windows-loader.ru Open in urlscan Pro
85.119.149.127 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://windows-loader.ru/
Submission Tags: @phishunt_io
Submission: On December 28 via api (December 28th 2020, 9:38:03 am UTC) from ES

Summary HTTP 49 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 10 IPs in 4 countries across 13 domains to perform 49 HTTP transactions. The main IP is 85.119.149.127, located in Russian Federation and belongs to SELECTEL-MSK, RU. The main domain is windows-loader.ru.
TLS certificate: Issued by R3 on December 27th 2020. Valid for: 3 months.

This is the only time windows-loader.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	85.119.149.127 85.119.149.127	50340 (SELECTEL-MSK) (SELECTEL-MSK)
15	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
5	87.240.190.72 87.240.190.72	47541 (VKONTAKTE...) (VKONTAKTE-SPB-AS http://vk.com)
2	88.208.46.47 88.208.46.47	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	172.217.21.226 172.217.21.226	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:818::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
2 6	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
2	2a00:1450:400... 2a00:1450:4001:81d::2001	15169 (GOOGLE) (GOOGLE)
49	10

14 85.119.149.127 (Russian Federation)

ASN50340 (SELECTEL-MSK, RU)
PTR: isp1.ru.fastfox.pro

windows-loader.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 87.240.190.72 (Russian Federation)

ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU)
PTR: srv72-190-240-87.vk.com

vk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.208.46.47 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

pushiti.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s13-in-f226.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:818::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:6b8::1:119 (Moscow, Russian Federation) 2 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	windows-loader.ru windows-loader.ru	420 KB
9	doubleclick.net googleads.g.doubleclick.net
7	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	200 KB
6	yandex.ru 2 redirects mc.yandex.ru	44 KB
5	vk.com vk.com	45 KB
2	pushiti.info pushiti.info	18 KB
1	youtube.com www.youtube.com
1	googletagservices.com www.googletagservices.com	28 KB
1	google.com adservice.google.com	803 B
1	google.de adservice.google.de	803 B
1	googleadservices.com partner.googleadservices.com	645 B
0	yastatic.net Failed yastatic.net Failed
0	googleapis.com Failed fonts.googleapis.com Failed
49	13

	Domain	Requested by
14	windows-loader.ru	windows-loader.ru
9	googleads.g.doubleclick.net	pagead2.googlesyndication.com
6	mc.yandex.ru	2 redirects windows-loader.ru
5	vk.com	windows-loader.ru vk.com
5	pagead2.googlesyndication.com	windows-loader.ru pagead2.googlesyndication.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	pushiti.info	windows-loader.ru pushiti.info
1	www.youtube.com	windows-loader.ru
1	www.googletagservices.com	pagead2.googlesyndication.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
0	yastatic.net Failed	windows-loader.ru
0	fonts.googleapis.com Failed	windows-loader.ru
49	14

This site contains links to these domains. Also see Links.

Domain
go.click2bit.net

Subject Issuer	Validity	Valid
windows-loader.ru R3	`2020-12-27` - `2021-03-27`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.vk.com GlobalSign Organization Validation CA - SHA256 - G2	`2020-06-09` - `2022-06-10`	2 years	crt.sh
pushiti.info Let's Encrypt Authority X3	`2020-11-28` - `2021-02-26`	3 months	crt.sh
*.googleadservices.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
mc.yandex.ru Yandex CA	`2020-09-29` - `2021-03-11`	5 months	crt.sh

This page contains 14 frames:

Primary Page: https://windows-loader.ru/
Frame ID: 254A64704DB89C155B806332FFFB89F1
Requests: 36 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html
Frame ID: 4DB24D85BBEF3D5B0B5F8B5F7A070700
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&adk=1812271804&adf=3025194257&lmt=1609148262&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fwindows-loader.ru%2F&ea=0&flash=0&pra=5&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262474&bpp=10&bdt=109&idt=78&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=915679592082&frm=20&pv=2&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=95
Frame ID: 5B2C2B01C1AC9B9C431EEB8BD1648D25
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=155&slotname=3433503542&adk=1478062660&adf=3367236771&pi=t.ma~as.3433503542&w=620&fwrn=4&lmt=1609148262&rafmt=11&psa=0&format=620x155&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&wgl=1&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262621&bpp=2&bdt=256&idt=3&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=185&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=zMQRiGTL2G&p=https%3A//windows-loader.ru&dtd=8
Frame ID: FBE53EBD430863513A05C7542E61AFD9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=155&slotname=3433503542&adk=1478062660&adf=2462280439&pi=t.ma~as.3433503542&w=620&fwrn=4&lmt=1609148262&rafmt=11&psa=0&format=620x155&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&wgl=1&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262662&bpp=1&bdt=296&idt=1&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C620x155&nras=1&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=3802&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=6PrcROrhH1&p=https%3A//windows-loader.ru&dtd=7
Frame ID: B2EDBE2B7780FEB1837284BE9C984575
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/vyaAqBPWCmM
Frame ID: FDDA29D8F21D3AD8C1D0460E2C938B6E
Requests: 1 HTTP requests in this frame

Frame: https://vk.com/widget_community.php?app=0&width=200px&_ver=1&gid=165952880&mode=3&color1=&color2=&color3=&class_name=&url=https%3A%2F%2Fwindows-loader.ru%2F&referrer=&title=Windows%20Loader&176a8b5e8dd
Frame ID: 2CA487DE9F36AE02CEED420F2FCCBFDB
Requests: 1 HTTP requests in this frame

Frame: https://vk.com/widget_comments.php?app=6453904&width=100%25&_ver=1&limit=15&height=0&mini=auto&norealtime=0&page=0&status_publish=0&attach=*&url=https%3A%2F%2Fwindows-loader.ru&title=Windows%20Loader&description=Windows%20Loader%20-%20%D1%81%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%BC%D1%83%20%D0%92%D0%B8%D0%BD%D0%B4%D0%BE%D0%B2%D1%81%20%D0%BB%D0%BE%D0%B0%D0%B4%D0%B5%D1%80%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC.&image=https%3A%2F%2Fwindows-loader.ru%2Fimg%2Flogo.png&startWidth=620&referrer=&176a8b5e91b
Frame ID: 4408839CA451D518186223E510064497
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=280&adk=1463411133&adf=3841933567&pi=t.aa~a.4087203190~i.84~rp.4&w=620&fwrn=4&fwrnh=100&lmt=1609148262&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5847879668&psa=0&ad_type=text_image&format=620x280&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&fwr=0&pra=3&rh=155&rw=620&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262894&bpp=2&bdt=528&idt=-M&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd1d78df807fba13d-22d4202174b900cf%3AT%3D1609148262%3ART%3D1609148262%3AS%3DALNI_MZsztT-XsbpMmNgPHLjPnw9nkt9lA&prev_fmts=0x0%2C620x155%2C620x155&nras=2&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=3122&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=hk5BVk4mkc&p=https%3A//windows-loader.ru&dtd=11
Frame ID: 9E8825B9CB19FC1BF14140683DC43398
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=280&adk=1463411133&adf=775546623&pi=t.aa~a.4087203190~i.88~rp.4&w=620&fwrn=4&fwrnh=100&lmt=1609148262&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5847879668&psa=0&ad_type=text_image&format=620x280&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&fwr=0&pra=3&rh=155&rw=620&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262894&bpp=2&bdt=528&idt=-M&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd1d78df807fba13d-22d4202174b900cf%3AT%3D1609148262%3ART%3D1609148262%3AS%3DALNI_MZsztT-XsbpMmNgPHLjPnw9nkt9lA&prev_fmts=0x0%2C620x155%2C620x155%2C620x280&nras=3&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=3522&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=UWUHtkMydV&p=https%3A//windows-loader.ru&dtd=14
Frame ID: DD5A9EBEC4A4017132815C8467C8755A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=280&adk=1463411133&adf=67105330&pi=t.aa~a.4087203190~i.94~rp.4&w=620&fwrn=4&fwrnh=100&lmt=1609148262&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5847879668&psa=0&ad_type=text_image&format=620x280&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&fwr=0&pra=3&rh=155&rw=620&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262894&bpp=1&bdt=528&idt=-M&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd1d78df807fba13d-22d4202174b900cf%3AT%3D1609148262%3ART%3D1609148262%3AS%3DALNI_MZsztT-XsbpMmNgPHLjPnw9nkt9lA&prev_fmts=0x0%2C620x155%2C620x155%2C620x280%2C620x280&nras=4&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=4042&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=a93vAtKLeZ&p=https%3A//windows-loader.ru&dtd=16
Frame ID: 3BCA6378001E80A3F7758044D3360985
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=280&adk=1463411133&adf=1199157693&pi=t.aa~a.4087203190~i.102~rp.4&w=620&fwrn=4&fwrnh=100&lmt=1609148262&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5847879668&psa=0&ad_type=text_image&format=620x280&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&fwr=0&pra=3&rh=155&rw=620&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262894&bpp=1&bdt=528&idt=0&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd1d78df807fba13d-22d4202174b900cf%3AT%3D1609148262%3ART%3D1609148262%3AS%3DALNI_MZsztT-XsbpMmNgPHLjPnw9nkt9lA&prev_fmts=0x0%2C620x155%2C620x155%2C620x280%2C620x280%2C620x280&nras=5&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=4602&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=sq5aGAZk5S&p=https%3A//windows-loader.ru&dtd=18
Frame ID: B643035D79F7511F5C6617D099A125DD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html?fsb=1
Frame ID: 56209ACD841B8E552A138C2F57730085
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 42A50115F37E167422E61917F14BF5EB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /react.*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /mc\.yandex\.ru\/metrika\/watch\.js/i

Page Statistics

49
Requests

94 %
HTTPS

56 %
IPv6

13
Domains

14
Subdomains

10
IPs

4
Countries

754 kB
Transfer

1412 kB
Size

13
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://go.click2bit.net/r/aca203cab509bbe64795aa7ec426039f?dpl=https://yadi.sk/d/3hy8EODailHTYQ&extra2=Windows%20Loader

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://mc.yandex.ru/watch/48542417?wmode=7&page-url=https%3A%2F%2Fwindows-loader.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A3co3dc2h0jw8vt%3Afp%3A713%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A351%3Acn%3A1%3Adp%3A0%3Als%3A0%3Ahid%3A945133195%3Az%3A60%3Ai%3A202012280103743%3Aet%3A1609148263%3Ac%3A1%3Arn%3A649772246%3Arqn%3A1%3Au%3A1609148263987489096%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1609148261758%3Ads%3A117%2C217%2C269%2C1%2C0%2C0%2C%2C317%2C0%2C%2C%2C%2C925%3Adsn%3A117%2C218%2C269%2C0%2C0%2C0%2C%2C321%2C0%2C%2C%2C%2C926%3Arqnl%3A1%3Ati%3A2%3Ast%3A1609148263%3At%3AWindows%20Loader%20by%20DAZ%202.2.2%20-%20%D1%81%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%D0%B0%D0%BA%D1%82%D0%B8%D0%B2%D0%B0%D1%82%D0%BE%D1%80%20%D0%B2%D0%B8%D0%BD%D0%B4%D0%BE%D0%B2%D1%81%20%D0%BB%D0%BE%D0%B0%D0%B4%D0%B5%D1%80%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC HTTP 302
https://mc.yandex.ru/watch/48542417/1?wmode=7&page-url=https%3A%2F%2Fwindows-loader.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A3co3dc2h0jw8vt%3Afp%3A713%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A351%3Acn%3A1%3Adp%3A0%3Als%3A0%3Ahid%3A945133195%3Az%3A60%3Ai%3A202012280103743%3Aet%3A1609148263%3Ac%3A1%3Arn%3A649772246%3Arqn%3A1%3Au%3A1609148263987489096%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1609148261758%3Ads%3A117%2C217%2C269%2C1%2C0%2C0%2C%2C317%2C0%2C%2C%2C%2C925%3Adsn%3A117%2C218%2C269%2C0%2C0%2C0%2C%2C321%2C0%2C%2C%2C%2C926%3Arqnl%3A1%3Ati%3A2%3Ast%3A1609148263%3At%3AWindows%20Loader%20by%20DAZ%202.2.2%20-%20%D1%81%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%D0%B0%D0%BA%D1%82%D0%B8%D0%B2%D0%B0%D1%82%D0%BE%D1%80%20%D0%B2%D0%B8%D0%BD%D0%B4%D0%BE%D0%B2%D1%81%20%D0%BB%D0%BE%D0%B0%D0%B4%D0%B5%D1%80%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC

Request Chain 47

https://mc.yandex.ru/watch/48542417?page-url=https%3A%2F%2Fwindows-loader.ru%2F&charset=utf-8&browser-info=nb%3A1%3Acl%3A144%3Aar%3A1%3Agdpr%3A14%3Avf%3A3co3dc2h0jw8vt%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A351%3Acn%3A1%3Adp%3A1%3Als%3A0%3Ahid%3A945133195%3Az%3A60%3Ai%3A202012280103758%3Aet%3A1609148278%3Ac%3A1%3Arn%3A973895208%3Arqn%3A2%3Au%3A1609148263987489096%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Aeu%3A1%3Ans%3A1609148261758%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C5624%2C5624%2C2%2C%3Adsn%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C5624%2C5624%2C2%2C%3Arqnl%3A1%3Ati%3A0%3Ast%3A1609148278&force-urlencoded=1 HTTP 302
https://mc.yandex.ru/watch/48542417/1?page-url=https%3A%2F%2Fwindows-loader.ru%2F&charset=utf-8&browser-info=nb%3A1%3Acl%3A144%3Aar%3A1%3Agdpr%3A14%3Avf%3A3co3dc2h0jw8vt%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A351%3Acn%3A1%3Adp%3A1%3Als%3A0%3Ahid%3A945133195%3Az%3A60%3Ai%3A202012280103758%3Aet%3A1609148278%3Ac%3A1%3Arn%3A973895208%3Arqn%3A2%3Au%3A1609148263987489096%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Aeu%3A1%3Ans%3A1609148261758%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C5624%2C5624%2C2%2C%3Adsn%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C5624%2C5624%2C2%2C%3Arqnl%3A1%3Ati%3A0%3Ast%3A1609148278&force-urlencoded=1

49 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
windows-loader.ru/ 25 KB
8 KB 604ms
269ms Document
text/html 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: 9aab85a6bab9fc046617d95abecd78692bd5b34fe861e59e0293b3c5ededf0ca

Request headers

:method: GET
:authority: windows-loader.ru
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server: nginx/1.16.1
date: Mon, 28 Dec 2020 09:37:42 GMT
content-type: text/html
content-encoding: gzip

GET
H2 200 styles.css
windows-loader.ru/css/ 5 KB
2 KB 66ms
66ms Stylesheet
text/css 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL: https://windows-loader.ru/css/styles.css
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: e3ddbbd639ae4ce4b0f320a8b65e194bac8a52ac55dd2f65f384030616b98c51

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
content-encoding: gzip
last-modified: Sun, 02 Jun 2019 13:28:12 GMT
server: nginx/1.16.1
etag: W/"5cf3ceec-13cb"
content-type: text/css

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 133 KB
47 KB 41ms
21ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: windows-loader.ru
URL: https://windows-loader.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c221228ab25af041a5c8e218684dd4238acb17fc23b1a4a8c4864951550a3197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 47107
x-xss-protection: 0
server: cafe
etag: 13290078405355148527
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 28 Dec 2020 09:37:42 GMT

GET
H2 200 logo.png
windows-loader.ru/img/ 22 KB
22 KB 465ms
462ms Image
image/png 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windows-loader.ru/img/logo.png
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: 6ccf816b2908321fefdcf44f0ec545ea113478c0d3a523080cd75123df750109

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
last-modified: Sun, 02 Jun 2019 13:28:12 GMT
server: nginx/1.16.1
accept-ranges: bytes
etag: "5cf3ceec-56d6"
content-length: 22230
content-type: image/png

GET
H2 200 loader.png
windows-loader.ru/img/ 52 KB
52 KB 663ms
660ms Image
image/png 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windows-loader.ru/img/loader.png
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: 834ec8d0a57f062563c94c4e0223b5c2403bf39e3e6ce5f95ed779d49c15a936

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
last-modified: Sun, 02 Jun 2019 13:28:12 GMT
server: nginx/1.16.1
accept-ranges: bytes
etag: "5cf3ceec-cfae"
content-length: 53166
content-type: image/png

GET
H2 200 openapi.js Show response
vk.com/js/api/ 100 KB
22 KB 157ms
50ms Script
application/x-javascript 87.240.190.72
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to

Full URL: https://vk.com/js/api/openapi.js?154
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.240.190.72 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),
Reverse DNS: srv72-190-240-87.vk.com
Software: kittenx /
Resource Hash: 06649e87db9dcc3aac096d3cd4926a6499971599de35952979aed8d4ebeb4a68

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
content-encoding: br
x-frontend: front204305
last-modified: Fri, 18 Dec 2020 12:43:04 GMT
server: kittenx
etag: "5fdca3d8-57c5"
content-type: application/x-javascript
access-control-expose-headers: X-Frontend
cache-control: max-age=345600
content-length: 22469
expires: Fri, 01 Jan 2021 09:37:42 GMT

GET
H2 200 windows-loader-download4.jpg
windows-loader.ru/img/ 29 KB
29 KB 1382ms
1379ms Image
image/jpeg 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windows-loader.ru/img/windows-loader-download4.jpg
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: 50b6d64a108547ffa31d1cf4a81c7ba3e740b3ab6b7313e89675795308f131a2

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
last-modified: Sun, 02 Jun 2019 13:28:12 GMT
server: nginx/1.16.1
accept-ranges: bytes
etag: "5cf3ceec-72b3"
content-length: 29363
content-type: image/jpeg

GET
H2 200 windows-loader-download.png
windows-loader.ru/img/ 36 KB
36 KB 1382ms
1380ms Image
image/png 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windows-loader.ru/img/windows-loader-download.png
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: 11952c3feb536b9bc0eabdf12bcc18e9e29eb3579257a69ce96f5ed3a803c1bd

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
last-modified: Sun, 02 Jun 2019 13:28:12 GMT
server: nginx/1.16.1
accept-ranges: bytes
etag: "5cf3ceec-8f0f"
content-length: 36623
content-type: image/png

GET
H2 200 windows-loader-download3.png
windows-loader.ru/img/ 35 KB
35 KB 1382ms
1381ms Image
image/png 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windows-loader.ru/img/windows-loader-download3.png
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: baa2ff2e2ec75dbf0171f9617abb63d7a0a031df91a2feff72e4d8b81e63b6e5

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
last-modified: Sun, 02 Jun 2019 13:28:12 GMT
server: nginx/1.16.1
accept-ranges: bytes
etag: "5cf3ceec-8c2b"
content-length: 35883
content-type: image/png

GET
H2 200 windows-loader-download5.png
windows-loader.ru/img/ 12 KB
12 KB 1383ms
1381ms Image
image/png 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windows-loader.ru/img/windows-loader-download5.png
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: 366570e645833a82d59ef6caa6f5e578ed645bef5ea9b84c140a119155272eac

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
last-modified: Sun, 02 Jun 2019 13:28:12 GMT
server: nginx/1.16.1
accept-ranges: bytes
etag: "5cf3ceec-2e37"
content-length: 11831
content-type: image/png

GET
H2 200 WinVer.jpg
windows-loader.ru/img/ 143 KB
143 KB 1383ms
1381ms Image
image/jpeg 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windows-loader.ru/img/WinVer.jpg
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: 4d9f958ff4141725f70d5b4deb51fcfc0b3c762d6035625536c01110a59da3ea

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
last-modified: Sun, 02 Jun 2019 13:28:12 GMT
server: nginx/1.16.1
accept-ranges: bytes
etag: "5cf3ceec-23af7"
content-length: 146167
content-type: image/jpeg

GET
H2 200 windows-loader-delete.png
windows-loader.ru/img/ 12 KB
12 KB 1383ms
1381ms Image
image/png 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windows-loader.ru/img/windows-loader-delete.png
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: 7c7f4232dfa398661f482c8dd8742e686e49c3f7a7ad3dafe1d519b9fbb2fc24

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
last-modified: Sun, 02 Jun 2019 13:28:12 GMT
server: nginx/1.16.1
accept-ranges: bytes
etag: "5cf3ceec-2e44"
content-length: 11844
content-type: image/png

GET
H2 200 dlbtn1.jpg
windows-loader.ru/img/ 26 KB
26 KB 1383ms
1382ms Image
image/jpeg 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windows-loader.ru/img/dlbtn1.jpg
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: 73e4ebf491cf9b5f6f6c842d2e9c2163f440884fd7c9c3108e7388f59e3484bf

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
last-modified: Sun, 02 Jun 2019 13:28:12 GMT
server: nginx/1.16.1
accept-ranges: bytes
etag: "5cf3ceec-6713"
content-length: 26387
content-type: image/jpeg

GET
H2 200 208.jpg
windows-loader.ru/img/ 9 KB
9 KB 1383ms
1382ms Image
image/jpeg 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windows-loader.ru/img/208.jpg
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: 7d56ad02aa9ab04b76a10ca398d0927fe87b8d29cf2019e4642c6b7fb0ac14dc

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
last-modified: Sun, 02 Jun 2019 13:28:12 GMT
server: nginx/1.16.1
accept-ranges: bytes
etag: "5cf3ceec-2208"
content-length: 8712
content-type: image/jpeg

GET
H2 200 openapi.js Show response
vk.com/js/api/ 100 KB
22 KB 185ms
95ms Script
application/x-javascript 87.240.190.72
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to

Full URL: https://vk.com/js/api/openapi.js?153
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 87.240.190.72 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),
Reverse DNS: srv72-190-240-87.vk.com
Software: kittenx /
Resource Hash: 06649e87db9dcc3aac096d3cd4926a6499971599de35952979aed8d4ebeb4a68

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
content-encoding: br
x-frontend: front204305
last-modified: Fri, 18 Dec 2020 12:43:04 GMT
server: kittenx
etag: "5fdca3d8-57c5"
content-type: application/x-javascript
access-control-expose-headers: X-Frontend
cache-control: max-age=345600
content-length: 22469
expires: Fri, 01 Jan 2021 09:37:42 GMT

GET openapi.js
vk.com/js/api/ 0
0

GET css
fonts.googleapis.com/ 0
0

GET
H/1.1 200
OK push.js Show response
pushiti.info/ 47 KB
18 KB 87ms
45ms Script
application/javascript 88.208.46.47
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pushiti.info/push.js?utm_source=og&utm_campaign=5486&utm_content=&domain=windows-loader.ru&proto=https:
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.208.46.47 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: de9d7d33775fa334ac91b19e1fdbd4137069055a81c2399c2ee029cb711cb96f

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Dec 2020 09:37:42 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Expires: 0

GET
H2 200 bg.jpg
windows-loader.ru/img/ 35 KB
35 KB 1381ms
1381ms Image
image/jpeg 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windows-loader.ru/img/bg.jpg
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/css/styles.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: db6abe9a0ca47c21c01b5c35b99bfe5adea47c28a6e66be9a82bb9fac51fd762

Request headers

Referer: https://windows-loader.ru/css/styles.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
last-modified: Sun, 02 Jun 2019 13:28:12 GMT
server: nginx/1.16.1
accept-ranges: bytes
etag: "5cf3ceec-8be5"
content-length: 35813
content-type: image/jpeg

GET
H2 404 topmenu.png
windows-loader.ru/images/ 207 B
207 B 1381ms
1381ms Image
text/html 85.119.149.127
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windows-loader.ru/images/topmenu.png
Requested by: Host: windows-loader.ru
URL: https://windows-loader.ru/css/styles.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.119.149.127 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS: isp1.ru.fastfox.pro
Software: nginx/1.16.1 /
Resource Hash: 72ec27bd0d959a1e6713d96b4e55c5a9b92ac6d1b5b5a4a8d5d1211422fcee57

Request headers

Referer: https://windows-loader.ru/css/styles.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
content-encoding: gzip
server: nginx/1.16.1
content-type: text/html; charset=iso-8859-1

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/ 234 KB
88 KB 56ms
41ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe5d97969e5d98e03eaacc671edb2e30373f05070f5a37d69f5a5f6f91b79149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 89527
x-xss-protection: 0
server: cafe
etag: 1810063338415286733
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Dec 2020 09:37:42 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/ Frame 4DB2 0
0 6ms
5ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20201203/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://windows-loader.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://windows-loader.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 27 Dec 2020 10:01:15 GMT
expires: Sun, 10 Jan 2021 10:01:15 GMT
content-type: text/html; charset=UTF-8
etag: 10723747146953794269
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4923
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 84987
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 200
OK set
pushiti.info/event/ 0
0 19ms
19ms Fetch
text/html 88.208.46.47
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pushiti.info/event/set
Requested by: Host: pushiti.info
URL: https://pushiti.info/push.js?utm_source=og&utm_campaign=5486&utm_content=&domain=windows-loader.ru&proto=https:
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.208.46.47 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Mon, 28 Dec 2020 09:37:42 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Access-Control-Allow-Methods: PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://windows-loader.ru
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 207 B
645 B 84ms
32ms Script
text/javascript 172.217.21.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=windows-loader.ru&callback=_gfp_s_&client=ca-pub-4384462875279714

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s13-in-f226.1e100.net

Software

cafe /

Resource Hash

ff8276d7dfc3a71751500d84557d19568ca9cfdc21fb771831f5d7c31ccf681e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
803 B 37ms
16ms Script
application/javascript 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=windows-loader.ru

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Dec 2020 09:37:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
803 B 35ms
14ms Script
application/javascript 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=windows-loader.ru

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Dec 2020 09:37:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 5B2C 0
0 270ms
270ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&adk=1812271804&adf=3025194257&lmt=1609148262&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fwindows-loader.ru%2F&ea=0&flash=0&pra=5&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262474&bpp=10&bdt=109&idt=78&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=915679592082&frm=20&pv=2&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=95

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&adk=1812271804&adf=3025194257&lmt=1609148262&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fwindows-loader.ru%2F&ea=0&flash=0&pra=5&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262474&bpp=10&bdt=109&idt=78&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=915679592082&frm=20&pv=2&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=95
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://windows-loader.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://windows-loader.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 28 Dec 2020 09:37:42 GMT
server: cafe
content-length: 31512
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Dec-2020 09:52:42 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Dec 2020 09:37:42 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1c9310eb6a56101c2133db372cfbe9cefb5ff6b90a02ded916984c975b813b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1607690616793149"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28334
x-xss-protection: 0
expires: Mon, 28 Dec 2020 09:37:42 GMT

GET
H2 200 upload.gif
vk.com/images/ 230 B
485 B 50ms
50ms Image
image/gif 87.240.190.72
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vk.com/images/upload.gif

Requested by

Host: windows-loader.ru
URL: https://windows-loader.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.190.72 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),

Reverse DNS

srv72-190-240-87.vk.com

Software

kittenx /

Resource Hash

0d7e358637c1b1caa66949aefc529c1e4488923f99e499d6be09eb8cdd0b4202

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
x-frontend: front204305
last-modified: Tue, 22 Sep 2020 20:30:00 GMT
server: kittenx
etag: "5f6a5ec8-e6"
strict-transport-security: max-age=15768000
content-type: image/gif
access-control-expose-headers: X-Frontend
cache-control: max-age=604800
accept-ranges: bytes
content-length: 230
expires: Mon, 04 Jan 2021 09:37:42 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame FBE5 0
0 247ms
246ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=155&slotname=3433503542&adk=1478062660&adf=3367236771&pi=t.ma~as.3433503542&w=620&fwrn=4&lmt=1609148262&rafmt=11&psa=0&format=620x155&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&wgl=1&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262621&bpp=2&bdt=256&idt=3&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=185&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=zMQRiGTL2G&p=https%3A//windows-loader.ru&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=155&slotname=3433503542&adk=1478062660&adf=3367236771&pi=t.ma~as.3433503542&w=620&fwrn=4&lmt=1609148262&rafmt=11&psa=0&format=620x155&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&wgl=1&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262621&bpp=2&bdt=256&idt=3&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=185&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=zMQRiGTL2G&p=https%3A//windows-loader.ru&dtd=8
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://windows-loader.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://windows-loader.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 28 Dec 2020 09:37:42 GMT
server: cafe
content-length: 206
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Dec-2020 09:52:42 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Dec 2020 09:37:42 GMT
cache-control: private

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame B2ED 0
0 250ms
250ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=155&slotname=3433503542&adk=1478062660&adf=2462280439&pi=t.ma~as.3433503542&w=620&fwrn=4&lmt=1609148262&rafmt=11&psa=0&format=620x155&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&wgl=1&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262662&bpp=1&bdt=296&idt=1&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C620x155&nras=1&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=3802&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=6PrcROrhH1&p=https%3A//windows-loader.ru&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=155&slotname=3433503542&adk=1478062660&adf=2462280439&pi=t.ma~as.3433503542&w=620&fwrn=4&lmt=1609148262&rafmt=11&psa=0&format=620x155&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&wgl=1&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262662&bpp=1&bdt=296&idt=1&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C620x155&nras=1&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&rplot=4&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=3802&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=6PrcROrhH1&p=https%3A//windows-loader.ru&dtd=7
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://windows-loader.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://windows-loader.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 28 Dec 2020 09:37:42 GMT
server: cafe
content-length: 205
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Dec-2020 09:52:42 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Dec 2020 09:37:42 GMT
cache-control: private

GET share.js
yastatic.net/share2/ 0
0

GET
H2 200 vyaAqBPWCmM
www.youtube.com/embed/ Frame FDDA 0
0 112ms
91ms Document
text/html 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/vyaAqBPWCmM

Requested by

Host: windows-loader.ru
URL: https://windows-loader.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/vyaAqBPWCmM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://windows-loader.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://windows-loader.ru/

Response headers

expires: Tue, 27 Apr 1971 19:44:06 GMT
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
content-length: 20865
cache-control: no-cache
strict-transport-security: max-age=31536000
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
date: Mon, 28 Dec 2020 09:37:42 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: VISITOR_INFO1_LIVE=u3snRDBOHNA; path=/; domain=.youtube.com; secure; expires=Sat, 26-Jun-2021 09:37:42 GMT; httponly; samesite=None YSC=FuEmc9E9me4; path=/; domain=.youtube.com; secure; httponly; samesite=None VISITOR_INFO1_LIVE=u3snRDBOHNA; path=/; domain=.youtube.com; secure; expires=Sat, 26-Jun-2021 09:37:42 GMT; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Mon, 28-Dec-2020 10:07:42 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 widget_community.php
vk.com/ Frame 2CA4 0
0 87ms
87ms Document
text/html 87.240.190.72
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to

Full URL

https://vk.com/widget_community.php?app=0&width=200px&_ver=1&gid=165952880&mode=3&color1=&color2=&color3=&class_name=&url=https%3A%2F%2Fwindows-loader.ru%2F&referrer=&title=Windows%20Loader&176a8b5e8dd

Requested by

Host: vk.com
URL: https://vk.com/js/api/openapi.js?154

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.190.72 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),

Reverse DNS

srv72-190-240-87.vk.com

Software

kittenx / KPHP/7.4.105574

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: about:;script-src 'self' https://vk.com https://.vk.com https://static.vk.me https://.mail.ru https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.com https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://static.vk.me https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline'
Strict-Transport-Security	max-age=15768000
X-Xss-Protection	1; report=/xss_reports

Request headers

:method: GET
:authority: vk.com
:scheme: https
:path: /widget_community.php?app=0&width=200px&_ver=1&gid=165952880&mode=3&color1=&color2=&color3=&class_name=&url=https%3A%2F%2Fwindows-loader.ru%2F&referrer=&title=Windows%20Loader&176a8b5e8dd
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://windows-loader.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://windows-loader.ru/

Response headers

server: kittenx
date: Mon, 28 Dec 2020 09:37:42 GMT
content-type: text/html; charset=windows-1251
content-length: 6672
x-powered-by: KPHP/7.4.105574
set-cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None remixlang=3; expires=Sat, 01 Jan 2022 09:14:46 GMT; path=/; domain=.vk.com; secure; SameSite=None remixstid=1241949989_YDwrlcVXGvH4tpxFrSZSWrB2N8HZHUXTnsGWj6CbYV8; expires=Mon, 20 Dec 2021 08:06:37 GMT; path=/; domain=.vk.com; secure; SameSite=None
cache-control: no-store
content-security-policy: default-src * data: blob: about:;script-src 'self' https://vk.com https://*.vk.com https://static.vk.me https://*.mail.ru https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.com https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://static.vk.me https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline'
x-xss-protection: 1; report=/xss_reports
content-encoding: gzip
x-frontend: front204305
strict-transport-security: max-age=15768000
access-control-expose-headers: X-Frontend

GET
H2 200 watch.js Show response
mc.yandex.ru/metrika/ 116 KB
41 KB 149ms
50ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: windows-loader.ru
URL: https://windows-loader.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

ef45c08607026102a76644b65a9ad53f0cd2b6a8afc32294bbb3848e2a86a898

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
content-encoding: br
last-modified: Fri, 25 Dec 2020 14:20:45 GMT
etag: "5fdcb112-a173"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 41331
expires: Mon, 28 Dec 2020 10:37:42 GMT

GET
H2 200 widget_comments.php
vk.com/ Frame 4408 0
0 183ms
183ms Document
text/html 87.240.190.72
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to

Full URL

https://vk.com/widget_comments.php?app=6453904&width=100%25&_ver=1&limit=15&height=0&mini=auto&norealtime=0&page=0&status_publish=0&attach=*&url=https%3A%2F%2Fwindows-loader.ru&title=Windows%20Loader&description=Windows%20Loader%20-%20%D1%81%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%BC%D1%83%20%D0%92%D0%B8%D0%BD%D0%B4%D0%BE%D0%B2%D1%81%20%D0%BB%D0%BE%D0%B0%D0%B4%D0%B5%D1%80%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC.&image=https%3A%2F%2Fwindows-loader.ru%2Fimg%2Flogo.png&startWidth=620&referrer=&176a8b5e91b

Requested by

Host: vk.com
URL: https://vk.com/js/api/openapi.js?154

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.190.72 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),

Reverse DNS

srv72-190-240-87.vk.com

Software

kittenx / KPHP/7.4.105574

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: about:;script-src 'self' https://vk.com https://.vk.com https://static.vk.me https://.mail.ru https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.com https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://static.vk.me https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp
Strict-Transport-Security	max-age=15768000
X-Xss-Protection	1; report=/xss_reports

Request headers

:method: GET
:authority: vk.com
:scheme: https
:path: /widget_comments.php?app=6453904&width=100%25&_ver=1&limit=15&height=0&mini=auto&norealtime=0&page=0&status_publish=0&attach=*&url=https%3A%2F%2Fwindows-loader.ru&title=Windows%20Loader&description=Windows%20Loader%20-%20%D1%81%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%BC%D1%83%20%D0%92%D0%B8%D0%BD%D0%B4%D0%BE%D0%B2%D1%81%20%D0%BB%D0%BE%D0%B0%D0%B4%D0%B5%D1%80%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC.&image=https%3A%2F%2Fwindows-loader.ru%2Fimg%2Flogo.png&startWidth=620&referrer=&176a8b5e91b
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://windows-loader.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://windows-loader.ru/

Response headers

server: kittenx
date: Mon, 28 Dec 2020 09:37:42 GMT
content-type: text/html; charset=windows-1251
content-length: 24395
x-powered-by: KPHP/7.4.105574
set-cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None remixlang=3; expires=Fri, 07 Jan 2022 16:31:54 GMT; path=/; domain=.vk.com; secure; SameSite=None remixstid=533987558_YYIZvGgo9aao0uZYzHR4Q0AbO2IBFmh6LUr7co4BMYs; expires=Thu, 06 Jan 2022 04:33:11 GMT; path=/; domain=.vk.com; secure; SameSite=None
cache-control: no-store
content-security-policy: default-src * data: blob: about:;script-src 'self' https://vk.com https://*.vk.com https://static.vk.me https://*.mail.ru https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.com https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://static.vk.me https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp
x-xss-protection: 1; report=/xss_reports
content-encoding: gzip
x-frontend: front204305
strict-transport-security: max-age=15768000
access-control-expose-headers: X-Frontend

GET
H3-Q050 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/ 145 KB
52 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/reactive_library_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f3b0e1ed6cb79ccf93702fd66f2371d4f73de62937c237270b7d70f25300bda1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 53263
x-xss-protection: 0
server: cafe
etag: 8848748755015014073
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Dec 2020 09:37:42 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 9E88 0
0 453ms
452ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=280&adk=1463411133&adf=3841933567&pi=t.aa~a.4087203190~i.84~rp.4&w=620&fwrn=4&fwrnh=100&lmt=1609148262&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5847879668&psa=0&ad_type=text_image&format=620x280&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&fwr=0&pra=3&rh=155&rw=620&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262894&bpp=2&bdt=528&idt=-M&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd1d78df807fba13d-22d4202174b900cf%3AT%3D1609148262%3ART%3D1609148262%3AS%3DALNI_MZsztT-XsbpMmNgPHLjPnw9nkt9lA&prev_fmts=0x0%2C620x155%2C620x155&nras=2&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=3122&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=hk5BVk4mkc&p=https%3A//windows-loader.ru&dtd=11

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=280&adk=1463411133&adf=3841933567&pi=t.aa~a.4087203190~i.84~rp.4&w=620&fwrn=4&fwrnh=100&lmt=1609148262&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5847879668&psa=0&ad_type=text_image&format=620x280&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&fwr=0&pra=3&rh=155&rw=620&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262894&bpp=2&bdt=528&idt=-M&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd1d78df807fba13d-22d4202174b900cf%3AT%3D1609148262%3ART%3D1609148262%3AS%3DALNI_MZsztT-XsbpMmNgPHLjPnw9nkt9lA&prev_fmts=0x0%2C620x155%2C620x155&nras=2&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=3122&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=hk5BVk4mkc&p=https%3A//windows-loader.ru&dtd=11
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://windows-loader.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://windows-loader.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 28 Dec 2020 09:37:43 GMT
server: cafe
content-length: 206
x-xss-protection: 0
set-cookie: IDE=AHWqTUmZeMJEA1yOWAnO1SHUlYq5ejovUCGJCwKbRfcHDgFxO33GGXzPyogfov_I; expires=Sat, 22-Jan-2022 09:37:42 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Dec 2020 09:37:43 GMT
cache-control: private

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame DD5A 0
0 228ms
228ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=280&adk=1463411133&adf=775546623&pi=t.aa~a.4087203190~i.88~rp.4&w=620&fwrn=4&fwrnh=100&lmt=1609148262&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5847879668&psa=0&ad_type=text_image&format=620x280&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&fwr=0&pra=3&rh=155&rw=620&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262894&bpp=2&bdt=528&idt=-M&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd1d78df807fba13d-22d4202174b900cf%3AT%3D1609148262%3ART%3D1609148262%3AS%3DALNI_MZsztT-XsbpMmNgPHLjPnw9nkt9lA&prev_fmts=0x0%2C620x155%2C620x155%2C620x280&nras=3&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=3522&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=UWUHtkMydV&p=https%3A//windows-loader.ru&dtd=14

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=280&adk=1463411133&adf=775546623&pi=t.aa~a.4087203190~i.88~rp.4&w=620&fwrn=4&fwrnh=100&lmt=1609148262&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5847879668&psa=0&ad_type=text_image&format=620x280&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&fwr=0&pra=3&rh=155&rw=620&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262894&bpp=2&bdt=528&idt=-M&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd1d78df807fba13d-22d4202174b900cf%3AT%3D1609148262%3ART%3D1609148262%3AS%3DALNI_MZsztT-XsbpMmNgPHLjPnw9nkt9lA&prev_fmts=0x0%2C620x155%2C620x155%2C620x280&nras=3&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=3522&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=UWUHtkMydV&p=https%3A//windows-loader.ru&dtd=14
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://windows-loader.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://windows-loader.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 28 Dec 2020 09:37:43 GMT
server: cafe
content-length: 204
x-xss-protection: 0
set-cookie: IDE=AHWqTUnjzEWMjQ040mJbb-YN-UEKgc-PLu8hupe-S5Uzy4UPU-LfbtMl7t3nkPZU; expires=Sat, 22-Jan-2022 09:37:42 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Dec 2020 09:37:43 GMT
cache-control: private

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 3BCA 0
0 253ms
253ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=280&adk=1463411133&adf=67105330&pi=t.aa~a.4087203190~i.94~rp.4&w=620&fwrn=4&fwrnh=100&lmt=1609148262&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5847879668&psa=0&ad_type=text_image&format=620x280&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&fwr=0&pra=3&rh=155&rw=620&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262894&bpp=1&bdt=528&idt=-M&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd1d78df807fba13d-22d4202174b900cf%3AT%3D1609148262%3ART%3D1609148262%3AS%3DALNI_MZsztT-XsbpMmNgPHLjPnw9nkt9lA&prev_fmts=0x0%2C620x155%2C620x155%2C620x280%2C620x280&nras=4&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=4042&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=a93vAtKLeZ&p=https%3A//windows-loader.ru&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=280&adk=1463411133&adf=67105330&pi=t.aa~a.4087203190~i.94~rp.4&w=620&fwrn=4&fwrnh=100&lmt=1609148262&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5847879668&psa=0&ad_type=text_image&format=620x280&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&fwr=0&pra=3&rh=155&rw=620&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262894&bpp=1&bdt=528&idt=-M&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd1d78df807fba13d-22d4202174b900cf%3AT%3D1609148262%3ART%3D1609148262%3AS%3DALNI_MZsztT-XsbpMmNgPHLjPnw9nkt9lA&prev_fmts=0x0%2C620x155%2C620x155%2C620x280%2C620x280&nras=4&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=4042&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=a93vAtKLeZ&p=https%3A//windows-loader.ru&dtd=16
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://windows-loader.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://windows-loader.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 28 Dec 2020 09:37:43 GMT
server: cafe
content-length: 24037
x-xss-protection: 0
set-cookie: IDE=AHWqTUk-QeyXbEz2sYrSsKHyWTmf3NBP4lqvGoicMfUxgpPgB9jz85WzB27zNv7B; expires=Sat, 22-Jan-2022 09:37:42 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Dec 2020 09:37:43 GMT
cache-control: private

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame B643 0
0 348ms
346ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=280&adk=1463411133&adf=1199157693&pi=t.aa~a.4087203190~i.102~rp.4&w=620&fwrn=4&fwrnh=100&lmt=1609148262&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5847879668&psa=0&ad_type=text_image&format=620x280&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&fwr=0&pra=3&rh=155&rw=620&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262894&bpp=1&bdt=528&idt=0&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd1d78df807fba13d-22d4202174b900cf%3AT%3D1609148262%3ART%3D1609148262%3AS%3DALNI_MZsztT-XsbpMmNgPHLjPnw9nkt9lA&prev_fmts=0x0%2C620x155%2C620x155%2C620x280%2C620x280%2C620x280&nras=5&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=4602&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=sq5aGAZk5S&p=https%3A//windows-loader.ru&dtd=18

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-4384462875279714&output=html&h=280&adk=1463411133&adf=1199157693&pi=t.aa~a.4087203190~i.102~rp.4&w=620&fwrn=4&fwrnh=100&lmt=1609148262&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5847879668&psa=0&ad_type=text_image&format=620x280&url=https%3A%2F%2Fwindows-loader.ru%2F&flash=0&fwr=0&pra=3&rh=155&rw=620&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1609148262894&bpp=1&bdt=528&idt=0&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd1d78df807fba13d-22d4202174b900cf%3AT%3D1609148262%3ART%3D1609148262%3AS%3DALNI_MZsztT-XsbpMmNgPHLjPnw9nkt9lA&prev_fmts=0x0%2C620x155%2C620x155%2C620x280%2C620x280%2C620x280&nras=5&correlator=915679592082&frm=20&pv=1&ga_vid=1334461709.1609148263&ga_sid=1609148263&ga_hid=2048177251&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=360&ady=4602&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=518640081711985&pem=336&rx=0&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=sq5aGAZk5S&p=https%3A//windows-loader.ru&dtd=18
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://windows-loader.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://windows-loader.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 28 Dec 2020 09:37:43 GMT
server: cafe
content-length: 5911
x-xss-protection: 0
set-cookie: IDE=AHWqTUlLh8esmt5-VhxK0lZqozSNgiQLEmULgfwUxLGXyzuBRVHujM7r24-FDwy7; expires=Sat, 22-Jan-2022 09:37:42 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Dec 2020 09:37:43 GMT
cache-control: private

GET
H3-Q050 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/ Frame 5620 0
0 6ms
6ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20201203/r20190131/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://windows-loader.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUk3mPEh0ohENnHuIRjUBlpveZcKttJdHLZp3Gpsi6GDzA_UElw2Tanneinz
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://windows-loader.ru/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 27 Dec 2020 18:46:21 GMT
expires: Sun, 10 Jan 2021 18:46:21 GMT
content-type: text/html; charset=UTF-8
etag: 10723747146953794269
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4923
x-xss-protection: 0
age: 53481
cache-control: public, max-age=1209600
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2

200

1 Show response
mc.yandex.ru/watch/48542417/
Redirect Chain

https://mc.yandex.ru/watch/48542417?wmode=7&page-url=https%3A%2F%2Fwindows-loader.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A3co3dc2h0jw8vt%3Afp%3A713%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ae...
https://mc.yandex.ru/watch/48542417/1?wmode=7&page-url=https%3A%2F%2Fwindows-loader.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A3co3dc2h0jw8vt%3Afp%3A713%3Afu%3A0%3Aen%3Autf-8%3Ala%3...

186 B
268 B

55ms
52ms

XHR
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/48542417/1?wmode=7&page-url=https%3A%2F%2Fwindows-loader.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A3co3dc2h0jw8vt%3Afp%3A713%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A351%3Acn%3A1%3Adp%3A0%3Als%3A0%3Ahid%3A945133195%3Az%3A60%3Ai%3A202012280103743%3Aet%3A1609148263%3Ac%3A1%3Arn%3A649772246%3Arqn%3A1%3Au%3A1609148263987489096%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1609148261758%3Ads%3A117%2C217%2C269%2C1%2C0%2C0%2C%2C317%2C0%2C%2C%2C%2C925%3Adsn%3A117%2C218%2C269%2C0%2C0%2C0%2C%2C321%2C0%2C%2C%2C%2C926%3Arqnl%3A1%3Ati%3A2%3Ast%3A1609148263%3At%3AWindows%20Loader%20by%20DAZ%202.2.2%20-%20%D1%81%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%D0%B0%D0%BA%D1%82%D0%B8%D0%B2%D0%B0%D1%82%D0%BE%D1%80%20%D0%B2%D0%B8%D0%BD%D0%B4%D0%BE%D0%B2%D1%81%20%D0%BB%D0%BE%D0%B0%D0%B4%D0%B5%D1%80%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC

Requested by

Host: windows-loader.ru
URL: https://windows-loader.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

cd37c1ae3b7b0a0d1ef084255b706d0bed1cac9af3db7c82e50677db2ed8367f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Dec 2020 09:37:43 GMT
x-content-type-options: nosniff
last-modified: Mon, 28-Dec-2020 09:37:43 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://windows-loader.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 186
x-xss-protection: 1; mode=block
expires: Mon, 28-Dec-2020 09:37:43 GMT

Redirect headers

pragma: no-cache
date: Mon, 28 Dec 2020 09:37:43 GMT
last-modified: Mon, 28-Dec-2020 09:37:43 GMT
location: /watch/48542417/1?wmode=7&page-url=https%3A%2F%2Fwindows-loader.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A3co3dc2h0jw8vt%3Afp%3A713%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A351%3Acn%3A1%3Adp%3A0%3Als%3A0%3Ahid%3A945133195%3Az%3A60%3Ai%3A202012280103743%3Aet%3A1609148263%3Ac%3A1%3Arn%3A649772246%3Arqn%3A1%3Au%3A1609148263987489096%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1609148261758%3Ads%3A117%2C217%2C269%2C1%2C0%2C0%2C%2C317%2C0%2C%2C%2C%2C925%3Adsn%3A117%2C218%2C269%2C0%2C0%2C0%2C%2C321%2C0%2C%2C%2C%2C926%3Arqnl%3A1%3Ati%3A2%3Ast%3A1609148263%3At%3AWindows%20Loader%20by%20DAZ%202.2.2%20-%20%D1%81%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE%20%D0%B0%D0%BA%D1%82%D0%B8%D0%B2%D0%B0%D1%82%D0%BE%D1%80%20%D0%B2%D0%B8%D0%BD%D0%B4%D0%BE%D0%B2%D1%81%20%D0%BB%D0%BE%D0%B0%D0%B4%D0%B5%D1%80%20%D0%BD%D0%B0%20%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%BE%D0%BC
strict-transport-security: max-age=31536000
access-control-allow-origin: https://windows-loader.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0
x-xss-protection: 1; mode=block
expires: Mon, 28-Dec-2020 09:37:43 GMT

GET
H2 200 advert.gif
mc.yandex.ru/metrika/ 43 B
136 B 53ms
51ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Host: windows-loader.ru
URL: https://windows-loader.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:43 GMT
last-modified: Fri, 25 Dec 2020 14:20:45 GMT
etag: "5fdcb112-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Mon, 28 Dec 2020 10:37:43 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 44ms
30ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201203&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec387572a415b61847501951c66beb70a02f531ed81dfaeb9cd36e9644113793

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Dec 2020 09:37:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:81d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Dec 2020 09:37:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Mon, 28 Dec 2020 09:37:47 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 42A5 0
0 6ms
6ms Document
text/html 2a00:1450:4001:81d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://windows-loader.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://windows-loader.ru/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Mon, 28 Dec 2020 09:19:03 GMT
expires: Tue, 28 Dec 2021 09:19:03 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1124
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
96 B 15ms
15ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201203&jk=518640081711985&bg=!HR6lHj7NAAUbEDgJG1gKfFwx1MzY2AIAAAB6UgAAABRoAQcKALtWUGtk6d4nNWkTKO2fBowjCrez85w6da1E8kzc40JADVHsdaxxFUxFOEXTflVhZJ3-vX0GwPbSSFcn0R6RoCYUJvVA2c-24An-SRImqSrpEhfhZouikZ6gPnPIVHKQCHpeUexs7Q_0ogEfQ0o2e9Uj-kDZ7gZaaNE96CzUPVI5vQXxqOaMfuhh25AkwJEcJ75r22pCXSo0XYFKYodt2fHxr9rTuOmhvZr1HpAbVjw4xZLv0OVwlI6K1Yo9mQG6FnWNXtYdAVhq4mqyIhH_WKjidT3IE6Za52BhKovj6pYz-yp0RnId7Wt1Hf0FAnU46iYjZBaSXDxmZXROI7lTjtWZwU_jXRRrfRGB6ni7_4MJQYRwHrKF2VnzRtqmIQkg6740Dxup1lofnL-Twn5mwlmYlfnQq8TPtRxwDkjMliHmBp0VzwCXaP5oKq3fQXN42ifWKB3V28qlpYnYSi9bbRFVlmtn0SCrDLVoYCbQ2sLfCtvu79KBA31haH4JAtPoBTssM0hiIefuym5AlDcEgss4ZGeZRGvPYuUqk1K-U8M12-PIX8k0LL4gGd16GmpYO5Dx8icjQ2C8BxWCXPSAJyScU3kSEJghIkbqt-3T7rLEUqIi23T7R2tHr050pHrCgxidu4v7D-wi6ybHipn_-SvYWG-AqOaUK8RVEAeOAo3yOPpTEELbdnsacGrHQ-YMYGmqKCJEMQrqYUKPctLBERX81zkq7Zkh7iJJGUfCj93eBo0owI4skIVgXS7QoIkdHdaFD-Eu7ygspLkAPV8pvkXV9h-fTjPpXZGhyNgeGbdBUWEq6z2SelIMCFtKC8xthOW1ix-nnt0o1g

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Dec 2020 09:37:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

1
mc.yandex.ru/watch/48542417/
Redirect Chain

https://mc.yandex.ru/watch/48542417?page-url=https%3A%2F%2Fwindows-loader.ru%2F&charset=utf-8&browser-info=nb%3A1%3Acl%3A144%3Aar%3A1%3Agdpr%3A14%3Avf%3A3co3dc2h0jw8vt%3Afu%3A0%3Aen%3Autf-8%3Ala%3A...
https://mc.yandex.ru/watch/48542417/1?page-url=https%3A%2F%2Fwindows-loader.ru%2F&charset=utf-8&browser-info=nb%3A1%3Acl%3A144%3Aar%3A1%3Agdpr%3A14%3Avf%3A3co3dc2h0jw8vt%3Afu%3A0%3Aen%3Autf-8%3Ala%...

43 B
71 B

56ms
56ms

Other
image/gif

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/48542417/1?page-url=https%3A%2F%2Fwindows-loader.ru%2F&charset=utf-8&browser-info=nb%3A1%3Acl%3A144%3Aar%3A1%3Agdpr%3A14%3Avf%3A3co3dc2h0jw8vt%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A351%3Acn%3A1%3Adp%3A1%3Als%3A0%3Ahid%3A945133195%3Az%3A60%3Ai%3A202012280103758%3Aet%3A1609148278%3Ac%3A1%3Arn%3A973895208%3Arqn%3A2%3Au%3A1609148263987489096%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Aeu%3A1%3Ans%3A1609148261758%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C5624%2C5624%2C2%2C%3Adsn%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C5624%2C5624%2C2%2C%3Arqnl%3A1%3Ati%3A0%3Ast%3A1609148278&force-urlencoded=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://windows-loader.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Dec 2020 09:37:58 GMT
last-modified: Mon, 28-Dec-2020 09:37:58 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 28-Dec-2020 09:37:58 GMT

Redirect headers

pragma: no-cache
date: Mon, 28 Dec 2020 09:37:58 GMT
last-modified: Mon, 28-Dec-2020 09:37:58 GMT
location: /watch/48542417/1?page-url=https%3A%2F%2Fwindows-loader.ru%2F&charset=utf-8&browser-info=nb%3A1%3Acl%3A144%3Aar%3A1%3Agdpr%3A14%3Avf%3A3co3dc2h0jw8vt%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A351%3Acn%3A1%3Adp%3A1%3Als%3A0%3Ahid%3A945133195%3Az%3A60%3Ai%3A202012280103758%3Aet%3A1609148278%3Ac%3A1%3Arn%3A973895208%3Arqn%3A2%3Au%3A1609148263987489096%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Aeu%3A1%3Ans%3A1609148261758%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C5624%2C5624%2C2%2C%3Adsn%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C5624%2C5624%2C2%2C%3Arqnl%3A1%3Ati%3A0%3Ast%3A1609148278&force-urlencoded=1
strict-transport-security: max-age=31536000
access-control-allow-origin: https://windows-loader.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0
x-xss-protection: 1; mode=block
expires: Mon, 28-Dec-2020 09:37:58 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: vk.com
URL: http://vk.com/js/api/openapi.js?137

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Cuprum&subset=latin,cyrillic

Domain: yastatic.net
URL: http://yastatic.net/share2/share.js

Verdicts & Comments Add Verdict or Comment

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.vk.com/	1970-01-19 23:57:23	Name: remixstid Value: 533987558_YYIZvGgo9aao0uZYzHR4Q0AbO2IBFmh6LUr7co4BMYs
.windows-loader.ru/	1970-01-19 23:44:44	Name: pmvid Value: 2fe5c807-31c0-4bc8-9fd0-99c1e68cdfdf
.youtube.com/	1970-01-19 19:18:20	Name: VISITOR_INFO1_LIVE Value: u3snRDBOHNA
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: FuEmc9E9me4
.doubleclick.net/	1970-01-19 14:59:11	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 00:20:44	Name: IDE Value: AHWqTUmZeMJEA1yOWAnO1SHUlYq5ejovUCGJCwKbRfcHDgFxO33GGXzPyogfov_I
.windows-loader.ru/	1970-01-19 14:59:10	Name: _ym_visorc Value: w
.windows-loader.ru/	1970-01-19 23:44:44	Name: _ym_uid Value: 1609148263987489096
.windows-loader.ru/	1970-01-19 23:44:44	Name: _ym_d Value: 1609148263
.redintelligence.net/	1970-01-19 17:08:44	Name: 8lcfmzhxc8d6_uid Value: 79dfce594e17ccfa
.windows-loader.ru/	1970-01-20 00:20:44	Name: __gads Value: ID=d1d78df807fba13d-22d4202174b900cf:T=1609148262:RT=1609148262:S=ALNI_MZsztT-XsbpMmNgPHLjPnw9nkt9lA
.vk.com/	1970-01-19 23:59:33	Name: remixlang Value: 3
.windows-loader.ru/	1970-01-19 15:00:20	Name: _ym_isad Value: 2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
fonts.googleapis.com
googleads.g.doubleclick.net
mc.yandex.ru
pagead2.googlesyndication.com
partner.googleadservices.com
pushiti.info
tpc.googlesyndication.com
vk.com
windows-loader.ru
www.googletagservices.com
www.youtube.com
yastatic.net
fonts.googleapis.com
vk.com
yastatic.net
172.217.21.226
2a00:1450:4001:800::2002
2a00:1450:4001:818::2002
2a00:1450:4001:81d::2001
2a00:1450:4001:820::200e
2a02:6b8::1:119
85.119.149.127
87.240.190.72
88.208.46.47
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
06649e87db9dcc3aac096d3cd4926a6499971599de35952979aed8d4ebeb4a68
0d7e358637c1b1caa66949aefc529c1e4488923f99e499d6be09eb8cdd0b4202
11952c3feb536b9bc0eabdf12bcc18e9e29eb3579257a69ce96f5ed3a803c1bd
366570e645833a82d59ef6caa6f5e578ed645bef5ea9b84c140a119155272eac
4d9f958ff4141725f70d5b4deb51fcfc0b3c762d6035625536c01110a59da3ea
50b6d64a108547ffa31d1cf4a81c7ba3e740b3ab6b7313e89675795308f131a2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
6ccf816b2908321fefdcf44f0ec545ea113478c0d3a523080cd75123df750109
72ec27bd0d959a1e6713d96b4e55c5a9b92ac6d1b5b5a4a8d5d1211422fcee57
73e4ebf491cf9b5f6f6c842d2e9c2163f440884fd7c9c3108e7388f59e3484bf
7c7f4232dfa398661f482c8dd8742e686e49c3f7a7ad3dafe1d519b9fbb2fc24
7d56ad02aa9ab04b76a10ca398d0927fe87b8d29cf2019e4642c6b7fb0ac14dc
834ec8d0a57f062563c94c4e0223b5c2403bf39e3e6ce5f95ed779d49c15a936
9aab85a6bab9fc046617d95abecd78692bd5b34fe861e59e0293b3c5ededf0ca
baa2ff2e2ec75dbf0171f9617abb63d7a0a031df91a2feff72e4d8b81e63b6e5
c1c9310eb6a56101c2133db372cfbe9cefb5ff6b90a02ded916984c975b813b2
c221228ab25af041a5c8e218684dd4238acb17fc23b1a4a8c4864951550a3197
cd37c1ae3b7b0a0d1ef084255b706d0bed1cac9af3db7c82e50677db2ed8367f
db6abe9a0ca47c21c01b5c35b99bfe5adea47c28a6e66be9a82bb9fac51fd762
de9d7d33775fa334ac91b19e1fdbd4137069055a81c2399c2ee029cb711cb96f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ddbbd639ae4ce4b0f320a8b65e194bac8a52ac55dd2f65f384030616b98c51
ec387572a415b61847501951c66beb70a02f531ed81dfaeb9cd36e9644113793
ef45c08607026102a76644b65a9ad53f0cd2b6a8afc32294bbb3848e2a86a898
f3b0e1ed6cb79ccf93702fd66f2371d4f73de62937c237270b7d70f25300bda1
fe5d97969e5d98e03eaacc671edb2e30373f05070f5a37d69f5a5f6f91b79149
ff8276d7dfc3a71751500d84557d19568ca9cfdc21fb771831f5d7c31ccf681e

windows-loader.ru Open in urlscan Pro 85.119.149.127 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

49 Requests

94 %HTTPS

56 %IPv6

13 Domains

14 Subdomains

10 IPs

4 Countries

754 kBTransfer

1412 kBSize

13 Cookies

1 Outgoing links

Redirected requests

49 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

windows-loader.ru Open in urlscan Pro
85.119.149.127 Public Scan

Screenshot
Live screenshot

Full Image

49
Requests

94 %
HTTPS

56 %
IPv6

13
Domains

14
Subdomains

10
IPs

4
Countries

754 kB
Transfer

1412 kB
Size

13
Cookies

49 HTTP transactions
0 data transactions