnctMpBG4KHEnU4U45UexsxDDFqRTiOjdpMEsj-b7A-xQOgOsA-ZCc7LJASWyOr6dtqHzE99ktNyEqa8guPmh4bb8MK3QaG0QVrTvESukqt-ZVgbZzPFkpHeEmvY6knSKia2mRtyqskDhre1mOOOFCUZDAr2vk8louBSUDiAcuaWsTq-aZxVPKjTB0-iW_ZgPyhO60lXiXPdZvSjX4eklv7jwNfBiFxcsr9PWxnDAhiaPSTJAcjjD4ELGH5cFOKqlqCYQYSLYb7L587Ye0pwhRLBbRPRi6InDhAqgHzt37jq9VZoATfkHn42Ih9_02_SDi2mwfB7t52M72oGnTDNRrlOMNlRTXUuPmZPny2Z9nrAaGtqFSbMV84DUEybd6j8rPAAAuqkLr_qW9R4-yE-R49RZdFV6Xuw6inSnn1hn5diP_U3s8wnpTOumrQ1-QBAlHjtHQp83WtUaFfV_w1XrAvC0qJ2RsIGId13ycXZYKzEGS0SOg0HC4iNX1txsNe0PL-E-QIw-Y5hQaiPEfiB3zt8hwuAourNdyf-uH13zvjsqtaNu7aOHt3ttDC9JvgGskhBALg5NTKeEaZJ-PIkfkEUPDC2iF1tVtdSoQHH8GpOpy7SuA_eLs1_6sC3JvYcoAKvjsuucHx6Kf2-p6ysbSZTvre-oGhu77Q-JbQ8Yswc-5HgcOGBm-7hxEc476It685xQ-OapEmuZ7Bz0s5gfDO-32sgwNEnyNHp1fyJLznYNgiGDU81FLeTREa8RsU7SBZ4bRphMqWJAHCcYPzHnG_JttJTnZ4Cu9jiAiuTsF-mG5L4hPeDxdZP0PIOTcfjnCXRsiF6Uxnvs5OnyuYOgHLZNlbZTKpoUyP99EpJDVbY_hU93f7dzxakUHvV57YmT2OwHVMaxphM6fChMaBlupqHvrr486er8fD0-CTbMjH3g-RqL-fsm54PpV0afvxVX9rBXM-e3k5YtYS9U1OECc3nW0GKFg1VqIQiKRrPz92wLEg5-Qtz8iqgj3fvvF_G5LvfLBJ3V8ySikErEVkwePq8XcK1Ab_La7A7dXiZEwDExmoQBnabXTZWHmZURrREBnQ8KUqpp6YDH4JJxJqS5bgosQ7jN9S8Y6W2cj9S_sWIOS-pj493rVhG01tZwpQnEKpPwnyWmldzYNZd1ezuHi6o2-0JGDAtbGygKlQZ7cy-xAWY1Rj-wDADklgyQnaa7R_5p-djTlWEx1t7bPlmdbchAq-d5MIzOwoUEr8MOenwtZF-qZEt4vOCv2NHApVdi3saH-JinA2-PV87KT1TlgulXrnxjKnaQglJFULTRdnmEVvLH-AATc8PtFDYQhjQVFXpDwOUgqo24F7ia5oxkGDnO0FwLG--QhNdJEUCIo1ZbFIHogrFb-8Vpa7sVAqj1GpNKVObLxi4895y3rs43hIZpTOJJdNBiCwpVVP7Dmx9xe3rZUiTdJJfJ8X-tc_2KtDxngiq7oghtcWKWW_yxzfkV3wazAgkPOhduN-nGWDxoMHEzkDiwHLCh0m7duhy46jKOp0Gti79PquTyrfju5uVc4BlGXiZ-oqZB1jTP3a6qXdhkfjvl5XE39iFURMtMht-wIvghPe6K6eQxR6jGtp8tnHok1lVIr8NLmGpp-LEz7HqsfSnF34SPRKD6sNZ6e-XE71i-OUmxrXD_vMk2E9fdNrz_--yoETW10tecsce0XOBSQuHaexhyVIhzYwvwCd8NEmgvhmmLniAFsGpVvcqfqls5MAUgDT-IUI3CJbe95XjbaQPEz7gkSJ79GZ-Mre4znjriyHHM9jlYPb6dwRZcVkgm_C7jMWdj-fScASF5wnTFwOAaBD-VDByFDvc_RHLUFo5UkpQjRBAvFG7txEl9K4sBeFiWdKS5QY4pE0JwrjzPd1XDscesnOo94snd6e9U_VFxcYoVhdNGU5hk5fNar72fEOncj7juYztzfnXw1It4pVF8LJanbF-ywbVJaDS0u0HS81dD_pYVtU5Ex5tKcIEGU7hapxPi0T9RTlKETZ7uZx8SBmS_L00EkgNvMkAKhatwJxWAN11IoAng5VRsAFIUadgwUvXEKWqfds89zwyQF6RJottJCo65NUbaEZ5bqqbGoy2saEXlCT2kAyz2ybNYdA7C1JEB8PHmJMCac25ozl_9e_wCfDUXTjKjuVYEQ6VhVqLOTlK-7QVmsT2vuYc-okA5-4rSBFJ8XixMeM6de5MYcOcv7nASdj6JS1gt_Xa52QOO8GHt3V1i0cNAkh0qgucjLaPr7rtLvUwncy8V-hC17ThqBOZiN6vWWwTBBGL6zPq4A4j_6IczXbV4Lhm0N-Qr7zz0UoYZqjDzt_wtURVusqXnrn6phOIqbvnxS8mgoiL8yjPKDCtKVKqPPq6GWr-3OSh1a4DhySSBVYzKuH0Z1P7uAzSTwYgBc3pek--WZ69DC2gmp2GCarWe3DIez-j0MOrL5LlU-i2ZcnspXm1nGgC5YgFf88GKP0ZywjS7vgG4LnktyJjpajStwuFQsie_NNjdgrpXtta7Iilzcxx80AC4vvDJBhfFH8JI4g6eIjSL-stsKKR9dYbHW86d4RMk_QBvC-RwKXckTQfB_-SopDuKya59xDiOGXqlkOUlz70llfYJtJnNQhmd98RzA715cONFggtPZC757U9Ee1wA5Bfo0-dIa_btaRtoJriu1jUi4FHUQ3eNIG8CHL79pL5SJXZdIk0_rDKvmF8XvHwOiyNFKvcpk748NmG7PjFwFPTIj6kLLUUi0N5iNNjc8fCoXNkV68_x9muxvJ_KQVteBwp4wy9plJvzn78M7vbNQej_XFJp0&cid=CAASJORo7NLDL7qwtTqe0aDTTwRofOZLknsr6eOINTtZizK1STOjYg&rfl=2%2Chttps%253A%252F%252Fbuhgalter.com.ua%242%2Chttps%253A%252F%252Fbuhgalter.com.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:33:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 16576748017229546422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Apr 2022 09:33:14 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7704 41 KB
15 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 09:34:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 172793
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Mar 2023 09:34:28 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 113ms
113ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=958741&asId=6cc4dcd4-fb3c-9059-c9da-214cb7ba7c94&tv=%7Bc:7XuKjp,time:1133,type:e,im:%7Bpci:%7Btdr:1021%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:1133,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1128~0%5D,as:%5B1128~250.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:205,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C182%7C183%7C19.10933%7C1911%7C1912%7C1913%7C1914%7C1a*.958741-61007899%7C1a1%7C1a2%7C1b1%7C1b2%7C1b3%7C1c,idMap:1a*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D10F 42 B
64 B 91ms
81ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvgISKF_-ZPDsgj1TNDIRuNeP5t_rhQkmi1-3_hg8p2r_6FM3yhWgLtyn2ylE5RH0-zTfRBeUYM37uKtIgS6ltNJvPxmkXEhTUOO80v7vOs7M3HeC8rvw&sai=AMfl-YRUxChwUoPfJAyTinRNDQ-0T1Tm4NVFR0xmyP_jg8G-jzl9a0t_Jo4x1j-mLcYkAxHsF1-q_QcDbalrbZ39J_CGeMG5HtxxQB_yV6U4GNAM46T_0dG5Gzc_BfE&sig=Cg0ArKJSzPdbHCe7GWUKEAE&cid=CAASJORoCKD0IxGJxNut7gahT5Cg8oXvCCcJEsgCzNL6QTvuSc2jAQ&id=lidar2&mcvt=1002&p=40,315,130,1285&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20220323&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1472868681&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1648287259733&rpt=798&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK / Show response
servedby.flashtalking.com/imp/1/170420;6331247;201;js;DV360;DemandCreation2022Q1PhotoshopEMEAUKCONDISPLAYAffinityDV360728x90Natasha/ Frame 7704 1 KB
2 KB 266ms
39ms Script
text/javascript 209.197.3.19
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://servedby.flashtalking.com/imp/1/170420;6331247;201;js;DV360;DemandCreation2022Q1PhotoshopEMEAUKCONDISPLAYAffinityDV360728x90Natasha/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_ifb=1&ft_domain=buhgalter.com.ua&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fbuhgalter.com.ua%2F&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&cachebuster=927781.7138193598
Requested by: Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.19 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: vip0x013.map2.ssl.hwcdn.net
Software: prod-xre-app29.lhr11 /
Resource Hash: 119432b285b43e5387846bdc690fa04a73a851f14e3084762eef4e94b205d3e2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 09:34:21 GMT
Server: prod-xre-app29.lhr11
X-HW: 1648287261.dop026.lo4.t,1648287261.cds210.lo4.shn,1648287261.dop026.lo4.t,1648287261.cds290.lo4.sc,1648287261.cds290.lo4.p
Content-Type: text/javascript
Cache-Control: no-cache, no-store
Connection: Keep-Alive
Content-Length: 1499
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 237D 22 KB
8 KB 44ms
44ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Mar 2022 09:34:28 GMT
expires: Fri, 24 Mar 2023 09:34:28 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 172793
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame BDA0 0
10 B 45ms
44ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?k_RB1w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js Show response
pagead2.googlesyndication.com/bg/ Frame 237D 35 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 109
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13806
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Mar 2023 09:32:32 GMT

POST
H/1.1 200
OK evt Show response
lm.serving-sys.com/lm/ Frame A1F2 0
230 B 278ms
43ms XHR
text/plain 3.121.17.249
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/evt
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_218_3_0/ebHtml5PoliteBanner.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.121.17.249 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-17-249.eu-central-1.compute.amazonaws.com
Software: LogModule 0.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
Access-Control-Allow-Credentials: true
Server: LogModule 0.4
Content-Length: 0
Content-Type: text/plain

GET
H2 200 Serving Show response
bs.serving-sys.com/ Frame A1F2 24 B
631 B 44ms
44ms XHR
text/html 3.126.134.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving?cn=display&c=40&sessionid=6314393124380863953&ai=1086325990&usercookie=u2=a2770763-24a2-475d-956b-7c1e9a854314&oo=0&clsrc=2&clbv=_2_218_3_0&gdprpurposes=1023&dg=1076790780&sdg=1077561305&ctick=237&ord=0.07549443423112878
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_218_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.134.118 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-134-118.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 2e7778c6ed3c31a131da378d6e573a1b3b6723037cdeea4c4832da83e60c9399

Request headers

Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
access-control-allow-origin: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
cache-control: private
access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
content-length: 24
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2 200 index.html Show response
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/ Frame 25C5 2 KB
1 KB 301ms
301ms Document
text/html 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/index.html?v=_2_147_1_0&n=1&sHost=secure-ds.serving-sys.com&clickTag=https%3A//secure-ds.serving-sys.com/BurstingCachedScripts//ReportPage_2_12_4_0.html%3FebReportURL%3Dhttps%253A//bs.serving-sys.com/Serving/adServer.bs%253Fcn%253Dbrd%2526PluID%253D0%2526Pos%253D7829839445187556%2526EyeblasterID%253D1086325990%2526dg%253D1076790780%2526dgo%253D1076790780%2526di%253D0%2526pc%253D%2526sessionid%253D6314393124380863953%2526usercookie%253Du2%253Da2770763-24a2-475d-956b-7c1e9a854314%2526OptOut%253D0%2526gdprpurposes%253D1023%2526ebReferrer%253Dhttps%25253A%25252F%25252Fb5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com%25252Fsafeframe%25252F1-0-38%25252Fhtml%25252Fcontainer.html%2526ncu%253Dhttps%25253A%25252F%25252Fgoogleads.g.doubleclick.net%25252Fdbm%25252Fclk%25253Fsa%25253DL%252526ai%25253DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%252526ae%25253D1%252526num%25253D1%252526cid%25253DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%252526sig%25253DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%252526client%25253Dca-pub-8618771545316321%252526dbm_c%25253DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%252526cry%25253D1%252526dbm_d%25253DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%252526adurl%25253D%24%24ebImpressionID%3D7829839445187556%24%24ctick%3D1648287261675%24%24ebTURLs%3D%5B%22https%3A//googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%26sig%3DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%26client%3Dca-pub-8618771545316321%26dbm_c%3DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%26cry%3D1%26dbm_d%3DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%26adurl%3D%22%5D
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_218_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: e2bf45241f07498520af8df8be619875192ee90b04f9584b035302fb64af2927

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/

Response headers

content-encoding: gzip
content-type: text/html
etag: "92f41f05411363194716943bfc2dee5f-df"
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
vary: Accept-Encoding
x-amz-id-2: dINC+mWlPfSUxQi0Bp7LBWfbNSL5wufpBZ4l/wxCvIFPtBSVOG3arEo3WI9k/VbR3dVyyAKACfc=
x-amz-replication-status: COMPLETED
x-amz-request-id: DXEP9VDT0E715VFN
x-amz-version-id: zpKpcC7.qZlbeWI1r89xsl4N2shRP_2D
content-length: 855
expires: Mon, 31 Dec 2035 00:00:00 GMT
date: Sat, 26 Mar 2022 09:34:22 GMT
access-control-allow-origin: *
accept-ranges: bytes

GET
H2 200 adServer.bs Show response
bs.serving-sys.com/Serving/ Frame A1F2 0
500 B 45ms
43ms XHR
text/html 3.126.134.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=int&iv=2&interactionsStr=$$1086325990~~0~~1076790780~~6314393124380863953%5EActualSize~250x250x0x1x0000x1x1x250x250~0~01020~254$$&usercookie=u2=a2770763-24a2-475d-956b-7c1e9a854314&rnd=0.028372176129397797&res=32
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_218_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.134.118 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-134-118.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
access-control-allow-origin: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
content-length: 0
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H/1.1 200
OK j-6331247-3451578.js Show response
cdn.flashtalking.com/xre/633/6331247/3451578/js/ Frame 7704 54 KB
15 KB 269ms
104ms Script
text/javascript 2.21.140.103
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/xre/633/6331247/3451578/js/j-6331247-3451578.js
Requested by: Host: servedby.flashtalking.com
URL: https://servedby.flashtalking.com/imp/1/170420;6331247;201;js;DV360;DemandCreation2022Q1PhotoshopEMEAUKCONDISPLAYAffinityDV360728x90Natasha/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_ifb=1&ft_domain=buhgalter.com.ua&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fbuhgalter.com.ua%2F&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&cachebuster=927781.7138193598
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.140.103 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-140-103.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: 9fe21660451041243f1f8a4e941828eb1a20f493b577822cbc845da85c50d02a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 09:34:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 16 Feb 2022 10:55:08 GMT
Server: Flashtalking (AKA)
ETag: W/"17e0e00bfb0c9b76ebdeaae83fe7b3a9"
Vary: Accept-Encoding
X-Varnish: 787888693 788121071
Cache-Control: max-age=1200
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript; charset=utf-8
Content-Length: 14538
Expires: Sat, 26 Mar 2022 09:54:22 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 237D 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BYo3zHd4-Yo_yG7WhlQeY04rwDgAAAAA4AeAEAg&bg=!W1ilWBzNAAbzJazn0yU7ACkAdvg8WoD6s1Ky4hJ03bSldebvCIZ6N6qU1JqWpR4xvKbBTBsaRm9SkAIAAABhUgAAAAJoAQeZAzOfZFHK5HJOpC4rPnedLscVXrcoGP8stIrUz_vtjqsGyDSK45d8Z_3C6z-1cUnSp4qqTu9qX9GBQ4Gbx38iRf-Zwy20GVcjpFBmqOILeeyOSrxhjPOFdYiayoUFlCmvfS0TX-fhhf09Ph71iyXUTV9DogFK_9287h8xtrharYFw_IifkwyPr0UBuV6aPB0RWlSqeVVx3sO2Aamo0WvxIH0RlmF8uRIr19J0GS-M-RY0pulr9BKOmKhTCqzRzSibOCkXI8IVv7CZRbfv7uWpo_Li_DztiMkGM7TlZf5Juz8zMuOMKjIgYydYXMFMX6HVdvRalesw2clhkdGbGn7tAk5FLM8Ol4JlqfTSZzgJXCmmMRs7AllMY5-VRe51MRyN5PEqN66VUSHmDJf25PUoVjufrf-vbMIQ87cFum2g_pYUQju7XJSKc0zPv5Xqm_x2k30m2Xz6qpVM0t38KwPdrTDUMr5ujOqLseB2C6VoSW7yiiUDrh4szKJ_DW3gMo9iKYArg176t0cwYs-fQ0orkPuMzw3ZJgRbYQVrKCvqQupU8e54NKsJ8sTI5MIOqa14Og_9XW9v2bOOQR8LkiM0sJbV1RCGRgRU5sfjDgs1yHkt-_a6wzx6oKmcPL7Rp-Fml_1NqzlCd5XnKVhblsvFn9H9tY9xtJtNFqlCLECLqj8BhfXaco0fdO4xh0E-frJ6PzSSF0z6WtdgZtQ7OgsRmpZPINhOaXShRow7p0VDfFFJic29KQX5kMi0rmBWB2PHY2G_NXNAV6bzhypWjTg6_acTOCh-LroixCnvIHpUgznwR95_ZSYavZIViX02tLstZmZfyeL0n_VYC3ZuuxsUWPk1-grbxP6pSOHUm9BaVULKkCUkF4jOeuw8Rcj2Fbr5fmlU7TxqbdPfwcX1G7A_1fZaaBM2NPYuA1Cs1oUHL7ut5tgPXsW8tey3skboXBH6HwX0MyzAkUtiM58GOjZqAVjU0Swi2OluegNZoKNBJvwdRPBGJrWwG6tl3mhClOncUv0igVWRirNLXpkpkltAWGIzyE2ucsgBlFTFz0f9kZb8lRhcZX7bhB-uNlzTn2E2o89pQCQ

Requested by

Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 192ms
64ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fbuhgalter.com.ua%2F&domain=buhgalter.com.ua&cw=1&pbt=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://buhgalter.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://buhgalter.com.ua
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1566
date: Sat, 26 Mar 2022 09:34:21 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fbuhgalter.com.ua%2F&domain=buhgalter.com.ua&cw=1&pbt=1&lsw=1
https://mug.criteo.com/sid?cpp=S0J3Q3xhUU5NelQzRVlZWjArVDhiSzBtWU9nak1OMTR4bHdxUExsWTdmTmdaU2ZXb21VZy9iTEVMdXdVY0NjZm92UUxEbmFDTGRVYXVVVEMwVTFKVjNWRmcweEl0K3JBNTJicWp1RTg5cFJ1UlE2Y0R6R1loV2VLeEU1ck...

432 B
680 B

39ms
38ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=S0J3Q3xhUU5NelQzRVlZWjArVDhiSzBtWU9nak1OMTR4bHdxUExsWTdmTmdaU2ZXb21VZy9iTEVMdXdVY0NjZm92UUxEbmFDTGRVYXVVVEMwVTFKVjNWRmcweEl0K3JBNTJicWp1RTg5cFJ1UlE2Y0R6R1loV2VLeEU1ckdPRE11RngwKzlnbmJEWlJwZk9OeWRidk02bXkrOWI5Q3M1VEhVMGNkU3RLTklMdkNmaWtnYm0yMTZicUxiWHhFaE9Cemh0VEZMejlLWWdVK3QxWm92ZkRRc1BZMEhxZEllWUtRQlRLRlcrZE1DZE5JR3NZNnBWbjYrM1ZsYWFhd0JLWVhGdzBBaDZxcTFKU0IyNXRJQWIxSVVNYWxRZz09fA&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

ef2ef55ce16f698af74351dfe24ec0d395dc49e47d484459f236c37b08d224cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3641
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
location: https://mug.criteo.com/sid?cpp=S0J3Q3xhUU5NelQzRVlZWjArVDhiSzBtWU9nak1OMTR4bHdxUExsWTdmTmdaU2ZXb21VZy9iTEVMdXdVY0NjZm92UUxEbmFDTGRVYXVVVEMwVTFKVjNWRmcweEl0K3JBNTJicWp1RTg5cFJ1UlE2Y0R6R1loV2VLeEU1ckdPRE11RngwKzlnbmJEWlJwZk9OeWRidk02bXkrOWI5Q3M1VEhVMGNkU3RLTklMdkNmaWtnYm0yMTZicUxiWHhFaE9Cemh0VEZMejlLWWdVK3QxWm92ZkRRc1BZMEhxZEllWUtRQlRLRlcrZE1DZE5JR3NZNnBWbjYrM1ZsYWFhd0JLWVhGdzBBaDZxcTFKU0IyNXRJQWIxSVVNYWxRZz09fA&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://buhgalter.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2046
content-length: 541
expires: 0

POST
H/1.1 200 692.json Show response
id5-sync.com/g/v2/ 213 B
534 B 179ms
44ms XHR
application/json 141.95.34.105
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/692.json

Requested by

Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex19077/hb_299506_4371.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.95.34.105 , France, ASN16276 (OVH, FR),

Reverse DNS

p34.id5-sync.com

Software

Resource Hash

064eb1abf6ed7effd1a878ce4212a3bdc5a151b6886ec619f2219a32adaa2074

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://buhgalter.com.ua/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://buhgalter.com.ua
Date: Sat, 26 Mar 2022 09:34:21 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A1F2 42 B
64 B 83ms
83ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssBbX_0nzz-DQuwcBTxd5jS8dvWJmXpV8gxkdv5xBfUUJjW2LjBgYAXMC6m2POc_c1TdmQ670GJMxRgym6zheon98_S74cGGzK_2ycQprKwDwFgHKSuUQ&sai=AMfl-YSaCmEtqLqKh7FExymSjzl0on_2vLNu3diONr8IQ8FQ8GL6rZ1rPuE7T2xpECmYLSQnDlq-D3v1N_tXUpElG4cXNRFzm9sUu5G_nQ1aQIwr565U2FD34uKWkQ0&sig=Cg0ArKJSzIwj6kyhMZNCEAE&cid=CAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA&id=lidar2&mcvt=1000&p=889,1160,1139,1410&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220323&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2541184592&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1648287259801&rpt=1239&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 styles.css
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/ Frame 25C5 838 B
695 B 137ms
134ms Stylesheet
text/css 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/index.html?v=_2_147_1_0&n=1&sHost=secure-ds.serving-sys.com&clickTag=https%3A//secure-ds.serving-sys.com/BurstingCachedScripts//ReportPage_2_12_4_0.html%3FebReportURL%3Dhttps%253A//bs.serving-sys.com/Serving/adServer.bs%253Fcn%253Dbrd%2526PluID%253D0%2526Pos%253D7829839445187556%2526EyeblasterID%253D1086325990%2526dg%253D1076790780%2526dgo%253D1076790780%2526di%253D0%2526pc%253D%2526sessionid%253D6314393124380863953%2526usercookie%253Du2%253Da2770763-24a2-475d-956b-7c1e9a854314%2526OptOut%253D0%2526gdprpurposes%253D1023%2526ebReferrer%253Dhttps%25253A%25252F%25252Fb5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com%25252Fsafeframe%25252F1-0-38%25252Fhtml%25252Fcontainer.html%2526ncu%253Dhttps%25253A%25252F%25252Fgoogleads.g.doubleclick.net%25252Fdbm%25252Fclk%25253Fsa%25253DL%252526ai%25253DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%252526ae%25253D1%252526num%25253D1%252526cid%25253DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%252526sig%25253DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%252526client%25253Dca-pub-8618771545316321%252526dbm_c%25253DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%252526cry%25253D1%252526dbm_d%25253DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%252526adurl%25253D%24%24ebImpressionID%3D7829839445187556%24%24ctick%3D1648287261675%24%24ebTURLs%3D%5B%22https%3A//googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%26sig%3DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%26client%3Dca-pub-8618771545316321%26dbm_c%3DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%26cry%3D1%26dbm_d%3DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%26adurl%3D%22%5D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: f3450e351d2ac1dd241a9fa5fd421744be8612a57ea6a989aecdf3e50e076d32

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: Z6xsahx_p5VK2M1lXHrUxF9d0WVPe2Co
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: ARPHMS32NMXR3R8J
etag: "d15dc49ee36bae778e696443e6481751-df"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 332
x-amz-id-2: 8/NCnCV1wDbLpFUJZKVZVebh4s9hMsxOceCb4jaknbxBgqWK/Dx6MFeCpU2PiGesmsQb7q4zVRA=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 25C5 113 KB
38 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/index.html?v=_2_147_1_0&n=1&sHost=secure-ds.serving-sys.com&clickTag=https%3A//secure-ds.serving-sys.com/BurstingCachedScripts//ReportPage_2_12_4_0.html%3FebReportURL%3Dhttps%253A//bs.serving-sys.com/Serving/adServer.bs%253Fcn%253Dbrd%2526PluID%253D0%2526Pos%253D7829839445187556%2526EyeblasterID%253D1086325990%2526dg%253D1076790780%2526dgo%253D1076790780%2526di%253D0%2526pc%253D%2526sessionid%253D6314393124380863953%2526usercookie%253Du2%253Da2770763-24a2-475d-956b-7c1e9a854314%2526OptOut%253D0%2526gdprpurposes%253D1023%2526ebReferrer%253Dhttps%25253A%25252F%25252Fb5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com%25252Fsafeframe%25252F1-0-38%25252Fhtml%25252Fcontainer.html%2526ncu%253Dhttps%25253A%25252F%25252Fgoogleads.g.doubleclick.net%25252Fdbm%25252Fclk%25253Fsa%25253DL%252526ai%25253DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%252526ae%25253D1%252526num%25253D1%252526cid%25253DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%252526sig%25253DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%252526client%25253Dca-pub-8618771545316321%252526dbm_c%25253DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%252526cry%25253D1%252526dbm_d%25253DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%252526adurl%25253D%24%24ebImpressionID%3D7829839445187556%24%24ctick%3D1648287261675%24%24ebTURLs%3D%5B%22https%3A//googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%26sig%3DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%26client%3Dca-pub-8618771545316321%26dbm_c%3DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%26cry%3D1%26dbm_d%3DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%26adurl%3D%22%5D

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 26 Mar 2022 09:34:22 GMT

GET
H2 200 bgPreload.js Show response
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/ Frame 25C5 3 KB
1 KB 137ms
137ms Script
application/x-javascript 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/bgPreload.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/index.html?v=_2_147_1_0&n=1&sHost=secure-ds.serving-sys.com&clickTag=https%3A//secure-ds.serving-sys.com/BurstingCachedScripts//ReportPage_2_12_4_0.html%3FebReportURL%3Dhttps%253A//bs.serving-sys.com/Serving/adServer.bs%253Fcn%253Dbrd%2526PluID%253D0%2526Pos%253D7829839445187556%2526EyeblasterID%253D1086325990%2526dg%253D1076790780%2526dgo%253D1076790780%2526di%253D0%2526pc%253D%2526sessionid%253D6314393124380863953%2526usercookie%253Du2%253Da2770763-24a2-475d-956b-7c1e9a854314%2526OptOut%253D0%2526gdprpurposes%253D1023%2526ebReferrer%253Dhttps%25253A%25252F%25252Fb5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com%25252Fsafeframe%25252F1-0-38%25252Fhtml%25252Fcontainer.html%2526ncu%253Dhttps%25253A%25252F%25252Fgoogleads.g.doubleclick.net%25252Fdbm%25252Fclk%25253Fsa%25253DL%252526ai%25253DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%252526ae%25253D1%252526num%25253D1%252526cid%25253DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%252526sig%25253DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%252526client%25253Dca-pub-8618771545316321%252526dbm_c%25253DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%252526cry%25253D1%252526dbm_d%25253DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%252526adurl%25253D%24%24ebImpressionID%3D7829839445187556%24%24ctick%3D1648287261675%24%24ebTURLs%3D%5B%22https%3A//googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%26sig%3DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%26client%3Dca-pub-8618771545316321%26dbm_c%3DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%26cry%3D1%26dbm_d%3DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%26adurl%3D%22%5D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: d3d3bc35b7de805f63731af1af5ef5314b9bd0ef50df87944981f6af8836ad0b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: D25Q.YGXQUJd8vLdQebpu77W5_xAWUWb
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: YNHBX6CJKC1N79QH
etag: "e395cbddd2bb7592fc8149922d75ba95"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 1037
x-amz-id-2: r7T4douS6jtMofDqVeTNfJzEAo46C25h1A/zMgFdpzozfxub3ruDinUI+iZpg2DkbVuoYbayDL4=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 setup.js Show response
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/ Frame 25C5 222 B
552 B 298ms
297ms Script
application/x-javascript 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/setup.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/index.html?v=_2_147_1_0&n=1&sHost=secure-ds.serving-sys.com&clickTag=https%3A//secure-ds.serving-sys.com/BurstingCachedScripts//ReportPage_2_12_4_0.html%3FebReportURL%3Dhttps%253A//bs.serving-sys.com/Serving/adServer.bs%253Fcn%253Dbrd%2526PluID%253D0%2526Pos%253D7829839445187556%2526EyeblasterID%253D1086325990%2526dg%253D1076790780%2526dgo%253D1076790780%2526di%253D0%2526pc%253D%2526sessionid%253D6314393124380863953%2526usercookie%253Du2%253Da2770763-24a2-475d-956b-7c1e9a854314%2526OptOut%253D0%2526gdprpurposes%253D1023%2526ebReferrer%253Dhttps%25253A%25252F%25252Fb5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com%25252Fsafeframe%25252F1-0-38%25252Fhtml%25252Fcontainer.html%2526ncu%253Dhttps%25253A%25252F%25252Fgoogleads.g.doubleclick.net%25252Fdbm%25252Fclk%25253Fsa%25253DL%252526ai%25253DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%252526ae%25253D1%252526num%25253D1%252526cid%25253DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%252526sig%25253DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%252526client%25253Dca-pub-8618771545316321%252526dbm_c%25253DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%252526cry%25253D1%252526dbm_d%25253DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%252526adurl%25253D%24%24ebImpressionID%3D7829839445187556%24%24ctick%3D1648287261675%24%24ebTURLs%3D%5B%22https%3A//googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQIOvG94-YtPmBaKFjuwPxua-yA3MvYPjaLLW1LrWD_AuEAEgjOWgH2C7hoCA0AqgAY2yk7MoyAEJqQJaFK09VB22PqgDAaoEkgJP0Bf5og5zEAzp9yFrw6bKfjspp4QhoWOIxJpgqClY4R8Tk8a53TfhO0mtCDniZV8Piu-Zg-uwdQuZVsyZW_NnLiOEGSzWlxPvxd8P2PgjuAX222SYVP6is8E7s3vFC93fg0_rlc0ie26KQgiafJNz7L7r3pLFEBsMew9OCIb-Nw_LDb3k-NC9Sd8ZJDCg_VN9C5WVVcPVjVKus3XCLuKNt0ErYBQKhFKhkHXDcnd5zlNrkA62eWyQ3k1srs5zS0t5OMWIjsYwYG498uPFSRAXfjaEiYvixJfpzz5ACEUUt9uR8AblgY3Rf1k9WZs_aL7s806VrVNcNVNlLr-zAVpJjPanu7auvfaCYCp1OEtn9btlwASp9Mmo6wPgBAOQBgGgBk2AB43q45IDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoBmAsByAsBgAwBsBOYy9EO0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJORoQYGxkIGBMEqotlQXIjjfzDHTRWG4FH6LjwK5-a95PgElGA%26sig%3DAOD64_0HK7y9hxV5yyXCZtqSgeYA1VcVhw%26client%3Dca-pub-8618771545316321%26dbm_c%3DAKAmf-DlO3tLW_Tt4pnQlPHTHMHSRf89vnQ86YJviM5UJcJkniet7_T2VeUsPAhyd-zXDsUaYNweB_G39z1zzPtgP2sQdnCeDD3Mv2iCH7LKjD3o21ep5m0d6tKTD3JfgoYuaBHU97bw8dP9wiZRi52gQBy3dYjQzw%26cry%3D1%26dbm_d%3DAKAmf-BBDPtAVdGDIlWdAhlBOypwyA6UQ3fRCpvypy7juIQaqs_Uaew5FbLFFDXp1S7ayhOvjUwic43whWzHTcSsObegMuL6A-67ur3AyAFxlF7hmE6NwnxGxzQ6n_8M2jmyicY3Ob7BnpwFl5SEMwQXGvVjFch9STjT2qi99nmmAaaf1a6GULR8B9T1MioJWiZQc2oj6737_H-flPhQcqNOAj1F1lKPzRX212gA0wKti2u2l9Y9paZi1KkL5pqRXNJ-fiv4CXhf4xQZ1XuvJX_9PDnsonWqwU5ZqESrIl-ueEZMyfJHMRA3dd-66uWiGaBbDdGGM9RSobfApvqnFfKuSbmTKSdv_x-UJw1j-YG0q8xLTgrbjeAeQjYklrPXtADxSEvnMSUr2iKS3yNOrzGjI7qSu04PTjnis1lmzRy-5MSaRTyOB0eWuvAudeiX5N2hr8LlB4tPL2qgWbYvQaq0QNDAgrFP7A%26adurl%3D%22%5D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: 1e61778707dc3a1bde2ec4c0b02387b7fdc7291f1230fafcaa8ec2f996cb972f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: jNvPHkv0jWl9PfBCH14_SwexcYAXpvhL
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: 0E8H8QKHR4E3T7CZ
etag: "4caf7345f0d97427d38021d70bd3f111"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 178
x-amz-id-2: MvtALjiUQOBsgWI/AP+2zxcosxlM/Pe3naLRdSh9JYK4LV63U1j3CRVJyM7qr6l9KaXL4WhWw3c=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H/1.1 200
OK index.html Show response
cdn.flashtalking.com/142462/3451578/ Frame 5A29 11 KB
4 KB 307ms
306ms Document
text/html 2.21.140.103
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/142462/3451578/index.html
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/xre/633/6331247/3451578/js/j-6331247-3451578.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.140.103 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-140-103.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: 3af0dcf4f6579a3cae027db5f5e63ab5510cb021cbe53d866733b4dde6671d65

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/

Response headers

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age: 3000
Last-Modified: Thu, 13 May 2021 15:41:37 GMT
Content-Type: text/html
ETag: W/"0144cd8d794da4865e1608f6fcbe7057"
X-Varnish: 6558909
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=1200
Expires: Sat, 26 Mar 2022 09:54:22 GMT
Date: Sat, 26 Mar 2022 09:34:22 GMT
Content-Length: 3499
Connection: keep-alive
Server: Flashtalking (AKA)

GET
H2 200 moatad.js Show response
z.moatads.com/allresponsemediaglobalftdisplay739160694092/ Frame 7704 299 KB
102 KB 136ms
43ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/allresponsemediaglobalftdisplay739160694092/moatad.js
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/xre/633/6331247/3451578/js/j-6331247-3451578.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 99469201e9dbf15a407c751143dd1bf1b6fdc491b0dc8539cabb69b0034bd48b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:22 GMT
content-encoding: gzip
last-modified: Thu, 24 Mar 2022 16:00:56 GMT
server: AmazonS3
x-amz-request-id: C600F5KMTHQ4WJ54
etag: "d5387431e231129a58e6af4cac5b94f9"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=15200
accept-ranges: bytes
content-length: 103540
x-amz-id-2: 3SWXgN2lISNUyIkelBXVGYok3tdq9x+cVDME7U7bd0idkc+IG0ejsUfb+aSqlhSHgh4rNb/wtAU=

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0CED 1 KB
749 B 43ms
42ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 26 Mar 2022 05:53:44 GMT
expires: Sun, 27 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 13238
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 7704 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 7704 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad6df8407c8fc8063eb90989c874e5459eb2f91162950deca29d64fcc2c7c109

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E829 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022031601&jk=478551931505792&bg=!dnWldTHNAAbzJazn0yU7ACkAdvg8Wm3jOn7TQEXz_Y0ih7f5W7aS5hZJPFz9GlTtbF4ODoW9aI4_UQIAAABlUgAAAAJoAQcKACbahchuDqVosMKhnJJtQ3ynTUsQfXHodiO-AOc0Ss3HAHLNtvnSM5kDBZpbeY98yljgPQV0jfSTKZDBoK-UI4l7IVYdBTFoqLLssPWaBKzXx9s5UXDRp20GLrpqH14ZUVFmP73odpYDSe2xT_KxonTcwWACAsbPOlirtQ0ZBvyEN8PmqO30VIgbD1OqDSHCvHzclpWwVCQGLkivfMSs0p3G4WPe7C4YBthD3urP5DwuxIiQR2cQHgK7oUPAhMrhFHyzYrA8jkT_vedPhZdouUWUucDuhm1FG32aETj61Fw0XqZ0zF4iTCj5gEgC35934rfuZbBIdzNF2fIB0WUNOXeRLaYYJk5pLVmOOv8wZD-dnD-4Q7yKJBHXI9-V1QfojCzA9I5phoydWGOF5RRUpyKIq6n5HDiO6sKlLwRzMCSKTCIH1R-qvKUwwCNJrKEuSzvvBZr6A75074R1MDaB6CeyUEt1tTLBZnmAH1IoWAryb8AVsSJpx5gzJcyTEDmqOb_B8pV5H3wbl5WBMmZOWwEoq07FAurEnmdG1eyhNit_Sdr2KlaQYylgZXn2-qf9KWVdigXvZ_xV1lFfB8G-C52e6v73GvoA_MaumXh4h1-8U5k6hLlBOK7k6mPbfX7A518swwZwjnW6h5iPkxWxgcvJ8-W6iLUKG4t-yVmKwoFOjmgtLsHjsE_F8vAAEiNPaKOLwBXIShPjb7h5V_jn7tygpVVERN7mA2F6BbIUgoNqLFDAh3oIJDcYg91l-89x4w7Gt9KIAhLEwrgEo_5PtkTNL7rr1AEcUj_j93lSwmzxa14xcN2l9kw6srGalyW9v0JEJ6Yo-7f8Vwt1-uztNhHj02X_FNSKm8OZjfIwDHXOuBt_chXpouO5L4i7gB6s00QlDZyXSXjHj2_HX-dJ5JYSksWDQCRtEU8OYARHehYJlNTKqed3AyNswl3BLARwbeep71W8TGyxe7LSeiWcqPMpM4ZpKpfYOlXMAdL4LcZ6WiOoKMTgol__62oRxfyMAyjTZRJ83lv3i161u-grk70IzkjPMO8GlZ1blIIYa0oUMasyoF5s0oqwVdWYr2zf

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://buhgalter.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 0CED
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBx8YyGOeP9iepC45X6102o&google_cver=1&google_push=AYg5qPICvSR2bxFsYaGjuTRT-C4IfwH8jJODVVtQ3fHJJ0i80ixfTqCHhkI0UCFA_ry8tin6OJDT1L5nwxODMjL2wMVuCOCPR_Q
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Nzc4MzY2MjQ3NTk1MjgxMDgwMg==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBx8YyGOeP9iepC45X6102o&google_cver=1

43 B
398 B

48ms
41ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBx8YyGOeP9iepC45X6102o&google_cver=1
Requested by: Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:21 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBx8YyGOeP9iepC45X6102o&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 0CED 0
104 B 198ms
68ms Image
text/plain 2a02:fa8:8806:16::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEFUzEH6uM-srL5b9uJe7674&google_cver=1&google_push=AYg5qPL4RpqYO_6BmZshOYCwOaViJTzTX7T0iCjpCGW6pIOjIx9pq-jtg8GX5Iz0_som0hQeCFHqQIr9_x2E30RxxDk4BbQVudk
Requested by: Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 0CED
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEDKG_i1zgjYsNkKsYZM36cg&google_cver=1&google_push=AYg5qPJy7gfVSoA1AQd0v8GVNPJDXmFlAGHedbxb62gvfuGdFWzNKa7KPCEBIvxgLOQdh5EJsTwMLQnqae3y_IAwpg4h0n8X0XA&r...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDKG_i1zgjYsNkKsYZM36cg&google_cver=1&google_push=AYg5qPJy7gfVSoA1AQd0v8GVNPJDXmFlAGHedbxb62gvfuGdFWzNKa7KPCEBIvxgLOQdh5EJsTwMLQnqae3y_IAwpg4h0n8X0XA...

43 B
417 B

223ms
213ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDKG_i1zgjYsNkKsYZM36cg&google_cver=1&google_push=AYg5qPJy7gfVSoA1AQd0v8GVNPJDXmFlAGHedbxb62gvfuGdFWzNKa7KPCEBIvxgLOQdh5EJsTwMLQnqae3y_IAwpg4h0n8X0XA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJy7gfVSoA1AQd0v8GVNPJDXmFlAGHedbxb62gvfuGdFWzNKa7KPCEBIvxgLOQdh5EJsTwMLQnqae3y_IAwpg4h0n8X0XA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6f1ee3defe1c01e3-ZRH
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 29376
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6f1ee3dd7c1a01e3-ZRH
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDKG_i1zgjYsNkKsYZM36cg&google_cver=1&google_push=AYg5qPJy7gfVSoA1AQd0v8GVNPJDXmFlAGHedbxb62gvfuGdFWzNKa7KPCEBIvxgLOQdh5EJsTwMLQnqae3y_IAwpg4h0n8X0XA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJy7gfVSoA1AQd0v8GVNPJDXmFlAGHedbxb62gvfuGdFWzNKa7KPCEBIvxgLOQdh5EJsTwMLQnqae3y_IAwpg4h0n8X0XA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0CED
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFviEHuyQHTu0hF_cw8wCMw&google_push=AYg5qPLDpD8-m61P_1GbeoLZeGcWyDasBk1tRJtJrQYpJesnIXOY01TZ7b...

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFviEHuyQHTu0hF_cw8wCMw&google_push=AYg5qPLDpD8-m61P_1GbeoLZeGcWyDasBk1tRJtJrQYpJesnIXOY01TZ7b4Aa5_zSs-0WhoIifHHmJ8sgUMoqUWTnB-asI_F6Q

Requested by

Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1648287262.261466,VS0,VE80
x-served-by: cache-lcy19236-LCY
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFviEHuyQHTu0hF_cw8wCMw&google_push=AYg5qPLDpD8-m61P_1GbeoLZeGcWyDasBk1tRJtJrQYpJesnIXOY01TZ7b4Aa5_zSs-0WhoIifHHmJ8sgUMoqUWTnB-asI_F6Q
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0CED
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEHu_ePDP5jwywM75MwvDIls&google_cver=1&google_push=AYg5qPKDuDLdpRvtaQze6lqvjvoXYxSAY458WsvQLl-3NEEIxcqOlBJFaAxxu3_MqyJMJh88KdrJ4NsQgwwpx2...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA3OTMzOTg4NDcxMDA2NjMxNg%3D%3D&google_push=AYg5qPKDuDLdpRvtaQze6lqvjvoXYxSAY458WsvQLl-3NEEIxcqOlBJFaAxxu3_MqyJMJh88KdrJ4NsQgwwpx2-BHW...

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA3OTMzOTg4NDcxMDA2NjMxNg%3D%3D&google_push=AYg5qPKDuDLdpRvtaQze6lqvjvoXYxSAY458WsvQLl-3NEEIxcqOlBJFaAxxu3_MqyJMJh88KdrJ4NsQgwwpx2-BHWfkcJUEztk

Requested by

Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA3OTMzOTg4NDcxMDA2NjMxNg%3D%3D&google_push=AYg5qPKDuDLdpRvtaQze6lqvjvoXYxSAY458WsvQLl-3NEEIxcqOlBJFaAxxu3_MqyJMJh88KdrJ4NsQgwwpx2-BHWfkcJUEztk
Date: Sat, 26 Mar 2022 09:34:22 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0CED
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEN1l5UFGNLTJtGdQqTylFcY&google_cver=1&google_push=AYg5qPIyzuqtORpIk1e3L3Zv7PnvXXCPKF647MobU7mwlQj2Y1HJeOerQILhwOr-jIkfE0JD8KzA9FQ71VoqDhq-...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=sC9ZBAbkTJefNbMV6ldZ2g2&google_push=AYg5qPIyzuqtORpIk1e3L3Zv7PnvXXCPKF647MobU7mwlQj2Y1HJeOerQILhwOr-jIkfE0JD8KzA9FQ71VoqDhq-7_bsWgh3i14

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=sC9ZBAbkTJefNbMV6ldZ2g2&google_push=AYg5qPIyzuqtORpIk1e3L3Zv7PnvXXCPKF647MobU7mwlQj2Y1HJeOerQILhwOr-jIkfE0JD8KzA9FQ71VoqDhq-7_bsWgh3i14

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 26 Mar 2022 09:34:26 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=sC9ZBAbkTJefNbMV6ldZ2g2&google_push=AYg5qPIyzuqtORpIk1e3L3Zv7PnvXXCPKF647MobU7mwlQj2Y1HJeOerQILhwOr-jIkfE0JD8KzA9FQ71VoqDhq-7_bsWgh3i14
x-host: tde-deliveryengine-production-6fbb5b866d-kxh6l
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0CED
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEOuM_SvHHy4stlDA0we43Xs&google_cver=1&google_push=AYg5qPI9eB4LRsfmPl2UccDyvXkQ7Z9IwHvh9UQohgBUfcF_fxcHXMvPPpve1i58O-EyB2d7dYSqB7ktaKgT-5l8...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPI9eB4LRsfmPl2UccDyvXkQ7Z9IwHvh9UQohgBUfcF_fxcHXMvPPpve1i58O-EyB2d7dYSqB7ktaKgT-5l8E9XgkieLgw

170 B
188 B

52ms
52ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPI9eB4LRsfmPl2UccDyvXkQ7Z9IwHvh9UQohgBUfcF_fxcHXMvPPpve1i58O-EyB2d7dYSqB7ktaKgT-5l8E9XgkieLgw

Requested by

Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 26 Mar 2022 09:34:22 GMT
via: 1.1 1d87c34bb2f20fda8e0841bc33179768.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA50-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPI9eB4LRsfmPl2UccDyvXkQ7Z9IwHvh9UQohgBUfcF_fxcHXMvPPpve1i58O-EyB2d7dYSqB7ktaKgT-5l8E9XgkieLgw
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: WfpLSlPQllFcqx86ruVGupAKWT6f9JhzM1EQQGu4tKWSt0FEBm-N3A==

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0CED 0
12 B 50ms
49ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kjt5yK4Dxf9iEY_m5A4LV8Ys_6BkLIFWo64AQ93MTWjijCWri9T45yLigXeowjQTfLN-_G

Requested by

Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 09:34:22 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 img1.jpg
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 26 KB
26 KB 223ms
221ms Image
image/jpeg 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/img1.jpg
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: eb7bbf9535f4dec57b7e25576f8c4fb7d7dda4e7873d524d3393780e27bcf955

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: C3stzmTcAjEaEoob7NMquKxvjsCOE68d
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: X7RVF3MS7MEX6Z5A
etag: "21eb9e07bcae06ab246a7ea7fdf282a4"
content-type: image/jpeg
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 26410
x-amz-id-2: IwIzdxG+oLUr9RFw+Ulx4D8ioTvrGFb5nvYjJMm6jb1B7NnI59A/ZfZL2/JcfYYy690Bnzo9V+Q=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 img2.jpg
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 32 KB
33 KB 429ms
427ms Image
image/jpeg 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/img2.jpg
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: a979b250cea5717bffb64fc5145e95cd496f3919cd92e6907e4002e0b279c876

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: DiqROGhgEomIbf1W3IBqYz00mdHy5fX6
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: YNH4K80REP01AA4Q
etag: "08d9bd7589944b0ca931cd87a151fb34"
content-type: image/jpeg
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 33193
x-amz-id-2: ifHLeYwQm+Sm9dFJw337PZqs7m+YwnMwxkBbSCUu4PJwDt3gFmWwtDOi5FFPAYll8b230aSziyU=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 img3.jpg
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 20 KB
20 KB 429ms
427ms Image
image/jpeg 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/img3.jpg
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: 74278d9946c5a3b09e792ad23ff212a21d548cfbdbfb95a0b4eeb4bd4846247a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: chmahFByG6mIrzm8oVc_d46IdKyx97x9
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: X7RQ70RJF2TMSZX1
etag: "1be21d26bab7168173f54abdd195feac"
content-type: image/jpeg
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 20330
x-amz-id-2: U+fkGoNk7T7K6J3JvQrnx45fQ8OwfzeLfcTt+vydT+70uvAYW0DybodCEBZ5kTTZ1UyLooZlDC8=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 logo.png
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 716 B
1 KB 137ms
136ms Image
image/png 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/logo.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: aa94af8046ee89af6b8d09536809d3edd1ad71cdcbfe757b04d2ac2f42088cc7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: rMjeH5abhSFYg.h2tdisrnGM787pmSwb
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: X7RKPBJ562JC5DDJ
etag: "aaeac6c7deea2298b4be0160e01d862f"
content-type: image/png
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 716
x-amz-id-2: fDjS9jJZyVhuy9c8pjW5uKL3FDX5avRLHy7MhO57tlosHX5qfDahjhmaBO+3XMhkir+EEa7QPYE=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 text1.png
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 3 KB
3 KB 301ms
299ms Image
image/png 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/text1.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: d6c70b1600c5977db96a8e0669d2943a1e1d9afe12ebcb33754c7d68797e64f7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: p.Aum8XzEcv6DfmL6uQdBAgxnZA3iZeb
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: X7RR864TSFW7AK89
etag: "61dea230bb2091b70eb0d4801e9a40d5"
content-type: image/png
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 2690
x-amz-id-2: GVf2PzyfWYHOwo4oviTFZiJf9SxgHqhDa3FlAqNuBEEIx1nWCEowf9EQ+TbvhRolyAApmAPqphs=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 text2.png
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 2 KB
2 KB 299ms
298ms Image
image/png 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/text2.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: a634aa8ab6dec6522f2cf6ffb1ca9c699357492787e9d2b810ce493989adb577

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: xT.1kiWrU9sOmIKmDOefWGffD2RjENnV
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: X7RYMYNTZTHW177C
etag: "e9a6c1fee25703c8e00c5c97417b4d7f"
content-type: image/png
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 2189
x-amz-id-2: cciPu5LfXS5BSzcO6a0W1vinS+mP3nlu5+F4K34lymNcR7Iw3S0WHscfELQrQFR0/vgbO6dKPa0=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 text3.png
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 2 KB
3 KB 427ms
426ms Image
image/png 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/text3.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: 13de6c4abb5acd8cc18660ae89aa19aa59cc651ade2329ce70aa77c0e3529373

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: Jy.wLnJyN_0vOCMalKbSmxNTmVHt6kn5
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: X7RTV5J6JF7RQ16T
etag: "827ad5250fe4790a5bab8fc8f4d90a06"
content-type: image/png
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 2417
x-amz-id-2: tG63BaVP63nPWOr2VTHqOCB8fh01hip+zCvqHZibBd4q1uzD4o9CizgT+GYh6djb18EsXuycWjk=
expires: Mon, 31 Dec 2035 00:00:00 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 121ms
42ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1413
date: Sat, 26 Mar 2022 09:34:21 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H/1.1 200
OK consumer-privacy-logo.png
secure.flashtalking.com/oba/icon/ Frame 7704 6 KB
6 KB 182ms
45ms Image
image/png 2.21.140.103
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
Requested by: Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.140.103 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-140-103.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: 49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 09:34:22 GMT
Last-Modified: Thu, 11 Feb 2021 15:39:51 GMT
Server: Flashtalking (AKA)
ETag: W/"d675694ab4d4d2eb56cca854c25d9c36"
X-Varnish: 124288944
Cache-Control: max-age=469
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 5953
Expires: Sat, 26 Mar 2022 09:42:11 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7704 43 B
260 B 64ms
56ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=ALLRESPONSEMEDIA_GLOBAL_FT_DISPLAY1&dMoatBDS=0&hp=1&ra=1&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fbuhgalter.com.ua&lp=https%3A%2F%2Fbuhgalter.com.ua&t=1648287262398&de=335398544653&m=0&ar=9f397fe3151-clean&iw=5b1803a&q=2&cb=0&ym=0&cu=1648287262398&ll=2&lm=2&ln=1&em=0&en=0&d=18966%3A170420%3A6331247%3A3451578&zGSRC=1&gu=https%3A%2F%2Fbuhgalter.com.ua%2F&id=0&ii=9&bo=18330&bd=buhgalter.com.ua&zMoatOrigSlicer1=18330&zMoatOrigSlicer2=N%2FA&gw=allresponsemediaglobalftdisplay739160694092&fd=1&ac=1&it=500&ti=0&ih=1&pe=0%3A389%3A389%3A0%3A987&fs=197724&na=297757772&cs=0
Requested by: Host: 19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
URL: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 26 Mar 2022 09:34:22 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 113ms
112ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=97b7b737-1961-ea60-98b1-e8e03ac7d02a&tv=%7Bc:7XuKyZ,pingTime:1,time:1457,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:250,h:250,t:282%7D,%7Bpiv:0,vs:o,r:l,t:371%7D,%7Bpiv:100,vs:i,r:,t:426%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1031,o:426,n:371,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:282,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B103~1,0~0%5D,as:%5B103~250.250%5D%7D%7D,%7Bsl:o,t:371,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B55~0%5D,as:%5B55~250.250%5D%7D%7D,%7Bsl:i,t:426,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1031~100%5D,as:%5B1031~250.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:121,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C171%7C172%7C1731%7C1811%7C1812%7C18131%7C1814%7C19*.10933%7C191%7C1921%7C193%7C194%7C1a.958741-61007899%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3%7C1b4%7C1c,idMap:19*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 113ms
112ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=97b7b737-1961-ea60-98b1-e8e03ac7d02a&tv=%7Bc:7XuKyZ,pingTime:1,time:1457,type:c,clog:%5B%7Bpiv:-1,vs:n,r:,w:250,h:250,t:282%7D,%7Bpiv:0,vs:o,r:l,t:371%7D,%7Bpiv:100,vs:i,r:,t:426%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1031,o:426,n:371,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:282,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B103~1,0~0%5D,as:%5B103~250.250%5D%7D%7D,%7Bsl:o,t:371,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B55~0%5D,as:%5B55~250.250%5D%7D%7D,%7Bsl:i,t:426,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1031~100%5D,as:%5B1031~250.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:121,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C171%7C172%7C1731%7C1811%7C1812%7C18131%7C1814%7C19*.10933%7C191%7C1921%7C193%7C194%7C1a.958741-61007899%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3%7C1b4%7C1c,idMap:19*,rmeas:1,rend:1,renddet:DIV.qs.sn,metricId:publ1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 114ms
114ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=97b7b737-1961-ea60-98b1-e8e03ac7d02a&tv=%7Bc:7XuKyZ,pingTime:1,time:1457,type:c,clog:%5B%7Bpiv:-1,vs:n,r:,w:250,h:250,t:282%7D,%7Bpiv:0,vs:o,r:l,t:371%7D,%7Bpiv:100,vs:i,r:,t:426%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1031,o:426,n:371,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:282,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B103~1,0~0%5D,as:%5B103~250.250%5D%7D%7D,%7Bsl:o,t:371,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B55~0%5D,as:%5B55~250.250%5D%7D%7D,%7Bsl:i,t:426,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1031~100%5D,as:%5B1031~250.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:121,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C171%7C172%7C1731%7C1811%7C1812%7C18131%7C1814%7C19*.10933%7C191%7C1921%7C193%7C194%7C1a.958741-61007899%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3%7C1b4%7C1c,idMap:19*,rmeas:1,rend:1,renddet:DIV.qs.sn,metricId:grpm1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200
OK createjs-2015.11.26.min.js Show response
cdn.flashtalking.com/frameworks/js/createjs/ Frame 5A29 186 KB
49 KB 67ms
66ms Script
text/javascript 2.21.140.103
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/frameworks/js/createjs/createjs-2015.11.26.min.js
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/142462/3451578/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.140.103 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-140-103.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: 575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://cdn.flashtalking.com/142462/3451578/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 09:34:22 GMT
Content-Encoding: gzip
Last-Modified: Fri, 26 Feb 2016 19:43:04 GMT
Server: Flashtalking (AKA)
ETag: W/"54e1c3722102182bb133912ad4442e19"
Vary: Accept-Encoding
X-Varnish: 399127846 393952857
Cache-Control: max-age=21154
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes
Content-Type: text/javascript
Expires: Sat, 26 Mar 2022 15:26:56 GMT

GET
H/1.1 200
OK index.js Show response
cdn.flashtalking.com/142462/3451578/ Frame 5A29 41 KB
11 KB 190ms
101ms Script
application/x-javascript 2.21.140.103
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/142462/3451578/index.js
Requested by: Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/142462/3451578/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.140.103 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-140-103.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: 356391da29e1b000abb2ea0f15899858224f2e00af15b33b1d48bf019963b446

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://cdn.flashtalking.com/142462/3451578/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 09:34:22 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 10286
Last-Modified: Thu, 13 May 2021 15:41:37 GMT
Server: Flashtalking (AKA)
ETag: W/"15363a037c41e70e190a968435945bf6"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
X-Varnish: 94200948
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control: max-age=1200
Accept-Ranges: bytes
Content-Type: application/x-javascript
Expires: Sat, 26 Mar 2022 09:54:22 GMT

GET
H/1.1 200
OK assets_728x90_1.png
cdn.flashtalking.com/142462/3451578/images/ Frame 5A29 85 KB
85 KB 99ms
98ms Image
image/png 2.21.140.103
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.flashtalking.com/142462/3451578/images/assets_728x90_1.png?1618592593801
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.140.103 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-140-103.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: 0ea156b1781ac04198c56459d448345aa7bdd682270a23094acb6292da879cd1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://cdn.flashtalking.com/142462/3451578/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 09:34:22 GMT
Last-Modified: Thu, 13 May 2021 15:41:37 GMT
Server: Flashtalking (AKA)
ETag: W/"d003ae868b3a2001caed8e234cfb7bff"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
X-Varnish: 94347870
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control: max-age=1200
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 86957
Expires: Sat, 26 Mar 2022 09:54:22 GMT

GET
H2 200 conf.js Show response
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/ Frame 25C5 2 KB
946 B 141ms
141ms Script
application/x-javascript 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/conf.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/setup.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: 43a40461980cf982a9de0bcaba74e8c0eb3053892536eff1067ea4b417693184

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: E6CLwTDGhWanya3CyhZ7I_h0m3_HbfN_
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: YNHEMGXXDF3A9J6F
etag: "8422d5b1a5bbfa94c9b3e7a82be3f2f9"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 572
x-amz-id-2: nTn1o+CPQMZiSrnJsTCBT18dDF03WYmlqg+ACieUd9jWOrQdOJFFfuHojVrV7vzJAIE+cdFkJXQ=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 115ms
115ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=97b7b737-1961-ea60-98b1-e8e03ac7d02a&tv=%7Bc:7XuKDL,pingTime:-10,time:1753,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85OS4wLjQ4NDQuNTEgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1648287261211%7C%7C6fd1e4a7e8d1a55b25b6f6257ccb5bdf%7C%7C6b9a00393fb1607b0ada13520f814ab5%7C%7Cd0c42013fa70cde2225bbec9b6d199fc%7C%7Cffcb0b13ef56cd0d3a5f18e6d7ebd82a%7C%7C5669d3f3fcf1d08c5608cf61a5bcf0f9%7C%7C376c533b563d92c44da1ab9bdcfef8a6%7C%7C1eb1788b0f2b68d00cac83c7d2499b9a%7C%7C1629390669,sca:%7Bspg:6cc4dcd4-fb3c-9059-c9da-214cb7ba7c94%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 img1.jpg
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 26 KB
26 KB 55ms
54ms Image
image/jpeg 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/img1.jpg
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/bgPreload.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: eb7bbf9535f4dec57b7e25576f8c4fb7d7dda4e7873d524d3393780e27bcf955

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: C3stzmTcAjEaEoob7NMquKxvjsCOE68d
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: X7RVF3MS7MEX6Z5A
etag: "21eb9e07bcae06ab246a7ea7fdf282a4"
content-type: image/jpeg
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 26410
x-amz-id-2: IwIzdxG+oLUr9RFw+Ulx4D8ioTvrGFb5nvYjJMm6jb1B7NnI59A/ZfZL2/JcfYYy690Bnzo9V+Q=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 img2.jpg
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 32 KB
33 KB 63ms
62ms Image
image/jpeg 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/img2.jpg
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/bgPreload.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: a979b250cea5717bffb64fc5145e95cd496f3919cd92e6907e4002e0b279c876

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: DiqROGhgEomIbf1W3IBqYz00mdHy5fX6
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: YNH4K80REP01AA4Q
etag: "08d9bd7589944b0ca931cd87a151fb34"
content-type: image/jpeg
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 33193
x-amz-id-2: ifHLeYwQm+Sm9dFJw337PZqs7m+YwnMwxkBbSCUu4PJwDt3gFmWwtDOi5FFPAYll8b230aSziyU=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 img3.jpg
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 20 KB
20 KB 72ms
71ms Image
image/jpeg 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/img3.jpg
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/bgPreload.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: 74278d9946c5a3b09e792ad23ff212a21d548cfbdbfb95a0b4eeb4bd4846247a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: chmahFByG6mIrzm8oVc_d46IdKyx97x9
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: X7RQ70RJF2TMSZX1
etag: "1be21d26bab7168173f54abdd195feac"
content-type: image/jpeg
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 20330
x-amz-id-2: U+fkGoNk7T7K6J3JvQrnx45fQ8OwfzeLfcTt+vydT+70uvAYW0DybodCEBZ5kTTZ1UyLooZlDC8=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 logo.png
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 716 B
1 KB 74ms
73ms Image
image/png 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/logo.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/bgPreload.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: aa94af8046ee89af6b8d09536809d3edd1ad71cdcbfe757b04d2ac2f42088cc7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: rMjeH5abhSFYg.h2tdisrnGM787pmSwb
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: X7RKPBJ562JC5DDJ
etag: "aaeac6c7deea2298b4be0160e01d862f"
content-type: image/png
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 716
x-amz-id-2: fDjS9jJZyVhuy9c8pjW5uKL3FDX5avRLHy7MhO57tlosHX5qfDahjhmaBO+3XMhkir+EEa7QPYE=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 text1.png
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 3 KB
3 KB 74ms
74ms Image
image/png 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/text1.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/bgPreload.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: d6c70b1600c5977db96a8e0669d2943a1e1d9afe12ebcb33754c7d68797e64f7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: p.Aum8XzEcv6DfmL6uQdBAgxnZA3iZeb
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: X7RR864TSFW7AK89
etag: "61dea230bb2091b70eb0d4801e9a40d5"
content-type: image/png
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 2690
x-amz-id-2: GVf2PzyfWYHOwo4oviTFZiJf9SxgHqhDa3FlAqNuBEEIx1nWCEowf9EQ+TbvhRolyAApmAPqphs=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 text2.png
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 2 KB
2 KB 75ms
74ms Image
image/png 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/text2.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/bgPreload.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: a634aa8ab6dec6522f2cf6ffb1ca9c699357492787e9d2b810ce493989adb577

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: xT.1kiWrU9sOmIKmDOefWGffD2RjENnV
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: X7RYMYNTZTHW177C
etag: "e9a6c1fee25703c8e00c5c97417b4d7f"
content-type: image/png
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 2189
x-amz-id-2: cciPu5LfXS5BSzcO6a0W1vinS+mP3nlu5+F4K34lymNcR7Iw3S0WHscfELQrQFR0/vgbO6dKPa0=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 text3.png
secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/ Frame 25C5 2 KB
3 KB 75ms
75ms Image
image/png 92.123.225.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/images/text3.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/104597/20220216/1076413572/68846341505157542/bgPreload.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-41.deploy.static.akamaitechnologies.com
Software: ATS/7.1.0 /
Resource Hash: 13de6c4abb5acd8cc18660ae89aa19aa59cc651ade2329ce70aa77c0e3529373

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://secure-ds.serving-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: Jy.wLnJyN_0vOCMalKbSmxNTmVHt6kn5
last-modified: Wed, 16 Feb 2022 10:23:30 GMT
server: ATS/7.1.0
x-amz-request-id: X7RTV5J6JF7RQ16T
etag: "827ad5250fe4790a5bab8fc8f4d90a06"
content-type: image/png
access-control-allow-origin: *
date: Sat, 26 Mar 2022 09:34:22 GMT
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 2417
x-amz-id-2: tG63BaVP63nPWOr2VTHqOCB8fh01hip+zCvqHZibBd4q1uzD4o9CizgT+GYh6djb18EsXuycWjk=
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H/1.1 200
OK bg_728x90_1.jpg
cdn.flashtalking.com/142462/3451578/images/ Frame 5A29 25 KB
26 KB 100ms
100ms Image
image/jpeg 2.21.140.103
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.flashtalking.com/142462/3451578/images/bg_728x90_1.jpg?1618592593801
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.140.103 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-140-103.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: eefe35026ee357b88523191da9cf1e9f889533bf16a6dbb748ba5e50ad0d9948

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://cdn.flashtalking.com/142462/3451578/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 09:34:22 GMT
Last-Modified: Thu, 13 May 2021 15:41:37 GMT
Server: Flashtalking (AKA)
ETag: W/"8f7285177d5fff4ddf9f5e4aa625c15c"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
X-Varnish: 11595010
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control: max-age=1200
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 26036
Expires: Sat, 26 Mar 2022 09:54:22 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7704 43 B
260 B 43ms
43ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&dMoatBDS=0&hp=1&ra=1&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=https%3A%2F%2Fcdn.flashtalking.com%2F142462%2F3451578%2Findex.html&i=ALLRESPONSEMEDIA_GLOBAL_FT_DISPLAY1&ol=1244268&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24%7CQJ%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-Lr8ar1teFl9Se52VHlqRTWME4Q6dwotBXKPgx%2FCwrOl2tvmQftrLjI5jaRxplbfkuwe%2B&rs=1-ynhf80RvHCbFpA%3D%3D&sc=1&os=1-gw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=0&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRC=1&gu=https%3A%2F%2Fbuhgalter.com.ua%2F&id=0&ii=9&f=1&j=https%3A%2F%2Fbuhgalter.com.ua&lp=https%3A%2F%2Fbuhgalter.com.ua&t=1648287262398&de=335398544653&cu=1648287262398&m=575&ar=9f397fe3151-clean&iw=5b1803a&cb=0&ym=0&ll=2&lm=2&ln=1&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=90&le=1&gm=1&io=1&vv=3&vw=0%3A3%3A0&vp=-&vx=-%3A-%3A-&pe=0%3A389%3A389%3A1532%3A987&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&ic=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=157&cd=0&ah=157&am=0&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=18966%3A170420%3A6331247%3A3451578&bo=18330&bd=buhgalter.com.ua&gw=allresponsemediaglobalftdisplay739160694092&zMoatOrigSlicer1=18330&zMoatOrigSlicer2=N%2FA&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=197724&na=289224089&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:22 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 26 Mar 2022 09:34:22 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7704 43 B
260 B 43ms
43ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&dMoatBDS=0&hp=1&ra=1&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=ALLRESPONSEMEDIA_GLOBAL_FT_DISPLAY1&ol=1244268&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24%7CQJ%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-Lr8ar1teFl9Se52VHlqRTWME4Q6dwotBXKPgx%2FCwrOl2tvmQftrLjI5jaRxplbfkuwe%2B&rs=1-ynhf80RvHCbFpA%3D%3D&sc=1&os=1-gw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=1&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRC=1&gu=https%3A%2F%2Fbuhgalter.com.ua%2F&id=0&ii=9&f=1&j=https%3A%2F%2Fbuhgalter.com.ua&lp=https%3A%2F%2Fbuhgalter.com.ua&t=1648287262398&de=335398544653&cu=1648287262398&m=614&ar=9f397fe3151-clean&iw=5b1803a&cb=0&ym=0&ll=2&lm=2&ln=1&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=90&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A389%3A389%3A1532%3A987&aa=0&ad=25&cn=0&gk=25&gl=0&ik=25&ic=25&ez=1&cq=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=157&cd=157&ah=157&am=157&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=18966%3A170420%3A6331247%3A3451578&bo=18330&bd=buhgalter.com.ua&gw=allresponsemediaglobalftdisplay739160694092&zMoatOrigSlicer1=18330&zMoatOrigSlicer2=N%2FA&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=197724&na=1593543292&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:23 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 26 Mar 2022 09:34:23 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7704 42 B
64 B 79ms
76ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvGpT3wOHu4oVS8Ks2EEdPeCf3mQwHpOkJuRRK6zPyvhnIe-JEdcUXrSeHWAuaXupxuAIQt56vJUnQqLWltQbNsllI0SShtcrkQ1zRD&sai=AMfl-YR_vKOUpI9FSAUtS0vy187l0LBOx13uZPn-6AnsiaJUmNBBOdKfME0iZ50PDG1vytvHGjnQm6LWVQBOK8dt153H1wgJQJeJ-ox1uKg5DnioXh2LzZ0w0SD7rbY&sig=Cg0ArKJSzF4vaBVRcbbrEAE&cid=CAASJORo7NLDL7qwtTqe0aDTTwRofOZLknsr6eOINTtZizK1STOjYg&id=lidar2&mcvt=1000&p=1110,436,1200,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220323&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2091550451&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1648287261148&rpt=982&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 115ms
114ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=958741&asId=6cc4dcd4-fb3c-9059-c9da-214cb7ba7c94&tv=%7Bc:7XuKKI,pingTime:1,time:2826,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:250,h:250,t:19%7D,%7Bpiv:100,vs:i,r:,t:1819%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1007,o:1819,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1814~0,0~100%5D,as:%5B1814~250.250%5D%7D%7D,%7Bsl:i,t:1819,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1007~100%5D,as:%5B1007~250.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:120,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C182%7C183%7C19.10933%7C1911%7C1912%7C1913%7C1914%7C1a*.958741-61007899%7C1a1%7C1a2%7C1b1%7C1b2%7C1b3%7C1c,idMap:1a*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:23 GMT
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 115ms
115ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=958741&asId=6cc4dcd4-fb3c-9059-c9da-214cb7ba7c94&tv=%7Bc:7XuKKI,pingTime:1,time:2826,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:250,h:250,t:19%7D,%7Bpiv:100,vs:i,r:,t:1819%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1007,o:1819,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1814~0,0~100%5D,as:%5B1814~250.250%5D%7D%7D,%7Bsl:i,t:1819,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1007~100%5D,as:%5B1007~250.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:120,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C182%7C183%7C19.10933%7C1911%7C1912%7C1913%7C1914%7C1a*.958741-61007899%7C1a1%7C1a2%7C1b1%7C1b2%7C1b3%7C1c,idMap:1a*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:23 GMT
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7704 43 B
260 B 54ms
53ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&dMoatBDS=0&hp=1&ra=1&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=ALLRESPONSEMEDIA_GLOBAL_FT_DISPLAY1&ol=1244268&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24%7CQJ%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-Lr8ar1teFl9Se52VHlqRTWME4Q6dwotBXKPgx%2FCwrOl2tvmQftrLjI5jaRxplbfkuwe%2B&rs=1-ynhf80RvHCbFpA%3D%3D&sc=1&os=1-gw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRC=1&gu=https%3A%2F%2Fbuhgalter.com.ua%2F&id=0&ii=9&f=1&j=https%3A%2F%2Fbuhgalter.com.ua&lp=https%3A%2F%2Fbuhgalter.com.ua&t=1648287262398&de=335398544653&cu=1648287262398&m=1620&ar=9f397fe3151-clean&iw=5b1803a&cb=0&ym=0&ll=2&lm=2&ln=1&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=90&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A389%3A389%3A1532%3A987&aa=1&ad=1031&cn=25&gn=1&gk=1031&gl=25&ik=1031&ic=1031&ez=1&co=1031&cp=1010&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1010&cd=157&ah=1010&am=157&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=18966%3A170420%3A6331247%3A3451578&bo=18330&bd=buhgalter.com.ua&gw=allresponsemediaglobalftdisplay739160694092&zMoatOrigSlicer1=18330&zMoatOrigSlicer2=N%2FA&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=197724&na=1653034604&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:24 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 26 Mar 2022 09:34:24 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7704 43 B
260 B 44ms
42ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&dMoatBDS=0&hp=1&ra=1&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=ALLRESPONSEMEDIA_GLOBAL_FT_DISPLAY1&ol=1244268&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24%7CQJ%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-Lr8ar1teFl9Se52VHlqRTWME4Q6dwotBXKPgx%2FCwrOl2tvmQftrLjI5jaRxplbfkuwe%2B&rs=1-ynhf80RvHCbFpA%3D%3D&sc=1&os=1-gw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRC=1&gu=https%3A%2F%2Fbuhgalter.com.ua%2F&id=0&ii=9&f=1&j=https%3A%2F%2Fbuhgalter.com.ua&lp=https%3A%2F%2Fbuhgalter.com.ua&t=1648287262398&de=335398544653&cu=1648287262398&m=1621&ar=9f397fe3151-clean&iw=5b1803a&cb=0&ym=0&ll=2&lm=2&ln=1&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=90&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A389%3A389%3A1532%3A987&aa=1&ad=1031&cn=1031&gn=1&gk=1031&gl=1031&ik=1031&ic=1031&ez=1&co=1031&cp=1010&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1010&cd=1010&ah=1010&am=1010&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=18966%3A170420%3A6331247%3A3451578&bo=18330&bd=buhgalter.com.ua&gw=allresponsemediaglobalftdisplay739160694092&zMoatOrigSlicer1=18330&zMoatOrigSlicer2=N%2FA&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=197724&na=2001449160&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:24 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 26 Mar 2022 09:34:24 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7704 43 B
260 B 45ms
43ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=2&dMoatBDS=0&hp=1&ra=1&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=ALLRESPONSEMEDIA_GLOBAL_FT_DISPLAY1&ol=1244268&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24%7CQJ%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-Lr8ar1teFl9Se52VHlqRTWME4Q6dwotBXKPgx%2FCwrOl2tvmQftrLjI5jaRxplbfkuwe%2B&rs=1-ynhf80RvHCbFpA%3D%3D&sc=1&os=1-gw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRC=1&gu=https%3A%2F%2Fbuhgalter.com.ua%2F&id=0&ii=9&f=1&j=https%3A%2F%2Fbuhgalter.com.ua&lp=https%3A%2F%2Fbuhgalter.com.ua&t=1648287262398&de=335398544653&cu=1648287262398&m=1622&ar=9f397fe3151-clean&iw=5b1803a&cb=0&ym=0&ll=2&lm=2&ln=1&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=90&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A389%3A389%3A1532%3A987&aa=1&ad=1031&cn=1031&gn=1&gk=1031&gl=1031&ik=1031&ic=1031&ez=1&co=1031&cp=1010&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1010&cd=1010&ah=1010&am=1010&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=18966%3A170420%3A6331247%3A3451578&bo=18330&bd=buhgalter.com.ua&gw=allresponsemediaglobalftdisplay739160694092&zMoatOrigSlicer1=18330&zMoatOrigSlicer2=N%2FA&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=197724&na=1518368939&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:24 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 26 Mar 2022 09:34:24 GMT

POST
H/1.1 200
OK int Show response
lm.serving-sys.com/lm/ Frame A1F2 0
230 B 126ms
42ms XHR
text/plain 3.121.17.249
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/int
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_218_3_0/ebHtml5PoliteBanner.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.121.17.249 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-17-249.eu-central-1.compute.amazonaws.com
Software: LogModule 0.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
Access-Control-Allow-Credentials: true
Server: LogModule 0.4
Content-Length: 0
Content-Type: text/plain

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 113ms
112ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=97b7b737-1961-ea60-98b1-e8e03ac7d02a&tv=%7Bc:7XuLB2,pingTime:5,time:5428,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:250,h:250,t:282%7D,%7Bpiv:0,vs:o,r:l,t:371%7D,%7Bpiv:100,vs:i,r:,t:426%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:5002,o:426,n:371,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:282,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B103~1,0~0%5D,as:%5B103~250.250%5D%7D%7D,%7Bsl:o,t:371,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B55~0%5D,as:%5B55~250.250%5D%7D%7D,%7Bsl:i,t:426,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5002~100%5D,as:%5B5002~250.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:121,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C171%7C172%7C1731%7C1811%7C1812%7C18131%7C1814%7C19*.10933%7C191%7C1921%7C193%7C194%7C1a.958741-61007899%7C1a1%7C1a2%7C1a3%7C1b1%7C1b2%7C1b3%7C1b4%7C1c,idMap:19*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:26 GMT
x-server-name: dt03.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 115ms
114ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=958741&asId=6cc4dcd4-fb3c-9059-c9da-214cb7ba7c94&tv=%7Bc:7XuLNb,pingTime:5,time:6823,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:250,h:250,t:19%7D,%7Bpiv:100,vs:i,r:,t:1819%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:5004,o:1819,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1814~0,0~100%5D,as:%5B1814~250.250%5D%7D%7D,%7Bsl:i,t:1819,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5004~100%5D,as:%5B5004~250.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:121,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C182%7C183%7C19.10933%7C1911%7C1912%7C1913%7C1914%7C1a*.958741-61007899%7C1a1%7C1a2%7C1b1%7C1b2%7C1b3%7C1c,idMap:1a*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:27 GMT
x-server-name: dt09.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A1F2 43 B
215 B 115ms
113ms Image
image/gif 3.234.129.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=958741&asId=6cc4dcd4-fb3c-9059-c9da-214cb7ba7c94&tv=%7Bc:7XuLNb,pingTime:5,time:6823,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:250,h:250,t:19%7D,%7Bpiv:100,vs:i,r:,t:1819%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:5004,o:1819,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1814~0,0~100%5D,as:%5B1814~250.250%5D%7D%7D,%7Bsl:i,t:1819,wc:0.0.1600.1200,ac:NaN.NaN.250.250,am:i,cc:NaN.NaN.250.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5005~100%5D,as:%5B5005~250.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:121,fm:t1b7mNg+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C182%7C183%7C19.10933%7C1911%7C1912%7C1913%7C1914%7C1a*.958741-61007899%7C1a1%7C1a2%7C1b1%7C1b2%7C1b3%7C1c,idMap:1a*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.129.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-129-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:27 GMT
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7704 43 B
260 B 43ms
43ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&dMoatBDS=0&hp=1&ra=1&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=ALLRESPONSEMEDIA_GLOBAL_FT_DISPLAY1&ol=1244268&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24%7CQJ%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-Lr8ar1teFl9Se52VHlqRTWME4Q6dwotBXKPgx%2FCwrOl2tvmQftrLjI5jaRxplbfkuwe%2B&rs=1-ynhf80RvHCbFpA%3D%3D&sc=1&os=1-gw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=5&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRC=1&gu=https%3A%2F%2Fbuhgalter.com.ua%2F&id=0&ii=9&f=1&j=https%3A%2F%2Fbuhgalter.com.ua&lp=https%3A%2F%2Fbuhgalter.com.ua&t=1648287262398&de=335398544653&cu=1648287262398&m=5643&ar=9f397fe3151-clean&iw=5b1803a&cb=0&ym=0&ll=2&lm=2&ln=1&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=90&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A389%3A389%3A1532%3A987&aa=1&ad=5054&cn=1031&gn=1&gk=5054&gl=1031&ik=5054&ic=5054&ez=1&co=1031&cp=1010&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5030&cd=1010&ah=5030&am=1010&xd=00&rf=0&re=1&wb=2&cl=0&at=0&d=18966%3A170420%3A6331247%3A3451578&bo=18330&bd=buhgalter.com.ua&gw=allresponsemediaglobalftdisplay739160694092&zMoatOrigSlicer1=18330&zMoatOrigSlicer2=N%2FA&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=197724&na=590223345&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:28 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 26 Mar 2022 09:34:28 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7704 43 B
260 B 48ms
47ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=1&dMoatBDS=0&hp=1&ra=1&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=ALLRESPONSEMEDIA_GLOBAL_FT_DISPLAY1&ol=1244268&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24%7CQJ%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-Lr8ar1teFl9Se52VHlqRTWME4Q6dwotBXKPgx%2FCwrOl2tvmQftrLjI5jaRxplbfkuwe%2B&rs=1-ynhf80RvHCbFpA%3D%3D&sc=1&os=1-gw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=6&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRC=1&gu=https%3A%2F%2Fbuhgalter.com.ua%2F&id=0&ii=9&f=1&j=https%3A%2F%2Fbuhgalter.com.ua&lp=https%3A%2F%2Fbuhgalter.com.ua&t=1648287262398&de=335398544653&cu=1648287262398&m=5845&ar=9f397fe3151-clean&iw=5b1803a&cb=0&ym=0&ll=2&lm=2&ln=1&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=90&le=1&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A389%3A389%3A1532%3A987&aa=1&ad=5256&cn=5054&gn=1&gk=5256&gl=5054&ik=5256&ic=5256&ez=1&co=1031&cp=1010&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5235&cd=5030&ah=5235&am=5030&xd=00&rf=0&re=1&wb=2&cl=0&at=0&d=18966%3A170420%3A6331247%3A3451578&bo=18330&bd=buhgalter.com.ua&gw=allresponsemediaglobalftdisplay739160694092&zMoatOrigSlicer1=18330&zMoatOrigSlicer2=N%2FA&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=197724&na=1630831709&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 09:34:28 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 26 Mar 2022 09:34:28 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: buhgalter.com.ua
URL: https://buhgalter.com.ua/push-worker.js?version=6&appKey=c77ccd81f8480b85adc1e41419254e96&track_inactive=true

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo

Verdicts & Comments Add Verdict or Comment

175 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

87 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
buhgalter.com.ua/	1970-01-20 02:34:39	Name: leads Value: a%3A1%3A%7Bs%3A13%3A%22subscr_source%22%3Ba%3A3%3A%7Bs%3A11%3A%22create_date%22%3Bs%3A10%3A%222022-03-26%22%3Bs%3A6%3A%22source%22%3Ba%3A4%3A%7Bs%3A10%3A%22utm_source%22%3Bs%3A6%3A%22direct%22%3Bs%3A10%3A%22utm_medium%22%3Bs%3A4%3A%22none%22%3Bs%3A3%3A%22url%22%3Bs%3A25%3A%22https%3A%2F%2Fbuhgalter.com.ua%2F%22%3Bs%3A11%3A%22refererData%22%3Ba%3A2%3A%7Bs%3A11%3A%22refererPath%22%3Bs%3A25%3A%22https%3A%2F%2Fbuhgalter.com.ua%2F%22%3Bs%3A7%3A%22referer%22%3Bs%3A16%3A%22buhgalter.com.ua%22%3B%7D%7Ds%3A2%3A%22ga%22%3Ba%3A1%3A%7Bs%3A3%3A%22cid%22%3Bs%3A36%3A%22d2ec978f-d270-4f8f-ae25-e8000f69e5c6%22%3B%7D%7D%7D
.buhgalter.com.ua/	1969-12-31 23:59:59	Name: hbyoAAd Value: 1
.buhgalter.com.ua/	1970-02-25 13:51:27	Name: __fp2_f2 Value: FhVakEIOtDOayLzeVR8xb5XIYLP3uHus
.buhgalter.com.ua/	1969-12-31 23:59:59	Name: QAaWAqO Value: 1
.buhgalter.com.ua/	1970-02-25 13:51:27	Name: _faguid Value: FhVakEIOtDOayLzeVR8xb5XIYLP3uHus
buhgalter.com.ua/	1970-01-20 01:55:46	Name: __factor_utm Value: %7B%22utm_medium%22%3A%22none%22%2C%22utm_source%22%3A%22direct%22%2C%22utm_campaign%22%3Anull%2C%22utm_content%22%3Anull%2C%22utm_term%22%3Anull%2C%22url_path%22%3A%22https%3A%2F%2Fbuhgalter.com.ua%2F%22%2C%22refer%22%3A%22%22%2C%22site%22%3A%22buhgalter.com.ua%22%7D
.facebook.com/	1970-01-20 04:01:03	Name: fr Value: 0tWMPQu1r6WFugWJK..BiPt4a...1.0.BiPt4a.
.buhgalter.com.ua/	1970-01-20 19:22:39	Name: _ga_6VVQ37Y1T2 Value: GS1.1.1648287257.1.0.1648287257.60
.buhgalter.com.ua/	1970-01-20 19:22:39	Name: _ga Value: GA1.3.269659947.1648287258
.buhgalter.com.ua/	1970-01-20 01:52:53	Name: _gid Value: GA1.3.844330080.1648287258
.buhgalter.com.ua/	1970-01-20 01:51:27	Name: _gat_gtag_UA_35985798_1 Value: 1
.buhgalter.com.ua/	1970-01-20 01:51:27	Name: _gat_UA-53572572-5 Value: 1
.buhgalter.com.ua/	1970-01-20 01:51:27	Name: _gat_UA-35985798-1 Value: 1
.buhgalter.com.ua/	1970-01-20 04:01:03	Name: _fbp Value: fb.2.1648287258140.572258480
.doubleclick.net/	1970-01-20 11:13:03	Name: IDE Value: AHWqTUmbBdYAjuw_daqKbAJdV6jg0NZn7gwh4GjNYQGlq9FpBcTPCSMzTomSIGlY
buhgalter.com.ua/	1970-01-25 07:39:25	Name: cbtYmTName Value: TjVsJypsdGx5dyh6dngvdix6L3ktfnYvbDPy
buhgalter.com.ua/	1970-01-20 02:34:39	Name: _pbjs_userid_consent_data Value: 3524755945110770
.buhgalter.com.ua/	1970-01-20 10:37:03	Name: _pubcid Value: 12fad5dc-9841-48a9-b8c6-d3e06e87b69d
.buhgalter.com.ua/	1970-01-20 11:13:03	Name: __gads Value: ID=3f510d12f0aa8ce9:T=1648287258:S=ALNI_Mblq5-9OOUoLUZ2_DNWWopUinTEcA
pbjs.e-planning.net/	1969-12-31 23:59:59	Name: CT Value: 1
a4p.adpartner.pro/	1970-01-20 03:17:51	Name: apuid Value: 862e0bfe-f5f0-4e88-9214-fcde1ac89423
.e-planning.net/	1970-01-22 15:10:39	Name: E Value: ADYZMYkjxJcfp51S
loadercdn.net/	1970-01-23 17:27:27	Name: vui Value: 3ef45816b34c4448802e2001ad5b10c8
.adnxs.com/	1970-01-20 04:01:03	Name: icu Value: ChgI4axaEAoYASABKAEwmrz7kQY4AUABSAEQmrz7kQYYAA..
.adnxs.com/	1970-01-20 04:01:03	Name: uuid2 Value: 2486824734335636899
.rubiconproject.com/	1970-01-20 10:37:03	Name: khaos Value: L17NOCHG-10-JKUS
.rubiconproject.com/	1970-01-20 10:37:03	Name: audit Value: 1\|hLZGFuTafB0n2+ce39Hx6VqbBgMWySGKoH1GQZR6kuhIdnkYNjvcP1vASJs8akEJe8x9FX/SGzLD4PlHyE3qACYbB5SW5XQ3vWRd+B4fy7Gma+WVcS1g3g==
.adtelligent.com/	1970-01-20 03:20:44	Name: vmuid Value: 266963a8e94f3971
.adtelligent.com/	1970-01-20 03:20:44	Name: a307558 Value: 862e0bfe-f5f0-4e88-9214-fcde1ac89423
ad.invamia.com/	1970-01-23 17:27:27	Name: moxuuid Value: 5b3e4054-429a-4164-b4c3-af68c9c9539e
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_zone_imp[7443][count] Value: 0
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_zone_imp[7443][frequencyPeriodEnd] Value: 1648373660
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_imp[16229][count] Value: 0
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_imp[16229][frequencyPeriodEnd] Value: 1648373660
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_camp_imp[5275][count] Value: 0
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_camp_imp[5275][frequencyPeriodEnd] Value: 1648373660
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_imp[16213][count] Value: 0
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_imp[16213][frequencyPeriodEnd] Value: 1648373660
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_camp_imp[5264][count] Value: 0
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_camp_imp[5264][frequencyPeriodEnd] Value: 1648373660
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_imp[16169][count] Value: 0
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_imp[16169][frequencyPeriodEnd] Value: 1648373660
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_camp_imp[2223][count] Value: 0
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_camp_imp[2223][frequencyPeriodEnd] Value: 1648373660
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_imp[16197][count] Value: 0
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_imp[16197][frequencyPeriodEnd] Value: 1648373660
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_camp_imp[2014][count] Value: 0
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_camp_imp[2014][frequencyPeriodEnd] Value: 1648373660
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_imp[16230][count] Value: 0
ad.invamia.com/	1970-01-20 01:52:53	Name: _mwayss_imp[16230][frequencyPeriodEnd] Value: 1648373660
.pubmatic.com/	1970-01-20 01:52:53	Name: KTPCACOOKIE Value: YES
.adnxs.com/	1970-01-20 04:01:03	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVJf4)$Q!]tbPl1M>e)ZlrFUfJ+tGXvWB@cfOiVzw4q:^U.v^$k#!:chRxOyx6EcJ0@^3If)y3KL9D3I?+kr5$f(
.casalemedia.com/	1970-01-20 04:01:03	Name: CMPS Value: 712
.quantserve.com/	1970-01-20 04:01:03	Name: d Value: EF0BCQHgJYEA
.quantserve.com/	1970-01-20 11:21:41	Name: mc Value: 623ede1c-6139c-fe6d6-29fa1
.doubleclick.net/	1970-01-20 01:51:30	Name: DSID Value: NO_DATA
.pubmatic.com/	1970-01-20 04:01:03	Name: KADUSERCOOKIE Value: B84A66DB-8D0C-4BB5-A232-292D70040E8C
.spotxchange.com/	1970-01-20 10:37:07	Name: audience Value: e9eb353c-ace7-11ec-9bb0-1131174c0306
.innovid.com/	1970-01-20 04:01:03	Name: uuid Value: ca9c88bb-34cd-4e7b-9624-d24a3b2692b9-20220326 05:34:20
.e.dlx.addthis.com/	1970-01-20 11:21:41	Name: na_tc Value: Y
.casalemedia.com/	1970-01-20 10:37:03	Name: CMID Value: Yj7eHFaybP9gPUY3oi5adQAA
.casalemedia.com/	1970-01-20 04:01:03	Name: CMPRO Value: 713
.casalemedia.com/	1970-01-20 10:37:03	Name: CMRUM3 Value: 2d623ede1c2760CAESEIPfkn-BRzmCcP3ra6bdryk
.addthis.com/	1970-01-20 11:21:41	Name: na_id Value: 2022032609342000030357172574
.addthis.com/	1970-01-20 11:21:41	Name: na_tc Value: Y
.addthis.com/	1970-01-20 11:21:41	Name: uid Value: 623ede1c68e5803b
.addthis.com/	1970-01-20 11:21:41	Name: ouid Value: 623ede1c000109c5a11648b35f130f65c4a6e10b8504469d71e4
.dlx.addthis.com/	1970-01-20 02:34:39	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 02:34:39	Name: na_sr Value: 20220326
.dlx.addthis.com/	1970-01-20 01:51:27	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 02:34:39	Name: na_sc_e Value: 0
.agkn.com/	1970-01-20 10:37:03	Name: ab Value: 0001%3AOUuXpMllKtacJXP0xalrZcYVFCp1iKom
.agkn.com/	1970-01-20 10:37:03	Name: u Value: C\|0CEAp0ZqcKdGanAAAAAAAAQ13AQCAAQpAAAAAAA
.criteo.com/	1970-01-20 11:13:03	Name: uid Value: 81c544b5-00bc-4172-a1dc-83ea7574a655
.casalemedia.com/	1970-01-20 01:52:53	Name: CMST Value: Yj7eHGI+3h0A
.yahoo.com/	1970-01-20 10:37:24	Name: A3 Value: d=AQABBB3ePmICECmVJqvmBA67vWAGaL4POfQFEgEBAQEvQGJIYgAAAAAA_eMAAA&S=AQAAAiv_2Do8jFjh2ofxripKGoc
.advertising.com/	1970-01-20 10:38:29	Name: APID Value: UPeaabc0c9-ace7-11ec-8cf2-028b24df2e74
.serving-sys.com/	1970-01-20 04:01:03	Name: A6 Value: 10M0jCwAc+10085z000010000
.serving-sys.com/	1970-01-20 04:01:03	Name: u2 Value: a2770763-24a2-475d-956b-7c1e9a8543144G506g
.analytics.yahoo.com/	1970-01-20 10:37:03	Name: IDSYNC Value: "18yl~23yx:1762~23yx"
.serving-sys.com/	1970-01-20 04:01:03	Name: eyeblaster Value: RES=32
.turn.com/	1970-01-20 06:10:39	Name: uid Value: 7783662475952810802
.adfarm1.adition.com/	1970-01-20 04:01:03	Name: UserID1 Value: 7079339884710066316
.everesttech.net/	1970-01-20 10:37:03	Name: everest_g_v2 Value: g_surferid~Yj7eHgAP3WnemgAy
.buhgalter.com.ua/	1970-01-20 11:13:03	Name: cto_bundle Value: 2-iJi19GRFZRUjVMRk1Mc21vWXVCSml6a0lxTVZFaXJYY0lwa1ZDdGZYUUZpV0NKc3dhaTRIUFFtd3dxTkRLV1lzTmpiOG1Jb3JXZEo1aUhZNVhBNjFvelNUN1BkVjZKaDc3SkNWd2Z2MUY0UzElMkIzMTc3MSUyRkVVamhYeGFIWmdqSXF2OFRzZlZoQ3Q0dktteDdxNUF3UXc4T21nJTNEJTNE
.buhgalter.com.ua/	1970-01-20 11:13:03	Name: cto_bidid Value: g8Owy18zRkhjc2lCbVVLZDA3T1hhJTJCMEs1ajRacyUyRmlMaUxOMnY3QyUyRlk5Um1XTWNGam1TeHlqUHhhSGhqTDNwNlJ1dUszaFpJaFBXM3JIbkI1T2JBZUZLQmNtSUJqelVNWTl5cjUyOCUyRjhUTmVBNmp0emwybnBxRTM5TlVlZDNXYjBCWWg5
.tribalfusion.com/	1970-01-20 04:01:03	Name: ANON_ID Value: aVnseFpyXagbqiVREFmOXhvC7YtaE1ufZd00GywfcZcirxrFvAZa2XcOW6E6NtfHwiZbrVNSUZcUL4M1ej90WVyvK

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://buhgalter.com.ua/assets/templates/base/js/js.cookie.min.js Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://www.googleadservices.com/pagead/conversion.js(Line 26) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
security	error	URL: https://b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html(Line 11) Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/9177425597507305472/index.html".
javascript	warning	URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_218_3_0/ebHtml5PoliteBanner.js(Line 100) Message: The devicemotion events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
javascript	warning	URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_218_3_0/ebHtml5PoliteBanner.js(Line 100) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_push=AYg5qPJV8pjyprlnfrBEzVmk2SLrZgvj5Pu_3Kr4V6gqY7FeO1pLceBKegPWVW2AD35rgL0ZzKtp4YLUcFV56JYOk7IaEg61FsD0&google_cver=1&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo&google_cver=1&google_push=AYg5qPL7xBQoHSmlQChNWhq11xQGtpXGnDhrLsig6QJdKsHXsvjG3PZBzq9EZbHhKzi5CGMFGngYSszoVYKH8-4KpjWRV69ygCk Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yj7eHFaybP9gPUY3oi5adQAAAskAAAAB&google_cver=1&google_push=AYg5qPJKqS8cFWBGlknx9hJkwF8ikT3S5BWfLhAHYIMU6Cyvlbs8YQSQy0ZVhptxeLvMzUHBk_0zeHTendhPgEgqiDLArMiVSzE&google_gid=CAESEK7ThgSPSK94jdWGrTkVdWo Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
javascript	warning	URL: https://z.moatads.com/allresponsemediaglobalftdisplay739160694092/moatad.js(Line 133) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15768000; includeSubdomains;
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

19624d268a575ce13876be33e638e06f.safeframe.googlesyndication.com
a.tribalfusion.com
a4p.adpartner.pro
ad.invamia.com
ad.turn.com
ads.travelaudience.com
ads.yahoo.com
adservice.google.co.uk
adservice.google.com
ag.innovid.com
analytics.factor.ua
analytics.google.com
b5de74f36b3df76e917d04b26592eb25.safeframe.googlesyndication.com
bidder.criteo.com
bs.serving-sys.com
buhgalter.com.ua
cdn.flashtalking.com
cdn.gravitec.net
cdn.jsdelivr.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
d.agkn.com
data00.adlooxtracking.com
dclk-match.dotomi.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e.dlx.addthis.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
ghb.adtelligent.com
ghb1.adtelligent.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id.gravitec.net
id5-sync.com
image6.pubmatic.com
j.adlooxtracking.com
jsonip.com
l.getsitecontrol.com
lm.serving-sys.com
loadercdn.net
mug.criteo.com
odr.mookie1.com
pagead2.googlesyndication.com
pbjs.e-planning.net
pixel.adsafeprotected.com
pixel.advertising.com
pixel.everesttech.net
pixel.rubiconproject.com
player.adtelligent.com
prebid-eu.creativecdn.com
px.moatads.com
r.turn.com
reactive.factor.ua
rtb.adxpremium.services
rtb.openx.net
s.ad.smaato.net
s.tribalfusion.com
s.zmctrack.net
s0.2mdn.net
scontent-lcy1-1.xx.fbcdn.net
secure-ds.serving-sys.com
secure.flashtalking.com
securepubads.g.doubleclick.net
servedby.flashtalking.com
static.adsafeprotected.com
static.criteo.net
static.doubleclick.net
static.xx.fbcdn.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.adtelligent.com
sync.search.spotxchange.com
sync.teads.tv
t.trafmag.com
tpc.googlesyndication.com
unpkg.com
ups.analytics.yahoo.com
us-u.openx.net
use.fontawesome.com
www.facebook.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
z.moatads.com
buhgalter.com.ua
cm.g.doubleclick.net
104.90.192.27
104.92.106.130
135.125.163.79
136.144.183.196
137.74.6.209
141.95.34.105
142.250.184.194
142.250.185.162
142.250.186.130
151.101.130.49
178.250.0.157
178.250.2.131
18.156.0.31
18.200.47.85
185.180.223.67
185.184.8.65
185.187.81.41
185.33.221.90
185.64.190.78
185.94.180.125
193.200.65.5
2.18.234.21
2.18.235.40
2.21.140.103
2001:678:cb4:bbbb::11
204.237.133.116
209.197.3.19
23.37.38.181
2600:3c01::f03c:91ff:fe79:43b
2600:9000:2156:b400:8:48e:53c0:93a1
2600:9000:2156:be00:1b:5138:8a40:93a1
2602:803:c004:200::143
2606:4700::6810:5814
2606:4700::6810:7eaf
2606:4700::6812:c05
2620:116:800d:21:f916:5049:f87f:108e
2a00:1288:80:807::2
2a00:1450:4001:802::2001
2a00:1450:4001:808::2002
2a00:1450:4001:809::2003
2a00:1450:4001:809::200a
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2002
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:812::2003
2a00:1450:4001:813::2006
2a00:1450:4001:827::2008
2a00:1450:4001:828::200e
2a00:1450:4001:82a::2006
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2002
2a00:1450:400c:c0c::9a
2a02:2638::1c
2a02:2638::3
2a02:6ea0:c700::10
2a02:fa8:8806:16::1370
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f067:e:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:d01c:1d8:8102:a946:f0fe:2301:5b7a
2a06:98c1:3121::7
2a0c:5c81:5142::2
3.121.17.249
3.121.45.11
3.126.134.118
3.126.56.108
3.234.129.143
34.98.67.61
35.190.0.66
35.227.252.103
35.241.31.249
35.244.159.8
37.187.27.147
37.97.131.40
45.133.44.3
45.133.44.4
5.178.65.246
52.213.113.49
52.215.248.120
62.149.0.72
69.173.144.165
84.17.46.53
85.114.159.93
92.123.225.41
95.170.82.90
00359d552170386e0f9dc362a2a48ad8da908f6263810b28eb26348073b70bee
00b653bfebb5f96f51d571d67f1c7d71b27e6243e98ff235a2d238d997e8a750
00ff3d800f0331daf779375be423ca2a75a86ed17074ce745decd398b56d3326
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
03869cd6d14cae48424868c0f3e452d319e96a8a501cec7e902bd5f23025ae26
060bb8520b20eb55d3627c997fb70a310ee7340fca81019d845ec4d411f1f28d
061543b6ada60edddffd9f7c3f5a4fd1fa7c37e0f023816dbe1a8d4091daf49e
064eb1abf6ed7effd1a878ce4212a3bdc5a151b6886ec619f2219a32adaa2074
0673a67906e341eb7c6158899b672c6701aa4febb161fc0dfbd440ead60f30aa
0772440742311161a8b4c0b052c35ca87993dd302341ec1b8786815ea4000adf
07ab47c07bab62e7d7ff7bc8ec64936785a7e488438074dd3510227aa5c466b0
07b382d14e2714223655f23745e8bfad2b87de32d3bc5d145403ed07dbcce891
0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7
0898a84b3ee32f283dbcce7747e24d35fcf96904c0ea00e3652a85d9b696ebd2
08e04409d774299c7ac6fbbd18203bb89d0febac102760ed40a76864a6bb4066
091f75843fa6d5fafb4594bcb2f82870f8c01718d8fbf9ed69cefda61209b24b
09581d5edca900f500900be68c38b26c20e8cc2ec562400f468955e98229f65e
09bf76bf9a693f6d1ff70fb63a0f530e6d880240a4cf8b53baa070cb244852c0
09cf7684a243dfc294f30f108a7a97ad7807efebc4699aeff4baf8b94c65d749
0a91fbed903c7ee569d116adee58d579d0c64775a469ee86d3cc4281f913bda1
0aa21fa1c1f63563bab7e47a178f3db4ec3aebfb3bb26f7e56d12d0cdb6c1a1f
0b017b3819242025de47dd71f753478ed401e320c4aac5561e253833361e731d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c593b478bac40d4bd1c30ccf349c6e118c347e0ed9881ff7e70a7c5de86493e
0e5b66a959fea501a734824f70aa077d915830dfd1a627bc7b5a31ebd5212b16
0ea156b1781ac04198c56459d448345aa7bdd682270a23094acb6292da879cd1
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1103dead2c84761ac4059e654c95377a9a4ae80d5c5b37eb8058eaf1d2bfd93a
110b303089a71f1b1c392a22406acdad508b9b0d39a1f39626827e86f3a5a78f
114620b1a178f4035894e8fcef6c6dd7e603fa43e9b8de7967f3baeea99cb4ac
119432b285b43e5387846bdc690fa04a73a851f14e3084762eef4e94b205d3e2
11c218596cc6e20a1492060c81a96ba6b4c3e1e2b3f574d42ee5aed2a807c124
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
135d61e6a484f98a225e6c68264d7021f18ace3f1ce0ae8611b7c2b0c256f209
13de6c4abb5acd8cc18660ae89aa19aa59cc651ade2329ce70aa77c0e3529373
159210f9ceb6561cae10aa34238d9c3d4a601a5ac825ff6d9f3e669d8bd0df0e
159c24eb0b9d044c0507e36e693d0ff23bbb990ae90523cc25f3683253ee43d6
17380452670e8c3216bc2cf483c28eec5059a45c47cabf1b216e09a6815f12cb
17f305280c8adcc37db648e59ac434732bf1a0ca43d1cd890fa8225f0d081f9a
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
188fc2045c73ceb0931b06357ec5c0a8c0b93045b831c79e557c25e4c8959d01
19b54d75ed37bfc172887462187de8421138d06f1c670b89193df19180625a51
1cccbd22805c0bfbac192d4b5962ad62e41bbeb7f5c409e7477b4c31da8cb9db
1d8bed03cbf7fcb49bdbf150b1a0f8579a6469c36de41b7a790da906c83c620c
1e61778707dc3a1bde2ec4c0b02387b7fdc7291f1230fafcaa8ec2f996cb972f
1f73d6b64e742e4bcd71e750a85f832a0f1d7d762b5fc92071fa0e54a39be73d
1fbc78a20c780db9685ce47c142da7eb89646b34d6e65c21eed7c365bb4601f1
22ef740962bc0b112be9cf31438b5f65689bee5ea052a5538cf05d959cd4d96c
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
2388df780f154980d5f334830101f63540ae55f3601ed8a2d3eb4053a6a9f4e3
23b89bb3578573b474d7a69e2df32e8f0ee7839a44392edb040e4117a07ce6fa
24bbe137f237a6630db0061ede2daa44c062a28761b6c5375653a26a45a8dc6f
269bd69d6c1d25e848132ecfb48ec214040e49fd45e444760c3e226ca5fd7962
2794e4bee8b85e3e25f439d6e2eff996da14eee39f04ccd2ab65436562be1fe9
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2b31653790eaa8fccf7b13668d89bf7796aa481e2199fcf513d4e869c079e34b
2bc69c1c1c4bf49e80a77f83010c01e575fd6922229943b9feb8864a492ac441
2c30bce9316a009e9a17785731b7c5b52af0e3f3f162efbc5787513b54cea138
2cec4b13f651c11cb7e989b911afc1dc1c4d00503bb94a739c6882fff08d9718
2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55
2d262a09dcb6006abe2599a8e0e368868054baf2b93bf8f37a0db3c3437559e1
2d27a1810a9c43b17603247c2757dba5e852432b29416d66de79bf6a3bbd1fd3
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e7778c6ed3c31a131da378d6e573a1b3b6723037cdeea4c4832da83e60c9399
2ee69f515b17f5b570b287e1d92f35e94e76139440dbd97db70805430ffda58d
2fc6b7b81c4f68e12b4c2e30e5027499a62f604a40ce524ddd37ca4b5b51fa0a
3061a71d8be14bbf325156cea941da0e53ef184eef60c14331e15b4145b4dc7e
30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff
311f12283591ddf862c5164f47f2b1cff87aa739385d785b9a7d37f61dfbf5f3
31de094cbf59f91f33bea1b06c93e71570b87b8f1ac4bc7a7a0c0b753330a8b8
32179751d722b2035ef26c068daba6a4a66b67e54a4c3a50c2d52654cf5fc49e
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33469539b582e93d9b98eecbae3c3cc48965f030aeaad68cc56cbbf20f774923
33b5d3b7aad26d60afa01ea0817bd0b26c8e480ce5bb777b41a1b5eac78cc37f
34db11d23b1b71496d67661f658d3f0e00bd9537b98c02c32f5b621f838be247
356391da29e1b000abb2ea0f15899858224f2e00af15b33b1d48bf019963b446
363832ce22d752de90a8074c063a729895ac3cf4c5650e1a5b82cfe2f5ee7674
36bfcbfb8c235969f901acae944343611139ad8fe2ab577e907cbd2ca7cbef55
3971a86564fe25b2262b78bf830d8af076f7cde4fe7b2167585b38571b3f180a
3a4529b12c7684943d7612770b24292a5a5cf199e1ad370eff2c56a53f56461a
3af0dcf4f6579a3cae027db5f5e63ab5510cb021cbe53d866733b4dde6671d65
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3c764a032b92ca26c29a916fafd3f9a0c31a4b4bf9f5ce6ec2fe54f916a912e5
3dd2076fdf435f4e8832916bf225c47d674271f270845594dd2508846f875bc8
3e18d0e3dd548e9745884578e3cd9f0a492ddbb6f3b797db364b45bb16cadfb3
3e9fb5f5f6ba8da8fb9de92a701ab1fc022f355e78bc52769b19cf78e04f9dc7
40cf551965abb3907196d630825291b27d1b77dd499bbbf12e07905a25afcf59
424e983b406e81e3fb47c353bd29bc6156465ff5f9f7dae4c53b8c97d51239c5
43a40461980cf982a9de0bcaba74e8c0eb3053892536eff1067ea4b417693184
4434af4fb7f6dcd25c06a6979ee9d9965188ba85e7860e8ded9d730a3419afb6
4484ae41809aa87df89b8091f08b0c8620c7a26b4bc6c38c84fa4f76e6bbb01c
448f7fb85b4c5699d46f1899d90c7d3266413020bffa738ac33b6b0ba21d2399
44efff41d0d15b2c8a71e9b0363c1da9b56af5b022813522d3495f6bccc29855
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
481a0574246e281316ffa0e15399bf5388bb81ae550ce0401a0353b6bb2d1e5a
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98
4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7
4a332e4376303ca434ff138b0872d64fc86a45101b51065c776206afe66c015a
4a724ff2a95b5a54c343317baf6090f082980a1989788544c59c24c70f0e125d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c79b7769d37ba6aa2b8c0f48052c75287819ef2343659ec85122e9247819b7d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f9695de838f580539a55fb51b39700729e469625f429ef612e7e3173bd004bc
4fa18ae7faa4c864e0c14d23b00a46e5cb48f7509335d3d9ece052ff93c328d5
5042f25c3eb1530880fa3b05325462c028492caf22141409999cdd7e6364b8ba
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
522126d69977610f6b11d5095d015fa663564e3d65dd6574de7e07eef40f5c06
52db729bbfda2646c18d63f4ad32c8bb07ab396a30c8cd49b22d0481af5310c2
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57433e1293341458165bf38974563d349e5c2116f089af926afe7bf6a4e4a49c
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
5833f676a69a7385d07b129f61b2545762ac94c5691a5c8fc82b1eff66d74737
583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485
585577abe91b88ad3c7e8ee6353fb2e6e1821fb1b73f321a387a7eb6fe3dff1d
5869f8b7a0c1419b0f8793234ae47779f4e1d46bc1aaf914bd037fe55d84ae6b
59930862af8eeece2cdac39829c922e109f0eebed8049ae6229ad25deb8089f0
5a4cfa79c6e9c3d58c86977c159295c3996d8884b61cd4e9f04c7575735a6641
5a7a2c585637500ff94c6efc2ee3dde6082daa148a33971be41e76c5948158de
5c8cc85f7ce109c357d903d6ce6ced65b2a8137e177cacd0c42b77ea328407f8
5c989aa7687f2243c4bc5b0fbcb98201c2b0febb342a5052f4f77bde116930a7
5cfe3d8e993d5a436daf78d54d89d22c589ee05954359672781bb074174e0fa6
5e1055767f6d4ebc018c9e2386d3ca843ce1cc24daf9add01c652a15b7fdaf4d
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
6044ea8cfc80c34e7dd648a07a39047f99135cb4404dc20ad4076a013ac2be3d
60f74110267d386c033ca330fc5bbd7d2472c972b63b33fa8000e87c8f815de6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
625614d0c74d2cd49b55966090b740556a74d6f81fab60a6ba40cbeb2a328ebd
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
6356465097a91fe7436546d26b9a0575a5092cdea33572d65d1ee447777890c5
662dae67065bef1763ed6d671404e7e86e7488a05c82147f7e2df1ef1809b1a4
6689b10d16d6c6f738c2fae6e209c53d7b4ad2d597ba712e0ecc2f1852a280ac
679449bd06f6cbbe46b129b5009ce6b490d323677b02fac4a62b10bdfc678ddb
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
689b25634cb0d84e592e43cc1e3f1a43589cacd8f8faa3dfb582a200b1109246
69768ececc08139a577e3382f14cdec2f0c549663ab259f280e2f83e709065a2
69e38f310e0971612f991585cdfccb97837b8aa4f51bf8499ace3dc947a6afec
6a58f5012ac311a63cec9b7ec64bed5cd95b85bec8c887658de0fedd7121515c
6aa60dd23a74b3701f5ed911709abd25ac4e7f4a8cbd13d777fda48db32915f8
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6af97b9a2d1bc07d8d5386efecca516ff8c107e4c9bf5165d7cc38741db5597a
6ca8fddb17d96df80923b284c7e07888f947eb3dd03974cd31e85f4d5e9dc6dc
6d3e72f792ab09e654be262d636c49cb56c2059c063f52793ec96a963c6949e3
6e337204ed03b6e4418d9b9b436cd2614831b06c4e1a9ca156d47ece9ad0951c
6edfad1d5d6275fc7ade68ffb1f07d480fdbb39579fa359bc9c7ea1d4649fce9
71ff8330220a7319dc2278bf35faa571f8713f91124ec192ae00673f7386c74f
741cb5b795c866f5aef2c01f64bf8eda484c92bfebe3ee309c9ed35cd252f033
74278d9946c5a3b09e792ad23ff212a21d548cfbdbfb95a0b4eeb4bd4846247a
743071140dce04a30ebdcae1de414e8022101c6204af037c8213d67ea8ca8156
74c3d6e4e68a777357e0779c0dac3ab4b146a1b9f95f5884893f453e703ef745
7535435b268eceb5a194a8a6065e853af11815cedcbe1769155617d3a8487d60
75471d692aeb9322e75a041dcb0c363657eb51db495b14d5555c5e7a907fa799
7683702fa7b021af2839f5ed4c2c009956332805b0c4e2c054346993fa2ec07b
7704281ee0b386ac39b9b1f6ca82401efc3500b75ac160e9a46ab6246974d9a5
7b63f721e824f90d7f3144b2458f93b1697419fc8790f35537a064ed757a1b80
7d5bed178d04622ad95cab658071133ce2ea6b1b394fd71179ec07b5de122bc5
7d68bf16f9dfd99f7fa09fc4a5eecdac68c35c88acd20d442c69715e0e125ef6
7d78e96c514abb7a32d7bfabbb2e55cffab9451d56dd2667b2901af2f66fac7d
7dcad7165d9ad5f1b3832f47c34de96c7eca000faa7c8ca55a15ccfb086de82d
82a4df0a6f0f70b0df90aeef7e01e356a0a5859da073e4139145dffd0844b226
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83f2963ac96def32a52b88d46767a0e6b4f7d5deeabe40bdcd795ce25b99217a
8429d286889a500a6549279dbb7135387b5c3167421d6f703d929f06910cf617
84d368b23e95809600d8e96a8532cc3b88c49cecd69a058d249b4ec0024073ba
86a676d25a23c478b5064a3f6d9275179f67de2bbebe1bfa842719f73658650a
8702d6332b293c371ec010fd8b9d9a6dd095305a04c071ed302fb16b6eef87b5
87a156566bf61f245a0b0d6c16f0446eb7cc4a36a9350be545fa37259a40b71a
8a109b74b240d241933b3e01970cbd4b242035e1c476f7ff4b394b7926fb00e4
8c376014be979d78b7b6a1cb77ceeb4dc39d4762316be13e286ab9627453a01d
8d08002698e3eea9504529fb40cb7ee307d4bfcb79b26e6b7a9f0d88583ae8ae
8d4ec2ca8d759f86eb921166802e02bd8e9382839383ce1b3b8db9438505766d
90b2c189be5f0290cd8d7003c28c08de7df1eb1d6240b24f699fc75a4132b70e
90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e
9273b477f4fef4a4676b673d25b775558dc37dac7961b141f402236862e3adec
96e970758e57ddf48726b2e8a9680be23ae650acbaac94d68935c36a781fab52
99469201e9dbf15a407c751143dd1bf1b6fdc491b0dc8539cabb69b0034bd48b
99698d842bac17e112650355905c04538f6c6e2f91aca00154d220207ee0e7a6
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ac63a8cb878281a780c3e55c2d0365fcfa69ee37dcf4561963b4d22905e5ab8
9b17159bcb4cfca2795c6c00797ef9f6323d72474d03133eade4826beab6f498
9ce75ed467996485eace448fc8554374409488e31678c2e1efb995c77449c0e4
9d1cb86ec27e86dfdefab39206fb510070d00b81d91f11ddc6720e3c62629d32
9d382bb5e6d29142970841bbb9101f4120b9b817e39f2a202c83cda6ea20ee12
9f86760d5ef0b6eca2ba837c9cc86b9b49e4cc4a5af2af2e91439ede78e555d6
9f9616bd459c26508ca3fe8b275542833b28014db6945057cf653096e852275d
9fe21660451041243f1f8a4e941828eb1a20f493b577822cbc845da85c50d02a
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
9ffbf0901d91c2643b9aef55cc55cb461e8be565f7b47289a03c321cb1cc4441
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a18472ae86a7b20ced524d98ed60a37cc38d222dd6891200a0edcc335d3d9350
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1b43339886c2df3f1451af8474e95a8923085ef0fc240820e7a8218110d573b
a1e4efe7233fbb9a90348afd9731a677423fbb0195aa0d21f381cef00007250d
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a31a9769677c0e5e9f40a8ad5f40ece87ab2e1a27371caaa0abf52539f5225c8
a31ddb50a6af12f251cc2a731cfb250252d3d6128471beafc614d0c464a9e9e1
a33a18d3ade364ae94fdc88f786c869ff8b45cae9bf98f2e2a16dd1459d98cdc
a3492ab3d262a82e24fbabfecd777c0800964578ca1e00a363307bd3e590dc77
a4991d87ebaea362f7b779eb0e62f6664d2b0bfb83aada173b6dbdc6ed587a7b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4f9fa103935fadea54ea87412c9697a65d9545e2b4d67b3b3f984590c1f0dea
a543df459d2d753d575d5de96527a3331b29a514d8e1aa9aabbeb32de5b98eab
a56602d44222ff0e9c9c9d8faa30c87de0a0b053145aff4a43be4588d216157f
a634aa8ab6dec6522f2cf6ffb1ca9c699357492787e9d2b810ce493989adb577
a7175d1d334c622399772f16264ac7a80176047397f32836b6e0b004a59969e8
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a74d051cb4f10fc6e724eafd37adaf9dd951c9e1786c48158d14c44a7c948a7c
a7dfecd6e97c88fdefc02ab2c9fec266255f057d69b2e877f29b67d443e325cd
a80d9ff59b837def607683ef0f0410775fe307e74b9765fec576f6cb4fcc1051
a84684c392beb111f1ffc575860f0fd182e14aa8953829b5655a90cf5094e898
a979b250cea5717bffb64fc5145e95cd496f3919cd92e6907e4002e0b279c876
aa94af8046ee89af6b8d09536809d3edd1ad71cdcbfe757b04d2ac2f42088cc7
aac16f954d581bdc9117839285ab45c1e9c71133dbdf18d0e72f420f18d99f13
aac32479b7e00e374a47b5c6daeb907574805cd3320d6d2c520764c6ee96c12d
abda83b7b0fcad530a82341fef5a3b7acdfa13778c13debf5bddcc21beea49c5
ad06b2972fba4a8c1e4277d1b62ae1738724d1e2c68057aa60ccbd8975315e81
ad6df8407c8fc8063eb90989c874e5459eb2f91162950deca29d64fcc2c7c109
ae308e0f954dd9a45304361e81dffc8a3893584af53b9779722bbb51a7c71e08
ae9dc62c51a79132774aa19bec7fea733c24b5a200d3ce68ba362ba7ead54396
aec49ea121142e36ce4ba520d03ad083e428295fe7ae692e96e70e6bf2a48909
afd810d36f35a0e41e24235473302af372544bf019226db6d2dee332eb122a5d
b003d9352600682b23649cd757ca88a601667ccee1cd9e78da932862912ec0d6
b044100db87d9ea6f2baea5b4c2cacbd92d3f76a8fb521cdcddca8c26c196c1f
b0dd739c0e029cf3ccc53afcfaeac9d062ffe27325823314d830689726c8a034
b10a4670d0af0bb5b45d7ec39453f6fffab67b8b4dd8fa2da7f3b1af3a9efbe2
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1bd8279cdd86c374c92e8bc61ad52b9dea7afb69d7e8ffba7b13bb28c3fcd72
b265408716dbe3e1a43a7bb536defb88b2a4df5e02fd12f1262ded3e46b2c9c2
b272da8532a2532b094eb8b01d0c38fac4cb5cbc2a48e620f40cdf886db497a1
b31fe2b6af2b697209125a16140b060c511bdec34f3ea28c8c56976beacdaefb
b3513b034d0ecb8f59408a1ca4b9b3a8ba63c68f07f877b2e1e1f34da644afe1
b35b72ac1876a9d5ec1b9955529f4070e971ce9439a1394970143145b499117f
b36e2f24c228d4aa3773ac182616c0cf6835f37725be8de6ce7305caa2a99348
b3d7d3c47dc2ed2229601da34d1b8d1a9f7e7405e2a495c582544cd4fe82dc20
b4b6d898c081feaaf31175668b7a4837cf08ee6480fce388cbb93fc710646d07
b5cfb2ebe32805d7643546c8906515cd6f8c70f29597fb9abaf46e029044c496
b61c483c1ef272649d59390899f6ba6dacc4a0047fd5f31fb66a5a4bcb5af0ea
b6681c00074d8e62bb49a4c31444da8096a55f8830f62e4e8cf7b00882ba6cdb
b6802ed3c9a13e4e0c4be93749ab1ffdfbf488638b05ed7e18ad3896b1a1748e
b7e5a16afe5493961690e4e41f66a8031db0bc3065aebbe95414494837ccd23c
b85b745fa489a54767288f43654aa568b94813c1b46c4edcac86df0fbd0d22bc
bb1f1665d7d36ff738dcb494fb38266ebc6a0c9de10887324006b9e0b7e4c539
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc3e87b829b37bfbba01cc67e0667a9dd3c3303a89086ff2e3a02c2fd3cae882
bda57657e18fe9533bbcc9e1aee5f305fd6c19f271b478639b9f25455dd27ce6
bda9bd5941bd5b5bf9e180a1800f775e5e8f6ac20b214a60ad0d9874a5e54e5d
be0636d7890708de2fad4825e28e3887e349a4396f77a99b812d26f44559edb0
be625afbc485e960e06e97f06fd611767c597ec27ec976a899408074d2a78078
bee92aa99304c2229f3b9888402d90be283f3f5101c118ba1c7fa7ed6df18521
c1862f5fa7dd3945e2bab43995b64fa4f720581a0b070afea4dc9431b9cfabd8
c1ccf8f543009a813c29e737c9d9b1c5348169995360fbab23c402ab35c93374
c1dffd59aa695c7624ba66ca5c2a1f152f44821259b74a05a3e76f59e84331fb
c366c2607202adba86c9859c759f1840703ac157360248f5bb71987868dd270b
c3cc9215cd1edb24e5adc0162b2fd1f967db2cb99f5585c6b439efc417e8e4ea
c4a5a12744673c5a2dbb3653fcf99e1d86f9630f2a49ff4aa892cc5018794720
c52a8264c8a4dfb27b101c226b29ed7df32bd643d17550a6aabf8d44d880c75d
c52ea3c0b9b1233a70ed9ee281fec4418c13f8688c556ba31e587e0570cc2b43
c5a7e1a01e97fddf0d6fea76f7a895d53516d76728a4615816a71afa8141d8df
c6f02ea61b580dd0d3d5fd8b473d8584ab32e741a5a969704928df2d2753a44e
c9f44945ccb68cde364e4422dba31ddbbcc897fda5c4e0e7e631c9c366bf2ca8
ca30c33aa5f114d6c4810f2546893395a3047705d5a8b23cb60bba9a157a77ef
cd27dc3c0cc40b5e5691a2317a7a03e4189fa6d32becac6f390a0dceccb80205
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
d0e59aaca8c9a62d2ae97808a1d7c958012a860f486ecf0f35c73308ac3623cb
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d258fead6c9ba91ce351fa1fa6d12123e89f1c027d8ea020c093550f8a4553ef
d285ddb67b0c0d1642d8dbc0d6c122085eaf32cc6df3f165febbb4a47d05c9b5
d36253140224d3e65922719329cba306a98af2154419ee3b571399b1ddc0bdf9
d3b2aa0ed671d07334223e27db21c0f339c977657f517ec5033dfb3f8dce1843
d3d3bc35b7de805f63731af1af5ef5314b9bd0ef50df87944981f6af8836ad0b
d453778582484007a5a8c9b610fbe6a12a863260562fadd46f8e402f740ab12e
d4c5780344a410ba6f301b65ec5a0fff84b5ff87bdf3e65c7f6f52958beba7e0
d564e795aec94a8c74308ecec87cb269c8b536135086e36ba14ffa7f22434264
d691477018d0f0957939aa725df7f8a979d42731cd24ffc4b2a91e8cb456db82
d6b329563ab2466783f3b47eecbe503544948991015d8ce711e3168d99f3adf3
d6c70b1600c5977db96a8e0669d2943a1e1d9afe12ebcb33754c7d68797e64f7
d80bd54f6f01cdaa4f9b4bf238a45def7223316f3613971da9a6a417c62b5364
d8ee6435761532684a8d1d79368bfadcc4ebc56c653721a4c2a3e649b69922df
d95fccc8a4d3363801ea0564fce8cd0ef5938d2f3aae4bfd873b192a8b2667ba
dadc342d66fe74c55e27087590362734cad1eb09b0b788032e47a8211252f99c
dd9366b123766ecaeec85d47719aaa8ddbd3b68aa7e1fae5434fec5133ebd7cd
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de845987f3459366a295fa160b916e6945c7b96961d7ba73d441b03f211811e8
de934a085817710cb3bbd98d33e5b0c91709425d89eada2a2c55909c8b3443de
df352596341aef158df4b1735cf3b02723951a0a584685f896ce3782f6e33f29
e027435211ef2a57f103c525775456d802bd6ad5acaa62117d45e10930c7af7e
e1b794cc9478098a88362aeb9c2ee3c0f84a4c55d1eb34d72f5b41dc0c602ad5
e2bf45241f07498520af8df8be619875192ee90b04f9584b035302fb64af2927
e2c1db628706d9189213931f61655a826a407a5763d6153e142a1d9f29673d0e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46921d54949f3f39987393827c31f8b5f5e56bf84ee36416c99958157fbcc01
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e6fce2657668d80c13f0b61064202b609505fedeaf02cbc1f83ef1b8fff6cb8a
e70443a7798166983565fe94bcab241e83fcb96dd4cea4bece170b4c4a308de1
e904243c8ba54726547afae3e2cf80dd5394b98841b54716a5deae86f3d67aa8
e9432a42175bac76d8ee12d01b3f351c967affbb0fb4decab4b5acbcbde69b68
e94d0e2d56d7e7d35935918e549a374568fad167f2c8f4e5189104fa6546d8d5
e955ea3c7cea5f641e22b09184850d60c3a4a8eef354d739ca9e0ac25daebfaf
e968c9b982a7c78e187a35238d2d1f84956d7755938a74748cb6b5887d6a9d62
ea26c78f630f8d3924b66a3966e9d96b6ce9217ee085f6db77fa191e13a59848
ea35c5d1362d678749f64a9e5e667ff8e8cde215869401caa753c5e6585f568f
eb7bbf9535f4dec57b7e25576f8c4fb7d7dda4e7873d524d3393780e27bcf955
ec7cf723e138fd1ced41f6f1c2c0d724c43183a65b54ebaef160e9635fc222d6
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
ecc36cc1d2a1b39c6dcc4d23c5e1c029f1d2c78e8f696e094c8ea8db964e5664
eefe35026ee357b88523191da9cf1e9f889533bf16a6dbb748ba5e50ad0d9948
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2ef55ce16f698af74351dfe24ec0d395dc49e47d484459f236c37b08d224cd
f07d6d5a4507f93cbee09cff769f092eb3b77bf60e82fbdd5a7cab2ead90396e
f1b4809c02c833ef4a89170232005bdb3b7b825cd4a1b16e1f7868fdcef834d7
f1f2c754697a52684fccacaa9e300ac3268d6c13837b9ac7f46475cc67de8d4c
f268e67bed4c1584ddf22b804ba2e482c2ed18c8905a1f032406bf846d7887dc
f3450e351d2ac1dd241a9fa5fd421744be8612a57ea6a989aecdf3e50e076d32
f3fb84ac22d9aa3bcb4eb5a032abb61f745d15a6e89e4b5c87a60d08bb48bbd8
f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903
f4a200874570c195f6c49b82b17fe002032c87eb697b19c70f5c049b32bb2b91
f77bdfc493418da1a85260cc1b790bd02c9d0a09426ed1ad89a9613aa16e5758
f7c81f756187282cde04eb081009912e336f388013eb18b70b9895f4cefb6a79
f7ec7b8677014393b78f8e512a7b08dd6227d6d54fb6c145ab0ccc5a71b11600
f7ec9f64994c0f12acd8ab801d6709a5373b161d22752d64c316fc4dc6b04026
f8636f840e55868b04f7621502a452351269ffd7ce2fa600c15dda7fafb66da0
f957f0996053d409ed93207c211a1538f97466ba02605ed96fa6a66c42cc1c9c
f993ad8fee9bc37407c788f40a7a2b2c57732510e9d16573f72cb628cdd08ee8
fa0c8b719006d3de5625415ca1a6b3522c4b6962a811a991ad760e80054606ae
fa730e45f1461662728ed590039a2cb0900eee5486af662670dccca0e7f0ddd6
fce47c008bc1eedf3d2f5efe16ffee0aa0e5ac44254b5ecce2c7de7273e54e12
fce742d7814055a224b9e7b2a36bccfba4547644a968e838bf0b9d2f730866dc
fd3eec52805f5b6243e9fe47efb617a37254f80fdeafe26f9d39e007635e0266
ff6956c6d9b77bdecabeef7eafb5625c810cf5694db1204d0a48e102ecd73c89
ff901b835d08f449d1c8b0b16dfc0e37d49571a5e1a1747db1491f858ec9c224
ffa2e149a7cb4362696d47b85863b157283c7225b648bf0ea43e0591165e4c2d

buhgalter.com.ua Open in urlscan Pro 136.144.183.196 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

425 Requests

90 %HTTPS

42 %IPv6

60 Domains

96 Subdomains

76 IPs

10 Countries

4340 kBTransfer

11277 kBSize

87 Cookies

16 Outgoing links

Page URL History

Redirected requests

425 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 90 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

buhgalter.com.ua Open in urlscan Pro
136.144.183.196 Public Scan

Screenshot
Live screenshot

Full Image

425
Requests

90 %
HTTPS

42 %
IPv6

60
Domains

96
Subdomains

76
IPs

10
Countries

4340 kB
Transfer

11277 kB
Size

87
Cookies

425 HTTP transactions
90 data transactions