mail.i.ua Open in urlscan Pro
91.198.36.14 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://mail.i.ua/reg
Effective URL:
https://mail.i.ua/
Submission: On May 09 via api (May 9th 2021, 8:17:38 pm UTC) from DK

Summary HTTP 221 Redirects Behaviour Indicators

Summary

This website contacted 43 IPs in 12 countries across 50 domains to perform 221 HTTP transactions. The main IP is 91.198.36.14, located in Ukraine and belongs to DIGITAL-VENTURES, UA. The main domain is mail.i.ua.
TLS certificate: Issued by R3 on March 15th 2021. Valid for: 3 months.

This is the only time mail.i.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 5	91.198.36.14 91.198.36.14	43405 (DIGITAL-V...) (DIGITAL-VENTURES)
20	91.198.36.78 91.198.36.78	43405 (DIGITAL-V...) (DIGITAL-VENTURES)
27	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
9	2a03:90c0:41:... 2a03:90c0:41:2801::254	199524 (GCORE) (GCORE)
2	91.198.36.35 91.198.36.35	43405 (DIGITAL-V...) (DIGITAL-VENTURES)
1 4	54.37.238.28 54.37.238.28	16276 (OVH) (OVH)
1	91.198.36.16 91.198.36.16	43405 (DIGITAL-V...) (DIGITAL-VENTURES)
14	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
7	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	91.198.36.26 91.198.36.26	43405 (DIGITAL-V...) (DIGITAL-VENTURES)
2	194.247.175.23 194.247.175.23	196831 (BEMOBILE-AS) (BEMOBILE-AS)
2 13	146.0.227.110 146.0.227.110	20773 (GODADDY) (GODADDY)
1 4	185.184.8.30 185.184.8.30	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	185.86.138.16 185.86.138.16	201081 (SMARTADSE...) (SMARTADSERVER)
1	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
1	2a0c:5c81:509... 2a0c:5c81:5095:0:225:90ff:fefa:245d	55081 (24SHELLS) (24SHELLS)
2 2	195.209.108.37 195.209.108.37	52007 (ADRIVER-AS) (ADRIVER-AS)
1	183.110.238.136 183.110.238.136	4766 (KIXS-AS-K...) (KIXS-AS-KR Korea Telecom)
2 2	188.42.191.196 188.42.191.196	7979 (SERVERS-COM) (SERVERS-COM)
6 24	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2	193.200.65.6 193.200.65.6	6681 (GIVEME-CLOUD) (GIVEME-CLOUD)
1	52.19.6.23 52.19.6.23	16509 (AMAZON-02) (AMAZON-02)
1 9	212.8.250.83 212.8.250.83	49981 (WORLDSTREAM) (WORLDSTREAM)
2	147.135.189.55 147.135.189.55	16276 (OVH) (OVH)
2 4	2606:4700::68... 2606:4700::6810:7caf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
1	167.71.9.19 167.71.9.19	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3 3	52.59.128.17 52.59.128.17	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.132.69 185.29.132.69	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 2	185.132.133.134 185.132.133.134	49981 (WORLDSTREAM) (WORLDSTREAM)
1 1	185.180.223.67 185.180.223.67	49981 (WORLDSTREAM) (WORLDSTREAM)
2 2	185.165.240.175 185.165.240.175	49981 (WORLDSTREAM) (WORLDSTREAM)
1 1	185.180.220.208 185.180.220.208	49981 (WORLDSTREAM) (WORLDSTREAM)
37	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
2 5	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2006	15169 (GOOGLE) (GOOGLE)
4 6	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	37.252.173.62 37.252.173.62	29990 (ASN-APPNEX) (ASN-APPNEX)
3 4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2 2	3.125.99.7 3.125.99.7	16509 (AMAZON-02) (AMAZON-02)
2 4	2606:4700::68... 2606:4700::6812:c05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	104.111.237.88 104.111.237.88	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
2 2	18.197.47.23 18.197.47.23	16509 (AMAZON-02) (AMAZON-02)
3 3	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	54.228.162.19 54.228.162.19	16509 (AMAZON-02) (AMAZON-02)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	72.251.249.13 72.251.249.13	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	143.204.209.110 143.204.209.110	16509 (AMAZON-02) (AMAZON-02)
1 1	193.239.68.97 193.239.68.97	39468 (BIGMIR-IN...) (BIGMIR-INTERNET-AS)
1	193.239.71.100 193.239.71.100	39468 (BIGMIR-IN...) (BIGMIR-INTERNET-AS)
2	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE)
221	43

5 91.198.36.14 (Ukraine) 3 redirects

ASN43405 (DIGITAL-VENTURES, UA)
PTR: www.i.ua

mail.i.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
passport.i.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 91.198.36.78 (Ukraine)

ASN43405 (DIGITAL-VENTURES, UA)
PTR: sh02.mi6.kiev.ua

i3.i.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.i.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a03:90c0:41:2801::254 (Frankfurt am Main, Germany)

ASN199524 (GCORE, LU)

cdn.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.198.36.35 (Ukraine)

ASN43405 (DIGITAL-VENTURES, UA)

h.holder.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.37.238.28 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip28.ip-54-37-238.eu

kpmediagaua.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.198.36.16 (Ukraine)

ASN43405 (DIGITAL-VENTURES, UA)
PTR: r.i.ua

r.i.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.198.36.26 (Ukraine)

ASN43405 (DIGITAL-VENTURES, UA)
PTR: i1.i.ua

i.holder.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 194.247.175.23 (Ukraine)

ASN196831 (BEMOBILE-AS, UA)

source.mmi.bemobile.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 146.0.227.110 (Ascension Island) 2 redirects

ASN20773 (GODADDY, DE)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
inv-nets-eu.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.184.8.30 (Amsterdam, Netherlands) 1 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-30.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.16 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.38.120.206 (France)

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0c:5c81:5095:0:225:90ff:fefa:245d (London, United Kingdom)

ASN55081 (24SHELLS, US)

s.console.adtarget.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.209.108.37 (Russian Federation) 2 redirects

ASN52007 (ADRIVER-AS, RU)

ad.adriver.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 183.110.238.136 (Korea, Republic Of)

ASN4766 (KIXS-AS-KR Korea Telecom, KR)

idsync.admixer.co.kr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.42.191.196 (Luxembourg) 2 redirects

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 142.250.185.130 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.200.65.6 (Amsterdam, Netherlands)

ASN6681 (GIVEME-CLOUD, PL)
PTR: adforce.team

m.trafmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.6.23 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-6-23.eu-west-1.compute.amazonaws.com

ismatlab.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 212.8.250.83 (Rotterdam, Netherlands) 1 redirects

ASN49981 (WORLDSTREAM, NL)
PTR: customer.worldstream.nl

ad.mox.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.135.189.55 (France)

ASN16276 (OVH, FR)
PTR: m.mixadvert.com

m.mixadvert.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7caf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 167.71.9.19 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

bgstats.mox.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.59.128.17 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-128-17.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.69 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.132.133.134 (Vianen, Netherlands) 1 redirects

ASN49981 (WORLDSTREAM, NL)

ad.mediawayss.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.vidver.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.180.223.67 (Groningen, Netherlands) 1 redirects

ASN49981 (WORLDSTREAM, NL)

ad.outstream.today	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.165.240.175 (Netherlands) 2 redirects

ASN49981 (WORLDSTREAM, NL)

ad.adopx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.invamia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.180.220.208 (Netherlands) 1 redirects

ASN49981 (WORLDSTREAM, NL)

ad.vidverto.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.18.234.21 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.173.62 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.125.99.7 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:c05 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.237.88 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.47.23 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.126.56.137 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.228.162.19 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-162-19.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.13 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.209.110 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-209-110.fra53.r.cloudfront.net

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.239.68.97 (Ukraine) 1 redirects

ASN39468 (BIGMIR-INTERNET-AS, UA)

c.bigmir.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.239.71.100 (Ukraine)

ASN39468 (BIGMIR-INTERNET-AS, UA)
PTR: rs.img.com.ua

i.bigmir.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
68	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com	615 KB
43	doubleclick.net 6 redirects googleads.g.doubleclick.net cm.g.doubleclick.net securepubads.g.doubleclick.net googleads4.g.doubleclick.net stats.g.doubleclick.net	236 KB
26	i.ua 3 redirects mail.i.ua passport.i.ua i3.i.ua i.i.ua r.i.ua i.ua	186 KB
22	admixer.net 2 redirects cdn.admixer.net inv-nets.admixer.net inv-nets-eu.admixer.net	199 KB
10	mox.tv 1 redirects ad.mox.tv bgstats.mox.tv	68 KB
8	google.com 2 redirects adservice.google.com www.google.com	833 B
7	googletagservices.com www.googletagservices.com	217 KB
6	casalemedia.com 4 redirects dsum-sec.casalemedia.com ssum-sec.casalemedia.com	6 KB
4	yahoo.com 4 redirects pr-bh.ybp.yahoo.com ups.analytics.yahoo.com	4 KB
4	tribalfusion.com 2 redirects a.tribalfusion.com s.tribalfusion.com	3 KB
4	openx.net 3 redirects us-u.openx.net	1 KB
4	adnxs.com 3 redirects ib.adnxs.com	4 KB
4	gstatic.com fonts.gstatic.com	62 KB
4	unpkg.com 2 redirects unpkg.com	40 KB
4	creativecdn.com 1 redirects prebid-eu.creativecdn.com creativecdn.com	1 KB
4	gemius.pl 1 redirects kpmediagaua.hit.gemius.pl	12 KB
3	bidswitch.net 3 redirects x.bidswitch.net	1 KB
3	google.de adservice.google.de	1 KB
3	holder.com.ua h.holder.com.ua i.holder.com.ua	7 KB
2	bigmir.net 1 redirects c.bigmir.net i.bigmir.net	449 B
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	advertising.com 2 redirects pixel.advertising.com	933 B
2	m6r.eu 2 redirects tracking.m6r.eu	1 KB
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	2mdn.net s0.2mdn.net	36 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	mixadvert.com m.mixadvert.com	98 KB
2	trafmag.com m.trafmag.com	702 B
2	betweendigital.com 2 redirects ads.betweendigital.com	973 B
2	adriver.ru 2 redirects ad.adriver.ru	1 KB
2	bemobile.ua source.mmi.bemobile.ua	24 KB
2	googleadservices.com partner.googleadservices.com	688 B
1	smaato.net 1 redirects s.ad.smaato.net	687 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	457 B
1	adsrvr.org match.adsrvr.org	265 B
1	vidver.to ad.vidver.to	431 B
1	vidverto.io 1 redirects ad.vidverto.io	495 B
1	invamia.com 1 redirects ad.invamia.com	510 B
1	adopx.net 1 redirects ad.adopx.net	526 B
1	outstream.today 1 redirects ad.outstream.today	540 B
1	mediawayss.com 1 redirects ad.mediawayss.com	561 B
1	mathtag.com 1 redirects sync.mathtag.com	691 B
1	quantserve.com pixel.quantserve.com	373 B
1	ismatlab.com ismatlab.com	149 B
1	admixer.co.kr idsync.admixer.co.kr	904 B
1	adtarget.com.tr s.console.adtarget.com.tr
1	onetag-sys.com onetag-sys.com	818 B
1	smartadserver.com prg.smartadserver.com	2 KB
0	netmng.com Failed google2waycm.netmng.com Failed
0	tns-ua.com Failed pa.tns-ua.com Failed
221	50

	Domain	Requested by
37	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com mail.i.ua
27	pagead2.googlesyndication.com	mail.i.ua pagead2.googlesyndication.com cdn.admixer.net tpc.googlesyndication.com googleads.g.doubleclick.net d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com www.googletagservices.com
20	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net mail.i.ua d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
19	i3.i.ua	mail.i.ua i3.i.ua
12	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com mail.i.ua
9	ad.mox.tv	1 redirects mail.i.ua ad.mox.tv
9	cdn.admixer.net	mail.i.ua cdn.admixer.net
7	inv-nets.admixer.net	2 redirects cdn.admixer.net mail.i.ua
7	www.googletagservices.com	pagead2.googlesyndication.com ad.mox.tv googleads.g.doubleclick.net d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
6	inv-nets-eu.admixer.net	mail.i.ua
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	www.google.com	2 redirects googleads.g.doubleclick.net d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
5	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net mail.i.ua
4	us-u.openx.net	3 redirects googleads.g.doubleclick.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
4	fonts.gstatic.com	fonts.googleapis.com
4	d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	unpkg.com	2 redirects mail.i.ua
4	kpmediagaua.hit.gemius.pl	1 redirects mail.i.ua kpmediagaua.hit.gemius.pl
3	ups.analytics.yahoo.com	3 redirects
3	x.bidswitch.net	3 redirects
3	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	mail.i.ua	2 redirects
2	stats.g.doubleclick.net	mail.i.ua
2	ap.lijit.com	2 redirects
2	pixel.advertising.com	2 redirects
2	tracking.m6r.eu	2 redirects
2	s.tribalfusion.com	mail.i.ua d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
2	a.tribalfusion.com	2 redirects
2	pm.w55c.net	2 redirects
2	s0.2mdn.net	d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com googleads.g.doubleclick.net
2	fonts.googleapis.com	tpc.googlesyndication.com
2	m.mixadvert.com	i.holder.com.ua m.mixadvert.com
2	m.trafmag.com	mail.i.ua
2	ads.betweendigital.com	2 redirects
2	ad.adriver.ru	2 redirects
2	creativecdn.com	1 redirects mail.i.ua
2	prebid-eu.creativecdn.com	cdn.admixer.net
2	source.mmi.bemobile.ua	h.holder.com.ua source.mmi.bemobile.ua
2	partner.googleadservices.com	pagead2.googlesyndication.com
2	h.holder.com.ua	mail.i.ua
1	i.bigmir.net
1	c.bigmir.net	1 redirects
1	s.ad.smaato.net	1 redirects
1	ssum-sec.casalemedia.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	match.adsrvr.org	d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	ad.vidver.to	mail.i.ua
1	ad.vidverto.io	1 redirects
1	ad.invamia.com	1 redirects
1	ad.adopx.net	1 redirects
1	ad.outstream.today	1 redirects
1	ad.mediawayss.com	1 redirects
1	sync.mathtag.com	1 redirects
1	bgstats.mox.tv	mail.i.ua
1	pixel.quantserve.com	mail.i.ua
1	ismatlab.com	mail.i.ua
1	idsync.admixer.co.kr	mail.i.ua
1	s.console.adtarget.com.tr	mail.i.ua
1	onetag-sys.com	inv-nets.admixer.net
1	prg.smartadserver.com	cdn.admixer.net
1	i.holder.com.ua	h.holder.com.ua
1	i.ua	mail.i.ua
1	r.i.ua	mail.i.ua
1	i.i.ua	mail.i.ua
1	passport.i.ua	1 redirects
0	google2waycm.netmng.com Failed	d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
0	pa.tns-ua.com Failed	source.mmi.bemobile.ua
221	71

This site contains no links.

Subject Issuer	Validity	Valid
i.ua R3	`2021-03-15` - `2021-06-13`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.admixer.net Sectigo RSA Domain Validation Secure Server CA	`2020-03-12` - `2021-06-21`	a year	crt.sh
holder.com.ua R3	`2021-02-16` - `2021-05-17`	3 months	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2019-09-11` - `2021-09-24`	2 years	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.mmi.bemobile.ua Sectigo RSA Domain Validation Secure Server CA	`2021-02-02` - `2022-02-02`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
onetag-sys.com R3	`2021-05-02` - `2021-07-31`	3 months	crt.sh
s.console.adtarget.com.tr ZeroSSL ECC Domain Secure Site CA	`2021-04-03` - `2021-07-02`	3 months	crt.sh
*.admixer.co.kr GeoTrust RSA CA 2018	`2021-04-05` - `2022-05-06`	a year	crt.sh
*.trafmag.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-15` - `2021-06-21`	a year	crt.sh
ismatlab.com RapidSSL RSA CA 2018	`2020-05-19` - `2021-05-20`	a year	crt.sh
ad.mox.tv R3	`2021-04-04` - `2021-07-03`	3 months	crt.sh
m.mixadvert.com R3	`2021-05-02` - `2021-07-31`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-02` - `2021-08-02`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
bgstats.mox.tv R3	`2021-04-02` - `2021-07-01`	3 months	crt.sh
ad.vidver.to R3	`2021-04-04` - `2021-07-03`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
img.com.ua R3	`2021-05-03` - `2021-08-01`	3 months	crt.sh

This page contains 22 frames:

Primary Page: https://mail.i.ua/
Frame ID: 11424636932F2307A45C744AC55DDC4D
Requests: 97 HTTP requests in this frame

Frame: https://cdn.admixer.net/scripts3/c.html
Frame ID: 62C94CCE35739F036A6E3A817DAB6E2F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210505/r20190131/zrt_lookup.html
Frame ID: CE6E668D3D7A9C0B60A1BB46E216DF46
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&adk=1812271804&adf=3025194257&lmt=1620591440&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmail.i.ua%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620591440891&bpp=2&bdt=404&idt=59&shv=r20210505&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3933519630770&frm=20&pv=2&ga_vid=2007371597.1620591441&ga_sid=1620591441&ga_hid=608186328&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C44739521&oid=3&pvsid=2604136478997217&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=76
Frame ID: 1A9FD564E644F525CFF5985130D8CEDD
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=59d216e971852f2
Frame ID: 00D60991D6CB40F0F89047D804D05B99
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Frame ID: BD6543B144AAE2B9ACCAFA68F356B0A8
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&h=90&slotname=7531674348&adk=1361311546&adf=3279755405&pi=t.ma~as.7531674348&w=728&psa=0&format=728x90&url=https%3A%2F%2Fmail.i.ua%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620591441787&bpp=4&bdt=38&idt=95&shv=r20210505&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3D7ecdb0c965ea1fe6-2216a1a00cc8001f%3AT%3D1620591441%3ART%3D1620591441%3AS%3DALNI_MbAnXb4leQf5i0mWjsKVB3fhJa-bQ&correlator=3933519630770&frm=23&ife=5&pv=1&ga_vid=741534965.1620591442&ga_sid=1620591442&ga_hid=517240314&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=64&biw=1600&bih=1200&isw=728&ish=90&ifk=2639203729&scr_x=0&scr_y=0&eid=44739524%2C31060711&oid=3&pvsid=2963908536776363&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b019jey81f2r&fsb=1&dtd=103
Frame ID: 58E49ECD738079C720D08B84DBCF3505
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 1355A8633EB9FE1F01B7D4772A81A17F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/index.html
Frame ID: C6A8E8BE1A77C5894CE00EC8C952A8E8
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 3A024F924925893DAA8C11A9E19F487A
Requests: 2 HTTP requests in this frame

Frame: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1083874543EDE3EEF11D5AD8FF693745
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQ1K6oAhim9OqVATAB&v=APEucNU6-reOgS82g-LhgSrNyxMVUM7-QaKAscQFdiZOTPZPZyHxXcrIyVn7CksAhNqMltW4_WMC5biF3NilFroUgRff_gbsWv15ZFJMUa9ruUnC_XrkFBxTqrh9cQ5FkBUIYeedCeh0Zfwt2JEnasACTfWzeGgjWNja4zCMcAYDmdG6uFk-NCBou2VKp_HZuVKMJc7pJQ_xkdCSA5ouSbdEF1IvFJuN1g
Frame ID: D517425F6FEC1A71E0B89B7A25000596
Requests: 4 HTTP requests in this frame

Frame: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D0D65AE6464E98C6AD9BFCD81264AD4B
Requests: 7 HTTP requests in this frame

Frame: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2B8C1FE38817861D23718685A1C59387
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/index.html
Frame ID: ED72C9C9EBA48D3EEAEBB8CCA54C31C1
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: A68C7BAAC9EA70B3C81FD818AABC8333
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQ1K6oAhim9OqVATAB&v=APEucNUvrbz_g2F__MlCe-Q90aUnwg-wmyeurYUgBI8ptmUpomaXCYdUw9j3Npe97omINq2dBCgRWf1LLuYOBG3CF6_SVl6NEPa8l326dNCgZEny-bv6WWfy0_6NO5_brkXccECc208QHmiSD1n3vx7t4wWAU-k9a8RWDxau2Gm9kK0fiPM-U4GHJaHjusPX8wHQif2rC31e5W28LxNiA0UG4bYhU52l_Q
Frame ID: 69A3483E7A0E209BAD0E73D197FAC152
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 80403721F8E22AD2C255455571BBC9FC
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: FBB0C8954AF2074BB7B08C06F376B550
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D3972D539F066C3F42FE67E65B93D9EC
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2EC6E110AA42F8D2122D8606CF38126A
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 588956A8596F7C4192E67F06AE853008
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://mail.i.ua/reg HTTP 302
https://passport.i.ua/redirect/?id=mail&url=mail.i.ua HTTP 302
http://mail.i.ua/ HTTP 301
https://mail.i.ua/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

221
Requests

97 %
HTTPS

31 %
IPv6

50
Domains

71
Subdomains

43
IPs

12
Countries

1808 kB
Transfer

4720 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://mail.i.ua/reg HTTP 302
https://passport.i.ua/redirect/?id=mail&url=mail.i.ua HTTP 302
http://mail.i.ua/ HTTP 301
https://mail.i.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://kpmediagaua.hit.gemius.pl/_1620591441149/rexdot.js?l=100&id=d1Yw5EtdZvzlzbDVgnMo_ceCDhswwIL03Gsu091xSCf.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2Fmail.i.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=0&lsdata=-NOTSUP&fpdata=rITVBG2YqL8yWZSskDBPoaGFark9nL.8.cV3Z5zBoRj.Y7&vis=1 HTTP 301
https://kpmediagaua.hit.gemius.pl/__/_1620591441149/rexdot.js?l=100&id=d1Yw5EtdZvzlzbDVgnMo_ceCDhswwIL03Gsu091xSCf.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2Fmail.i.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=0&lsdata=-NOTSUP&fpdata=rITVBG2YqL8yWZSskDBPoaGFark9nL.8.cV3Z5zBoRj.Y7&vis=1

Request Chain 52

https://creativecdn.com/cm-notify?pi=admixer HTTP 302
https://creativecdn.com/cm-notify?pi=admixer&tc=1

Request Chain 53

https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6845806 HTTP 302
https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6845806&tuid=-4928217980 HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=AA391812-3D60-4352-AC90-6449D7D09A7A&id=AtTLWAnQ-Pfzo2PN6V9CFbg

Request Chain 55

https://ads.betweendigital.com/match?bidder_id=43070&callback_url=%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3D70C88C54-8654-4219-A50A-E344F86A4A28%26id%3D${USER_ID} HTTP 302
https://ads.betweendigital.com/match?bidder_id=43070&callback_url=%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3D70C88C54-8654-4219-A50A-E344F86A4A28%26id%3D${USER_ID}&crf=1 HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=70C88C54-8654-4219-A50A-E344F86A4A28&id=c46219ab-ca05-5281-b798-f1eed700b2bf

Request Chain 56

https://cm.g.doubleclick.net/pixel?google_nid=admixer_dmp&google_cm HTTP 302
https://inv-nets.admixer.net/gadx/cm.aspx?google_gid=CAESEAi1JRRSmt0HzIYTdWo40f0&google_cver=1 HTTP 302
https://m.trafmag.com/images/1px-matching-go2net.gif?id=186b48387cab4ab6870f748a94b5cd7c

Request Chain 58

https://cm.g.doubleclick.net/pixel?google_nid=admixer_technologies&google_hm=MDE2YzIzOTM3YmRjNGY5M2JjOTY3ZWI4NjM4Yjg4YWE=&google_cm HTTP 302
https://inv-nets.admixer.net/gadx/cm.aspx?google_nid=admixer_technologies&google_gid=CAESEG1NPiP5eXZdeHqDuwPCtZo&google_cver=1 HTTP 302
https://m.trafmag.com/images/1px-matching-go2net.gif?id=160a37dd19604045b890b0af6ce03178

Request Chain 66

https://unpkg.com/swiper/swiper-bundle.min.css HTTP 302
https://unpkg.com/swiper@6.5.9/swiper-bundle.min.css

Request Chain 70

https://unpkg.com/swiper/swiper-bundle.min.js HTTP 302
https://unpkg.com/swiper@6.5.9/swiper-bundle.min.js

Request Chain 74

https://x.bidswitch.net/sync?ssp=prodoohmox&user_id=c2dea746-e032-4fed-bc0e-2ccdbb46ced4&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=prodoohmox&user_id=c2dea746-e032-4fed-bc0e-2ccdbb46ced4&gdpr=0&gdpr_consent= HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dprodoohmox%26bsw_param%3D7c547ee2-4670-4548-b291-bb28cc6aacc4&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=80&user_id=f5986098-4351-4200-a8ef-256c140eeaf0&expires=30&ssp=prodoohmox&bsw_param=7c547ee2-4670-4548-b291-bb28cc6aacc4&gdpr=0&gdpr_consent= HTTP 302
https://ad.mox.tv/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4 HTTP 302
https://ad.mediawayss.com/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=YWQub3V0c3RyZWFtLnRvZGF5LGFkLmFkb3B4Lm5ldCxhZC5pbnZhbWlhLmNvbSxhZC52aWR2ZXJ0by5pbyxhZC52aWR2ZXIudG8= HTTP 302
https://ad.outstream.today/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=YWQuYWRvcHgubmV0LGFkLmludmFtaWEuY29tLGFkLnZpZHZlcnRvLmlvLGFkLnZpZHZlci50bw== HTTP 302
https://ad.adopx.net/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=YWQuaW52YW1pYS5jb20sYWQudmlkdmVydG8uaW8sYWQudmlkdmVyLnRv HTTP 302
https://ad.invamia.com/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=YWQudmlkdmVydG8uaW8sYWQudmlkdmVyLnRv HTTP 302
https://ad.vidverto.io/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=YWQudmlkdmVyLnRv HTTP 302
https://ad.vidver.to/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=

Request Chain 113

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 142

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIb5abglSarbDWgGErXmkEo&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIb5abglSarbDWgGErXmkEo&google_cver=1&C=1

Request Chain 143

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJhDUp5As6otff0Xm6gSxwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIb5abglSarbDWgGErXmkEo&google_cver=1

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEO2kgF_X7hXFv7X8-XyeOu8&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO2kgF_X7hXFv7X8-XyeOu8%26google_cver%3D1

Request Chain 174

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzk3Nzg5MzMwODA3NDMzMTY2Mg%3D%3D

Request Chain 175

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEExcjsKT8GqN0POlXyLbPs4&google_cver=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEExcjsKT8GqN0POlXyLbPs4&google_cver=1

Request Chain 176

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGZjYWJmMTUtMjcyYS0yZGQ4LWQzMTMtMzJhZmQ2MTdlYzI5

Request Chain 177

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 180

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPe7YotbMHMDxBVcPkcysck&google_cver=1&google_push=AQvitUKO-Eb_1brIvjsLQY_NBVl-CJ6H4qpnkBg9K0IXSPCamc1QM5RWAglGI37KY16HgH9GnfhVKgKigLgyCx8IWY0dQOJua9Y HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPe7YotbMHMDxBVcPkcysck&google_cver=1&google_push=AQvitUKO-Eb_1brIvjsLQY_NBVl-CJ6H4qpnkBg9K0IXSPCamc1QM5RWAglGI37KY16HgH9GnfhVKgKigLgyCx8IWY0dQOJua9Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=N0QyZGRrRFYxTEZQUkY1&google_gid=CAESEPe7YotbMHMDxBVcPkcysck&google_cver=1&google_push=AQvitUKO-Eb_1brIvjsLQY_NBVl-CJ6H4qpnkBg9K0IXSPCamc1QM5RWAglGI37KY16HgH9GnfhVKgKigLgyCx8IWY0dQOJua9Y

Request Chain 181

https://a.tribalfusion.com/i.match?p=b6&u=CAESEJfNxiZ2Z_SQWlcoi6JYaRQ&google_cver=1&google_push=AQvitUK3NTXibUYzs6CjJqPxwNZRyIJ_AkLR57Z9eXXXaFILY87-8o2m_CXrvg3D2F0dn5ZmyvV99N3mqnuqLeB1NNwPTKcwhxE&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUK3NTXibUYzs6CjJqPxwNZRyIJ_AkLR57Z9eXXXaFILY87-8o2m_CXrvg3D2F0dn5ZmyvV99N3mqnuqLeB1NNwPTKcwhxE%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJfNxiZ2Z_SQWlcoi6JYaRQ&google_cver=1&google_push=AQvitUK3NTXibUYzs6CjJqPxwNZRyIJ_AkLR57Z9eXXXaFILY87-8o2m_CXrvg3D2F0dn5ZmyvV99N3mqnuqLeB1NNwPTKcwhxE&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUK3NTXibUYzs6CjJqPxwNZRyIJ_AkLR57Z9eXXXaFILY87-8o2m_CXrvg3D2F0dn5ZmyvV99N3mqnuqLeB1NNwPTKcwhxE%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 182

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESELiDyzGpizxvIa90D9SKkBg&google_cver=1&google_push=AQvitUKDY2e7oL96_1EJxZaGSKenezkdSng_CgaBjA3z6AF_HtPLv3AeRUzk3iAtDPnVMi7ifaQmyxW5VAtmIBKRkgQ7bAINaA HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESELiDyzGpizxvIa90D9SKkBg&google_cver=1&google_push=AQvitUKDY2e7oL96_1EJxZaGSKenezkdSng_CgaBjA3z6AF_HtPLv3AeRUzk3iAtDPnVMi7ifaQmyxW5VAtmIBKRkgQ7bAINaA&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=Bm8hGSawhdzkSWOCII2z_A&google_push=AQvitUKDY2e7oL96_1EJxZaGSKenezkdSng_CgaBjA3z6AF_HtPLv3AeRUzk3iAtDPnVMi7ifaQmyxW5VAtmIBKRkgQ7bAINaA

Request Chain 183

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEGRh_YBJTbdXMwiF4YNzgkY&google_cver=1&google_push=AQvitUK0r6UAPiyi_4YRiNJzsx8AiqhUV_5W8gm3N2PXav99ulEKY04o7ATtthGaUEvtEbzeRLYivBMtyfaIHLhPx4ICxh0Dlqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUK0r6UAPiyi_4YRiNJzsx8AiqhUV_5W8gm3N2PXav99ulEKY04o7ATtthGaUEvtEbzeRLYivBMtyfaIHLhPx4ICxh0Dlqw&google_hm=NzczNDk2NDk1OTc3MjI5NDc0OQ%3D%3D

Request Chain 184

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEItj1gDfCLRSMaKdNCXPuGk&google_cver=1&google_push=AQvitUKh5et3QnFe-E4L-VCNDhhafhcstUxtRjCxVDwZnwqfe0OptW13NYyw_e_iESpUgMH0bvTru9JsAVVluWFCdSgTyRYCgCa_ HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEItj1gDfCLRSMaKdNCXPuGk&google_cver=1&google_push=AQvitUKh5et3QnFe-E4L-VCNDhhafhcstUxtRjCxVDwZnwqfe0OptW13NYyw_e_iESpUgMH0bvTru9JsAVVluWFCdSgTyRYCgCa_&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEItj1gDfCLRSMaKdNCXPuGk&google_cver=1&google_push=AQvitUKh5et3QnFe-E4L-VCNDhhafhcstUxtRjCxVDwZnwqfe0OptW13NYyw_e_iESpUgMH0bvTru9JsAVVluWFCdSgTyRYCgCa_&apid=UP905fae75-b103-11eb-a168-0690d690c020 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA5MDVmYWU3NS1iMTAzLTExZWItYTE2OC0wNjkwZDY5MGMwMjA%3D&google_push=AQvitUKh5et3QnFe-E4L-VCNDhhafhcstUxtRjCxVDwZnwqfe0OptW13NYyw_e_iESpUgMH0bvTru9JsAVVluWFCdSgTyRYCgCa_

Request Chain 192

https://a.tribalfusion.com/i.match?p=b6&u=CAESEJfNxiZ2Z_SQWlcoi6JYaRQ&google_cver=1&google_push=AQvitUJBTwi7v4XDJo3X3CjldfkJLH2jUwwaXX5oDYSoXvekkzPrJvZJp8_4CwdfABolURLEKAHzh-rKL3IZq6plYtWMSE7ep6M4&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUJBTwi7v4XDJo3X3CjldfkJLH2jUwwaXX5oDYSoXvekkzPrJvZJp8_4CwdfABolURLEKAHzh-rKL3IZq6plYtWMSE7ep6M4%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJfNxiZ2Z_SQWlcoi6JYaRQ&google_cver=1&google_push=AQvitUJBTwi7v4XDJo3X3CjldfkJLH2jUwwaXX5oDYSoXvekkzPrJvZJp8_4CwdfABolURLEKAHzh-rKL3IZq6plYtWMSE7ep6M4&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUJBTwi7v4XDJo3X3CjldfkJLH2jUwwaXX5oDYSoXvekkzPrJvZJp8_4CwdfABolURLEKAHzh-rKL3IZq6plYtWMSE7ep6M4%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 194

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFpuYFaeqQNiI_W1RBCdXdE&google_cver=1&google_push=AQvitUKhDDoHK1Cwi1VCjtrUjtm9w27Y8ikYzZuFO4MOZdrAa7Xp0mZ8uHrt3IkFGg1QZXKRUTuVeDNOTuojIPPjlqI3TfYQh_Pj HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09ITUFXR0ItWi1MWTVH&google_push=AQvitUKhDDoHK1Cwi1VCjtrUjtm9w27Y8ikYzZuFO4MOZdrAa7Xp0mZ8uHrt3IkFGg1QZXKRUTuVeDNOTuojIPPjlqI3TfYQh_Pj

Request Chain 195

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIw1_gCfV2kRyE3RwR6Ry04&google_cver=1&google_push=AQvitUJ2NfGv1AHzNpm7XY0GWxWif1cZukcQBqeNCRWnjOgda6Rs6_yCp8xo93jpCyiUn2gwMn1mxNkByqYuFA4tdO3vwd8FSVhB HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJhDUoDPgWAUeLhdvFQqSQAABIYAAAAB&google_gid=CAESEIw1_gCfV2kRyE3RwR6Ry04&google_push=AQvitUJ2NfGv1AHzNpm7XY0GWxWif1cZukcQBqeNCRWnjOgda6Rs6_yCp8xo93jpCyiUn2gwMn1mxNkByqYuFA4tdO3vwd8FSVhB&google_cver=1

Request Chain 196

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGa8pUmfZVe5EfUV-x3gqJs&google_cver=1&google_push=AQvitUIqXeQejXSxD6d34DifULL14lSP2e-wlq7y65p5Z7oYINNeLDHIJpju7qAHwxVcQqw_FJI4xTlC7vWS1MvnpNv0xMREHhPE HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGa8pUmfZVe5EfUV-x3gqJs&google_cver=1&google_push=AQvitUIqXeQejXSxD6d34DifULL14lSP2e-wlq7y65p5Z7oYINNeLDHIJpju7qAHwxVcQqw_FJI4xTlC7vWS1MvnpNv0xMREHhPE&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AQvitUIqXeQejXSxD6d34DifULL14lSP2e-wlq7y65p5Z7oYINNeLDHIJpju7qAHwxVcQqw_FJI4xTlC7vWS1MvnpNv0xMREHhPE&google_hm=1ad13188f3fc46590a7893ee

Request Chain 197

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEN2LtDjh35Fug-MMzJNZ1iE&google_cver=1&google_push=AQvitUKu1Pw_hRKIvd_myDI1aZGQXRFJXO-D-d3oD6r-vdU-UXxTeuVIOll2h0FxuP3mHKt-cNSVd7BLYFW4ekxo1rM6lpvS7Sdn HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=59e179bce89c2df4621c&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AQvitUKu1Pw_hRKIvd_myDI1aZGQXRFJXO-D-d3oD6r-vdU-UXxTeuVIOll2h0FxuP3mHKt-cNSVd7BLYFW4ekxo1rM6lpvS7Sdn

Request Chain 198

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEMPCrvXtqnNbeJuSwn_JjZQ&google_cver=1&google_push=AQvitUKlWz9RstRD2b0yMn3hDbmQqNbaA6dUuGx37RFu-Dkeg_-2Gv7yCLrIHjmbPEBitM2xarAY0EcUPFyY2BFZYmgZGEZWXA0m HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEMPCrvXtqnNbeJuSwn_JjZQ&google_cver=1&google_push=AQvitUKlWz9RstRD2b0yMn3hDbmQqNbaA6dUuGx37RFu-Dkeg_-2Gv7yCLrIHjmbPEBitM2xarAY0EcUPFyY2BFZYmgZGEZWXA0m&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1SeHllVFhORTJ1RUJXd1ptdUM0c1NhR3FHVC5VS0FzSn5B&google_push=AQvitUKlWz9RstRD2b0yMn3hDbmQqNbaA6dUuGx37RFu-Dkeg_-2Gv7yCLrIHjmbPEBitM2xarAY0EcUPFyY2BFZYmgZGEZWXA0m

Request Chain 210

https://c.bigmir.net/?s134156&t6&n0.028799821893710664&c1&d24&r1600&f HTTP 302
https://i.bigmir.net/cnt/06.gif

221 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
mail.i.ua/
Redirect Chain

https://mail.i.ua/reg
https://passport.i.ua/redirect/?id=mail&url=mail.i.ua
http://mail.i.ua/
https://mail.i.ua/

43 KB
18 KB

83ms
82ms

Document
text/html

91.198.36.14
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.14 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: www.i.ua
Software: nginx /
Resource Hash: 684b25843a4e19f497910eeaea919db40b3cadb0c2d1f5122ad1ef6ce6268bed

Request headers

Host: mail.i.ua
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Sun, 09 May 2021 20:17:20 GMT
Content-Type: text/html; charset=windows-1251
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Encoding: gzip

Redirect headers

Date: Sun, 09 May 2021 20:17:20 GMT
Server: Apache/1.3.42 (Unix) mod_deflate/1.0.21
Location: https://mail.i.ua/
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=windows-1251

GET
H/1.1 200
OK mail.y2016369a.css
i3.i.ua/css/i2/blue/ 229 KB
37 KB 253ms
71ms Stylesheet
text/css 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 2bcb06d6faa4ca062642d7b2e98970ef0343614d2ec8364f52d2a78d42b3732b

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:20 GMT
Content-Encoding: gzip
Last-Modified: Mon, 01 Feb 2021 12:37:57 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=31536000
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 37787
Expires: Mon, 09 May 2022 20:17:20 GMT

GET
H/1.1 200
OK util.ya033ba43.js Show response
i3.i.ua/js/ 14 KB
5 KB 254ms
72ms Script
application/x-javascript 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://i3.i.ua/js/util.ya033ba43.js
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 0aafcf7215f16bffb8bd442910b5d318a004d91f2d7018163bed08e3446cab6d

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:20 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Jan 2021 10:14:41 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=windows-1251
Cache-Control: max-age=31536000
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 4882
Expires: Mon, 09 May 2022 20:17:20 GMT

GET
H/1.1 200
OK JSHttpRequest.y989b751f.js Show response
i3.i.ua/js/ 13 KB
4 KB 253ms
71ms Script
application/x-javascript 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://i3.i.ua/js/JSHttpRequest.y989b751f.js
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 77651d06d987b95f32821dd3800c754db04b4ab74f6e7cebec2e7f59cda47b1f

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:20 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Jan 2021 10:14:42 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=windows-1251
Cache-Control: max-age=31536000
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 4200
Expires: Mon, 09 May 2022 20:17:20 GMT

GET
H/1.1 200
OK global.y18bbae35.js Show response
i3.i.ua/js/i/ 25 KB
6 KB 254ms
72ms Script
application/x-javascript 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://i3.i.ua/js/i/global.y18bbae35.js
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 937511b9ff4b72a44415cbf3bbcf0fa2723781a9174d031f9cdc2d44b117c1d5

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:20 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Jan 2021 10:14:41 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=windows-1251
Cache-Control: max-age=31536000
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 6155
Expires: Mon, 09 May 2022 20:17:20 GMT

GET
H/1.1 200
OK autoload.y718797e6.js Show response
i3.i.ua/js/i/ 13 KB
4 KB 254ms
72ms Script
application/x-javascript 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://i3.i.ua/js/i/autoload.y718797e6.js
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 43ce5e5fc944426f117531e92e0f3b86daa5fd4d4a9230a8019fdb5c1e2d1dd1

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:20 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Jan 2021 10:14:40 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=windows-1251
Cache-Control: max-age=31536000
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 4123
Expires: Mon, 09 May 2022 20:17:20 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 132 KB
47 KB 42ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6bda1421fc5ce7934caf8d700fd8111808a0111e5e406ec96ae23f74f9177e85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47911
x-xss-protection: 0
server: cafe
etag: 1180854679999446135
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 09 May 2021 20:17:20 GMT

GET
H2 200 loader2.js Show response
cdn.admixer.net/scripts3/ 86 KB
29 KB 23ms
7ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/loader2.js
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: c0fb029202d8de1191ed09e7a435bec23c5bbcd8f447ceb609bfc71eaebf1430

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc29
date: Sun, 09 May 2021 20:17:20 GMT
content-encoding: gzip
last-modified: Tue, 27 Apr 2021 11:14:05 GMT
server: nginx
etag: W/"6087f1fd-15695"
x-cached-since: 2021-05-09T20:07:49+00:00
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
cache: HIT
expires: Wed, 28 Apr 2021 14:12:08 GMT

GET
H/1.1 200
OK button_registration_ru.png
i3.i.ua/v2/mail/ 3 KB
3 KB 198ms
197ms Image
image/png 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/mail/button_registration_ru.png
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 9d1b34b11ccdac9862d314258cbdbbbcbe8354eac135e7e45a74926095d3b2cc

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:20 GMT
Last-Modified: Thu, 04 Nov 2010 14:28:54 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3226
Expires: Mon, 09 May 2022 20:17:20 GMT

GET
H/1.1 200
OK i Show response
h.holder.com.ua/ 234 B
723 B 249ms
71ms Script
application/x-javascript 91.198.36.35
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://h.holder.com.ua/i?1620591440
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 91.198.36.35 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software: nginx /
Resource Hash: fb3099c6cbde742389b5c2907f2f05d32f57e295648e7e726575ab5f1bb90b57

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:17:20 GMT
Server: nginx
P3P: policyref="https://i.holder.com.ua/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
Cache-Control: no-cache, no-store, must-revalidate, no-cache=Set-Cookie, max-age=0, proxy-revalidate
Connection: keep-alive
Content-Type: application/x-javascript; charset=windows-1251
Keep-Alive: timeout=5
Content-Length: 234
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK s Show response
h.holder.com.ua/ 1 KB
2 KB 214ms
71ms Script
text/javascript 91.198.36.35
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://h.holder.com.ua/s?b5009&tj&c1&r590446333&hmail.i.ua%2F
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 91.198.36.35 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software: nginx /
Resource Hash: d11ff26c512fe268c542d080b40ad6f60bb563c8dceca6879599fea3b7047246

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:17:21 GMT
Server: nginx
P3P: policyref="https://i.holder.com.ua/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
Cache-Control: no-cache, no-store, must-revalidate, no-cache=Set-Cookie, max-age=0, proxy-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=windows-1251
Keep-Alive: timeout=5
Content-Length: 1478
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 3_1_2.png
i.i.ua/r/ 2 KB
2 KB 251ms
71ms Image
image/png 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.i.ua/r/3_1_2.png
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 11322d98807a606db0ee33e701418e86e952c81fbfcbf4a025e5244c4e734c36

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Last-Modified: Thu, 28 Sep 2006 16:33:08 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2196
Expires: Mon, 09 May 2022 20:17:20 GMT

GET
H2 200 xgemius.js Show response
kpmediagaua.hit.gemius.pl/ 39 KB
11 KB 219ms
65ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://kpmediagaua.hit.gemius.pl/xgemius.js
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 802c6d8cd4c0f4b05291044633e84e1a86093eedecc2dc4e15c46c66d5b10f06

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
last-modified: Wed, 17 Mar 2021 11:13:20 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
accept-ranges: none
content-type: application/x-javascript
content-length: 10555
expires: Mon, 10 May 2021 08:17:21 GMT

GET
H/1.1 200
OK s
r.i.ua/ 43 B
486 B 225ms
75ms Image
image/gif 91.198.36.16
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.i.ua/s?u100&p0&n0.20116073219514474&c1&d24&w1600&h1200&rmail.i.ua/
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 91.198.36.16 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: r.i.ua
Software: nginx /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:17:21 GMT
Server: nginx
Transfer-Encoding: chunked
P3P: policyref="http://i.i.ua/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Expires: 0

GET
H/1.1 200
OK iua_logo.svg
i3.i.ua/v2/header2014/ 2 KB
3 KB 72ms
72ms Image
image/svg+xml 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/header2014/iua_logo.svg
Requested by: Host: i3.i.ua
URL: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: b1d0602272ae1a1a50d071170b1d810f3a09925fe2e530a739663a7f12e3f98d

Request headers

Referer: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:20 GMT
Last-Modified: Wed, 27 Aug 2014 12:51:49 GMT
Server: nginx
Content-Type: image/svg+xml
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2511
Expires: Mon, 09 May 2022 20:17:20 GMT

GET
H/1.1 200
OK brandingleft_blue_day.png
i3.i.ua/v2/header2014/skin/spring2/ 14 KB
14 KB 183ms
183ms Image
image/png 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/header2014/skin/spring2/brandingleft_blue_day.png
Requested by: Host: i3.i.ua
URL: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 8dcad27b286bd77aedd1eab01d9209261c594910c278a21c1195297ecda42867

Request headers

Referer: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:20 GMT
Last-Modified: Tue, 14 Feb 2012 09:16:12 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 14234
Expires: Mon, 09 May 2022 20:17:20 GMT

GET
H/1.1 200
OK brandingright_blue_day.png
i3.i.ua/v2/header2014/skin/spring2/ 22 KB
23 KB 186ms
118ms Image
image/png 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/header2014/skin/spring2/brandingright_blue_day.png
Requested by: Host: i3.i.ua
URL: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 5226fb47729833e6358fa45f0d21d10c1b498c0782cd216fe051f8ec1e55012a

Request headers

Referer: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:20 GMT
Last-Modified: Tue, 14 Feb 2012 09:17:58 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 22842
Expires: Mon, 09 May 2022 20:17:20 GMT

GET
H/1.1 200
OK blue_day.png
i3.i.ua/v2/header2014/skin/spring2/ 3 KB
3 KB 75ms
75ms Image
image/png 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/header2014/skin/spring2/blue_day.png
Requested by: Host: i3.i.ua
URL: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 271d3016dc92531bffe29291ecbb0f3e557cebaa5570ed917c914e1edadbe43a

Request headers

Referer: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:20 GMT
Last-Modified: Tue, 14 Feb 2012 09:22:12 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2746
Expires: Mon, 09 May 2022 20:17:20 GMT

GET
H/1.1 200
OK branding_blue_day.jpg
i3.i.ua/v2/header2014/skin/spring2/ 16 KB
16 KB 194ms
193ms Image
image/jpeg 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/header2014/skin/spring2/branding_blue_day.jpg
Requested by: Host: i3.i.ua
URL: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: abca7a4362ed8b6c7a04d77317bbabd0443d27430ce5d4670878ef39b61ae871

Request headers

Referer: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:20 GMT
Last-Modified: Tue, 14 Feb 2012 09:16:12 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 16430
Expires: Mon, 09 May 2022 20:17:20 GMT

GET
H/1.1 200
OK shadow_bottom_bg.png
i3.i.ua/v2/bg/ 118 B
423 B 163ms
107ms Image
image/png 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/bg/shadow_bottom_bg.png?r
Requested by: Host: i3.i.ua
URL: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: d41478a8574c785058d0145576d696cd83de38a293b6f20d553bc5f69c78501e

Request headers

Referer: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:20 GMT
Last-Modified: Fri, 03 Sep 2010 09:49:50 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 118
Expires: Mon, 09 May 2022 20:17:20 GMT

GET
H/1.1 200
OK corners_border_blue_shadow.png
i3.i.ua/v2/gamma/ 562 B
867 B 275ms
71ms Image
image/png 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/gamma/corners_border_blue_shadow.png?r
Requested by: Host: i3.i.ua
URL: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 97ce8ab21f20c49ac4f5f581cbf8dde59b5c314ed7c97c6fbb1a1e21e6b63541

Request headers

Referer: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Last-Modified: Fri, 13 Aug 2010 09:04:04 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 562
Expires: Mon, 09 May 2022 20:17:21 GMT

GET
H/1.1 200
OK top_gradient_bg_blue.png
i3.i.ua/v2/gamma/ 155 B
460 B 240ms
71ms Image
image/png 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/gamma/top_gradient_bg_blue.png?r
Requested by: Host: i3.i.ua
URL: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: e0754399a6b65b8ec41171e4462edad8a3105cb0e624aceb45d64b05d718b8e2

Request headers

Referer: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Last-Modified: Fri, 03 Dec 2010 12:45:48 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 155
Expires: Mon, 09 May 2022 20:17:21 GMT

GET
H/1.1 200
OK mail_main_screen_ru_1.png
i3.i.ua/v2/mail/ 31 KB
31 KB 195ms
72ms Image
image/png 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/mail/mail_main_screen_ru_1.png?1
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 92d292af41bdad8a7e5cdea19da14fd3f496bc02965aacd93a013c3b6464edee

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Last-Modified: Mon, 02 Jul 2012 08:32:21 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 31265
Expires: Mon, 09 May 2022 20:17:21 GMT

GET
H/1.1 200
OK search_letter_ru.png
i3.i.ua/v2/mail/ 4 KB
4 KB 266ms
71ms Image
image/png 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/mail/search_letter_ru.png?1
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 16b32184cbd9833b9808463219857d6ef0f6abb8832c3e9d305a7a972ee1e52b

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Last-Modified: Mon, 19 Dec 2011 14:16:29 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3876
Expires: Mon, 09 May 2022 20:17:21 GMT

GET
H/1.1 200
OK mail_main_screen_ru_2.png
i3.i.ua/v2/mail/ 2 KB
2 KB 235ms
71ms Image
image/png 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/mail/mail_main_screen_ru_2.png?1
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: ae31dd5732a2f7e44b749c738632e61ec6cccb4bf62c871842f100196d18646a

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Last-Modified: Mon, 19 Dec 2011 11:55:46 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1570
Expires: Mon, 09 May 2022 20:17:21 GMT

GET
H/1.1 200
OK numbers_letter_ru.png
i3.i.ua/v2/mail/ 3 KB
4 KB 267ms
72ms Image
image/png 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/mail/numbers_letter_ru.png?1
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: d7d7eee7eab46d218652eb981e64483ebe6157186cf779e11f0a99fec70ef0e2

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Last-Modified: Mon, 19 Dec 2011 14:17:35 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3581
Expires: Mon, 09 May 2022 20:17:21 GMT

GET
H2 200 c.html Show response
cdn.admixer.net/scripts3/ Frame 62C9 637 B
512 B 6ms
5ms Document
text/html 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/c.html
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 594ca5002b9cdd63b301365c4dd76f3a08e23049f6aee1f62258d20da8ef1345

Request headers

:method: GET
:authority: cdn.admixer.net
:scheme: https
:path: /scripts3/c.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mail.i.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mail.i.ua/

Response headers

server: nginx
date: Sun, 09 May 2021 20:17:20 GMT
content-type: text/html
last-modified: Tue, 27 Apr 2021 11:14:01 GMT
vary: Accept-Encoding
etag: W/"6087f1f9-27d"
expires: Fri, 06 May 2022 10:15:13 GMT
cache-control: max-age=31622400
access-control-allow-origin: https://perevod.i.ua
access-control-allow-credentials: true
cache: HIT
x-cached-since: 2021-05-05T10:15:13+00:00
x-id: fr5-up-gc29
content-encoding: gzip

GET
H2 200 af0bee68301ea81d4ecb.b.js Show response
cdn.admixer.net/scripts3/ 82 KB
22 KB 7ms
7ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/af0bee68301ea81d4ecb.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: acb8d9c7e9ffc6b6873755e1a15d74e39339218515d82dbda78d252a1c7f0f55

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc29
date: Sun, 09 May 2021 20:17:20 GMT
content-encoding: gzip
last-modified: Tue, 27 Apr 2021 11:13:59 GMT
server: nginx
etag: W/"6087f1f7-14693"
vary: Accept-Encoding
x-cached-since: 2021-05-05T10:15:12+00:00
content-type: application/javascript
access-control-allow-origin: https://www.khaberni.com
cache-control: max-age=31622400
access-control-allow-credentials: true
cache: HIT
expires: Fri, 06 May 2022 10:15:12 GMT

GET
H2 200 d9d92df4fba73716000e.b.js Show response
cdn.admixer.net/scripts3/ 92 KB
25 KB 8ms
8ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: e76161afe81de38b97738d5d9008b7f211017ed268ebc8998acce1f3e9c49f61

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc29
date: Sun, 09 May 2021 20:17:20 GMT
content-encoding: gzip
last-modified: Tue, 27 Apr 2021 11:14:03 GMT
server: nginx
etag: W/"6087f1fb-16ee8"
vary: Accept-Encoding
x-cached-since: 2021-05-05T10:15:12+00:00
content-type: application/javascript
access-control-allow-origin: https://jo.opensooq.com
cache-control: max-age=31622400
access-control-allow-credentials: true
cache: HIT
expires: Fri, 06 May 2022 10:15:12 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210505/r20190131/ 224 KB
83 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210505/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3755662197386269&plah=mail.i.ua&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cd6c951096f7a376ac4d67812d7c09a069452cba6c4fa4f0ea1f052c1fd0c28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84600
x-xss-protection: 0
server: cafe
etag: 12591075211014417161
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 09 May 2021 20:17:20 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210505/r20190131/ Frame CE6E 10 KB
5 KB 24ms
5ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210505/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210505/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mail.i.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mail.i.ua/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 08 May 2021 23:39:16 GMT
expires: Sat, 22 May 2021 23:39:16 GMT
content-type: text/html; charset=UTF-8
etag: 10446291943670460780
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4644
x-xss-protection: 0
age: 74284
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 194 B
635 B 193ms
85ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=mail.i.ua&callback=_gfp_s_&client=ca-pub-3755662197386269

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210505/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3755662197386269&plah=mail.i.ua&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

7c39286215941be6b862e4204ec6e9a8fad353faf02fd09b571a0a363bdddfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 186
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 35ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=mail.i.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:17:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 33ms
14ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mail.i.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:17:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1A9F 54 B
56 B 77ms
76ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&adk=1812271804&adf=3025194257&lmt=1620591440&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmail.i.ua%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620591440891&bpp=2&bdt=404&idt=59&shv=r20210505&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3933519630770&frm=20&pv=2&ga_vid=2007371597.1620591441&ga_sid=1620591441&ga_hid=608186328&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C44739521&oid=3&pvsid=2604136478997217&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=76

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3755662197386269&output=html&adk=1812271804&adf=3025194257&lmt=1620591440&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmail.i.ua%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620591440891&bpp=2&bdt=404&idt=59&shv=r20210505&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3933519630770&frm=20&pv=2&ga_vid=2007371597.1620591441&ga_sid=1620591441&ga_hid=608186328&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C44739521&oid=3&pvsid=2604136478997217&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=76
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mail.i.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mail.i.ua/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 09 May 2021 20:17:21 GMT
server: cafe
content-length: 34
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 09-May-2021 20:32:20 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 09 May 2021 20:17:21 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 33ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0248976da97cef9d507c26ab78186f1fc82a4dc71963f29cc49946f09e72d69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620386783045400"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28014
x-xss-protection: 0
expires: Sun, 09 May 2021 20:17:20 GMT

GET
H/1.1 200
OK uh.php Show response
i.ua/ 8 B
645 B 219ms
72ms Script
text/html 91.198.36.14
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ua/uh.php?UH=5411359f58d53447&US=0&r=1620591440
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.14 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: www.i.ua
Software: nginx /
Resource Hash: 0de7a49f6d21fbef846aba4bd271502d7ec9489bfbb3fd96f5ff7cf19140875e

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Server: nginx
Connection: keep-alive
Content-Type: text/html; charset=windows-1251
Keep-Alive: timeout=5
Transfer-Encoding: chunked
P3P: policyref="http://i.ua/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"

GET
H2 200 fpdata.js Show response
kpmediagaua.hit.gemius.pl/ 273 B
386 B 64ms
64ms Script
application/x-javascript 54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://kpmediagaua.hit.gemius.pl/fpdata.js?href=mail.i.ua
Requested by: Host: kpmediagaua.hit.gemius.pl
URL: https://kpmediagaua.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 1841ed9521bbac24ba8cf06cff19eeea6cb313e771a3e54f2b477ddf057ea19c

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: private, max-age=2592000
accept-ranges: none
content-type: application/x-javascript
content-length: 273
expires: Tue, 08 Jun 2021 20:17:21 GMT

GET
H2

200

rexdot.js Show response
kpmediagaua.hit.gemius.pl/__/_1620591441149/
Redirect Chain

https://kpmediagaua.hit.gemius.pl/_1620591441149/rexdot.js?l=100&id=d1Yw5EtdZvzlzbDVgnMo_ceCDhswwIL03Gsu091xSCf.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2Fm...
https://kpmediagaua.hit.gemius.pl/__/_1620591441149/rexdot.js?l=100&id=d1Yw5EtdZvzlzbDVgnMo_ceCDhswwIL03Gsu091xSCf.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%...

169 B
430 B

65ms
64ms

Script
application/x-javascript

54.37.238.28
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://kpmediagaua.hit.gemius.pl/__/_1620591441149/rexdot.js?l=100&id=d1Yw5EtdZvzlzbDVgnMo_ceCDhswwIL03Gsu091xSCf.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2Fmail.i.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=0&lsdata=-NOTSUP&fpdata=rITVBG2YqL8yWZSskDBPoaGFark9nL.8.cV3Z5zBoRj.Y7&vis=1
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.37.238.28 , France, ASN16276 (OVH, FR),
Reverse DNS: ip28.ip-54-37-238.eu
Software: GHC /
Resource Hash: 6c0323654adf4b827bfe0a98ffa48359d6468e3cc7aee1b909616c7ae5b7343a

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:21 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
accept-ranges: none
content-type: application/x-javascript
content-length: 169
expires: Sat, 08 May 2021 20:17:21 GMT

Redirect headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:21 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1620591441149/rexdot.js?l=100&id=d1Yw5EtdZvzlzbDVgnMo_ceCDhswwIL03Gsu091xSCf.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=-120&fv=-&href=https%3A%2F%2Fmail.i.ua%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=0&lsdata=-NOTSUP&fpdata=rITVBG2YqL8yWZSskDBPoaGFark9nL.8.cV3Z5zBoRj.Y7&vis=1
cache-control: no-store, no-cache, must-revalidate, max-age=0
accept-ranges: none
content-length: 0
expires: Sat, 08 May 2021 20:17:21 GMT

GET
H/1.1 200
OK holder.y128.js Show response
i.holder.com.ua/t/ 9 KB
4 KB 215ms
70ms Script
application/x-javascript 91.198.36.26
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://i.holder.com.ua/t/holder.y128.js
Requested by: Host: h.holder.com.ua
URL: https://h.holder.com.ua/s?b5009&tj&c1&r590446333&hmail.i.ua%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 91.198.36.26 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: i1.i.ua
Software: nginx /
Resource Hash: 8fc4de112cb05f02f61d7856ee3b9ca6a8cd68ea5397520120c5183b99bffc17

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Jul 2017 14:14:15 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Expires: Mon, 09 May 2022 20:17:21 GMT

GET
H2 200 cmeter_an.js Show response
source.mmi.bemobile.ua/cm/ 10 KB
4 KB 324ms
98ms Script
application/javascript 194.247.175.23
BEMOBILE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://source.mmi.bemobile.ua/cm/cmeter_an.js
Requested by: Host: h.holder.com.ua
URL: https://h.holder.com.ua/s?b5009&tj&c1&r590446333&hmail.i.ua%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 194.247.175.23 , Ukraine, ASN196831 (BEMOBILE-AS, UA),
Reverse DNS
Software: nginx/1.13.0 /
Resource Hash: cc4485b98bb5818c5d48fb23119879c956a55a4e3630f9305192aaa770b17399

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
last-modified: Wed, 06 Nov 2019 07:53:34 GMT
server: nginx/1.13.0
etag: W/"5dc27bfe-2699"
content-type: application/javascript; charset=utf-8
cache-control: no-cache
expires: Thu, 07 Nov 2019 07:53:34 GMT

GET
H/1.1 200
OK i_radio.svg
i3.i.ua/v2/header2014/sections/ 2 KB
2 KB 72ms
71ms Image
image/svg+xml 91.198.36.78
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i3.i.ua/v2/header2014/sections/i_radio.svg
Requested by: Host: i3.i.ua
URL: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.198.36.78 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: sh02.mi6.kiev.ua
Software: nginx /
Resource Hash: 1d4af9cf7fd74a43e7640f0d828823068c6d6dfe7688ca8a122cc1cf6fd6ca03

Request headers

Referer: https://i3.i.ua/css/i2/blue/mail.y2016369a.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Last-Modified: Thu, 04 Sep 2014 11:06:56 GMT
Server: nginx
Content-Type: image/svg+xml
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 1672
Expires: Mon, 09 May 2022 20:17:21 GMT

GET
H/1.1 200
OK dsp.aspx Show response
inv-nets.admixer.net/ 20 KB
5 KB 162ms
72ms Script
application/javascript 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/dsp.aspx?sender=admixer&rct=4&v=2.0&rnd=1175627873997724.5&cpv=20fca335-c5df-abf6-98f3-66fbec31f362&responseType=default&uids=%7B%7D&fpd=%7B%7D&data=%7B%22id%22%3A%221e221690-c85a-8072-6c15-63745cd27df1%22%2C%22site%22%3A%7B%22page%22%3A%22https%253A%252F%252Fmail.i.ua%252F%22%2C%22ref%22%3A%22%22%2C%22sf%22%3A0%7D%2C%22device%22%3A%7B%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36%22%2C%22sr%22%3A%221600x1200%22%7D%2C%22labels%22%3A%7B%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2294316749-ff6f-c46f-e27e-fb57dfb80126%22%2C%22tagid%22%3A%2210c147c0-92a2-4910-a618-1fbaf92467d1%22%2C%22ext%22%3A%7B%22ph%22%3A%22admixer_rm_inner%22%2C%22pos%22%3A1%7D%2C%22sender%22%3Anull%7D%2C%7B%22id%22%3A%2207eb3e74-6b89-6f67-67ae-e217490ff08a%22%2C%22tagid%22%3A%222724cbf4-a4a5-49cb-84fb-c8dd977b5901%22%2C%22ext%22%3A%7B%22ph%22%3A%22admixer_top_mail%22%2C%22pos%22%3A1%7D%2C%22sender%22%3Anull%7D%2C%7B%22id%22%3A%224767f2d3-63f3-e8db-9980-397aa41558bc%22%2C%22tagid%22%3A%22c3c218c0-1f63-4c63-bd3c-c6409ae94d33%22%2C%22ext%22%3A%7B%22ph%22%3A%22admixer_mobile_inner%22%2C%22pos%22%3A0%7D%2C%22sender%22%3Anull%7D%5D%2C%22allimps%22%3A3%7D&am-uid=null&3rd=true

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

6df001cf4999e4267172cbc7294dbc17a43a2af6e558a36c476286322fbcc7bc

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Content-Encoding: gzip
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript
Keep-Alive: timeout=25
Content-Length: 5068
X-Xss-Protection: 0

GET
H2 200 220a3ab992256d1ee152.b.js Show response
cdn.admixer.net/scripts3/ 28 KB
11 KB 7ms
6ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/220a3ab992256d1ee152.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 63b18b5635fc1818da6712734fc0d500652a85fecf6dfe1b4cb3cee139e52899

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc29
date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
last-modified: Tue, 27 Apr 2021 11:13:52 GMT
server: nginx
etag: W/"6087f1f0-7029"
vary: Accept-Encoding
x-cached-since: 2021-04-28T14:02:09+00:00
content-type: application/javascript
access-control-allow-origin: https://football.ua
cache-control: max-age=31622400
access-control-allow-credentials: true
cache: HIT
expires: Fri, 29 Apr 2022 14:02:09 GMT

GET
H2 200 ede2c96e6a0d474ef44e.b.js Show response
cdn.admixer.net/scripts3/ 42 KB
18 KB 7ms
7ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/ede2c96e6a0d474ef44e.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: b3883229115068714ffc63c82db6f810e84201317cb0385cc3b7c94b0c305554

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc29
date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
last-modified: Tue, 27 Apr 2021 11:14:04 GMT
server: nginx
etag: W/"6087f1fc-a7af"
vary: Accept-Encoding
x-cached-since: 2021-05-06T16:39:35+00:00
content-type: application/javascript
access-control-allow-origin: http://www.sarahanews.net
cache-control: max-age=31622400
access-control-allow-credentials: true
cache: HIT
expires: Sat, 07 May 2022 16:39:35 GMT

GET
H2 200 ef30fd68f07ce65f2dec.b.js Show response
cdn.admixer.net/scripts3/ 13 KB
5 KB 8ms
7ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/ef30fd68f07ce65f2dec.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 606fb015f87ba5bbcf783cd6fecf1ac351ede8dafa4767a43be8cf80f1634eb6

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc29
date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
last-modified: Tue, 27 Apr 2021 11:14:04 GMT
server: nginx
etag: W/"6087f1fc-326c"
vary: Accept-Encoding
x-cached-since: 2021-05-07T07:05:12+00:00
content-type: application/javascript
access-control-allow-origin: https://perevod.i.ua
cache-control: max-age=31622400
access-control-allow-credentials: true
cache: HIT
expires: Sun, 08 May 2022 07:05:12 GMT

GET
H2 200 c9b3c2772742a8f4dab8.b.js Show response
cdn.admixer.net/scripts3/ 11 KB
4 KB 8ms
7ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/c9b3c2772742a8f4dab8.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: b5f1343b46d0b18e78ae7bfb6ec5cfd0195a35a07f74da58d0612e06b1c429c2

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc29
date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
last-modified: Tue, 27 Apr 2021 11:14:02 GMT
server: nginx
etag: W/"6087f1fa-2a79"
vary: Accept-Encoding
x-cached-since: 2021-04-28T14:02:09+00:00
content-type: application/javascript
access-control-allow-origin: https://football.ua
cache-control: max-age=31622400
access-control-allow-credentials: true
cache: HIT
expires: Fri, 29 Apr 2022 14:02:09 GMT

GET
H2 200 910dbc9c4cc7e1fe13ea.b.js Show response
cdn.admixer.net/scripts3/ 213 KB
73 KB 9ms
9ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/910dbc9c4cc7e1fe13ea.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: dce31a6eb9372790fc1bffe91850698f06d5f85efe59555770f63aa8f0693537

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc29
date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
last-modified: Tue, 27 Apr 2021 11:13:57 GMT
server: nginx
etag: W/"6087f1f5-35418"
vary: Accept-Encoding
x-cached-since: 2021-04-28T14:02:09+00:00
content-type: application/javascript
access-control-allow-origin: https://football.ua
cache-control: max-age=31622400
access-control-allow-credentials: true
cache: HIT
expires: Fri, 29 Apr 2022 14:02:09 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
171 B 150ms
50ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/af0bee68301ea81d4ecb.b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://mail.i.ua
date: Sun, 09 May 2021 20:17:21 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
171 B 150ms
50ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/af0bee68301ea81d4ecb.b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://mail.i.ua
date: Sun, 09 May 2021 20:17:21 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 1 KB
2 KB 325ms
211ms XHR
application/json 185.86.138.16
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/af0bee68301ea81d4ecb.b.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: d1201a9350c4b69ee61d8b77bf78ce64de672ed519aa71d8df8e2dae1ff84e3a

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: br
vary: Accept-Encoding
x-smrt-d: 4%3b24%3b82
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mail.i.ua
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
transfer-encoding: chunked

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 00D6 2 KB
818 B 139ms
45ms Document
text/html 51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=59d216e971852f2

Requested by

Host: inv-nets.admixer.net
URL: https://inv-nets.admixer.net/dsp.aspx?sender=admixer&rct=4&v=2.0&rnd=1175627873997724.5&cpv=20fca335-c5df-abf6-98f3-66fbec31f362&responseType=default&uids=%7B%7D&fpd=%7B%7D&data=%7B%22id%22%3A%221e221690-c85a-8072-6c15-63745cd27df1%22%2C%22site%22%3A%7B%22page%22%3A%22https%253A%252F%252Fmail.i.ua%252F%22%2C%22ref%22%3A%22%22%2C%22sf%22%3A0%7D%2C%22device%22%3A%7B%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36%22%2C%22sr%22%3A%221600x1200%22%7D%2C%22labels%22%3A%7B%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2294316749-ff6f-c46f-e27e-fb57dfb80126%22%2C%22tagid%22%3A%2210c147c0-92a2-4910-a618-1fbaf92467d1%22%2C%22ext%22%3A%7B%22ph%22%3A%22admixer_rm_inner%22%2C%22pos%22%3A1%7D%2C%22sender%22%3Anull%7D%2C%7B%22id%22%3A%2207eb3e74-6b89-6f67-67ae-e217490ff08a%22%2C%22tagid%22%3A%222724cbf4-a4a5-49cb-84fb-c8dd977b5901%22%2C%22ext%22%3A%7B%22ph%22%3A%22admixer_top_mail%22%2C%22pos%22%3A1%7D%2C%22sender%22%3Anull%7D%2C%7B%22id%22%3A%224767f2d3-63f3-e8db-9980-397aa41558bc%22%2C%22tagid%22%3A%22c3c218c0-1f63-4c63-bd3c-c6409ae94d33%22%2C%22ext%22%3A%7B%22ph%22%3A%22admixer_mobile_inner%22%2C%22pos%22%3A0%7D%2C%22sender%22%3Anull%7D%5D%2C%22allimps%22%3A3%7D&am-uid=null&3rd=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 , France, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=59d216e971852f2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mail.i.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mail.i.ua/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync.html
s.console.adtarget.com.tr/ 0
0 268ms
73ms Image
text/html 2a0c:5c81:5095:0:225:90ff:fefa:245d
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.console.adtarget.com.tr/sync.html?aid=517350
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5095:0:225:90ff:fefa:245d London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://mail.i.ua
Access-Control-Allow-Credentials: true

GET
H2

200

cm-notify
creativecdn.com/
Redirect Chain

https://creativecdn.com/cm-notify?pi=admixer
https://creativecdn.com/cm-notify?pi=admixer&tc=1

42 B
252 B

50ms
50ms

Image
image/gif

185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativecdn.com/cm-notify?pi=admixer&tc=1
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:21 GMT, Sun, 09 May 2021 20:17:21 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-type: image/gif
content-length: 42
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://creativecdn.com/cm-notify?pi=admixer&tc=1
date: Sun, 09 May 2021 20:17:21 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

adxcm.aspx
inv-nets.admixer.net/
Redirect Chain

https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6845806
https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6845806&tuid=-4928217980
https://inv-nets.admixer.net/adxcm.aspx?ssp=AA391812-3D60-4352-AC90-6449D7D09A7A&id=AtTLWAnQ-Pfzo2PN6V9CFbg

43 B
448 B

44ms
44ms

Image
image/gif

146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/adxcm.aspx?ssp=AA391812-3D60-4352-AC90-6449D7D09A7A&id=AtTLWAnQ-Pfzo2PN6V9CFbg

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:17:21 GMT
Transfer-Encoding: chunked
P3P: policyref="//adriver.ru/w3c/p3p.xml", CP="NON DSP COR CURa ADMa DEVa OUR BUS UNI COM NAV INT STA"
Location: https://inv-nets.admixer.net/adxcm.aspx?ssp=AA391812-3D60-4352-AC90-6449D7D09A7A&id=AtTLWAnQ-Pfzo2PN6V9CFbg
Cache-control: no-cache, no-cache=Set-Cookie, max-age=0, must-revalidate, proxy-revalidate, no-store
Connection: keep-alive
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK idsync
idsync.admixer.co.kr/ 43 B
904 B 1320ms
266ms Image
image/gif 183.110.238.136
KIXS-AS-KR Korea ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.admixer.co.kr:4450/idsync?pid=103&uid=016c23937bdc4f93bc967eb8638b88aa
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 183.110.238.136 , Korea, Republic Of, ASN4766 (KIXS-AS-KR Korea Telecom, KR),
Reverse DNS
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 10-May-2021 05:17:21 +0900
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Cache-Control: private, max-age=0, no-cache, no-store
Connection: close
Content-Type: image/gif;
Content-Length: 43
Expires: Mon, 01 Jan 2000 00:00:00 +0900

GET
H/1.1

200
OK

adxcm.aspx
inv-nets.admixer.net/
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=43070&callback_url=%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3D70C88C54-8654-4219-A50A-E344F86A4A28%26id%3D${USER_ID}
https://ads.betweendigital.com/match?bidder_id=43070&callback_url=%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3D70C88C54-8654-4219-A50A-E344F86A4A28%26id%3D${USER_ID}&crf=1
https://inv-nets.admixer.net/adxcm.aspx?ssp=70C88C54-8654-4219-A50A-E344F86A4A28&id=c46219ab-ca05-5281-b798-f1eed700b2bf

43 B
448 B

58ms
44ms

Image
image/gif

146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/adxcm.aspx?ssp=70C88C54-8654-4219-A50A-E344F86A4A28&id=c46219ab-ca05-5281-b798-f1eed700b2bf

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

location: https://inv-nets.admixer.net/adxcm.aspx?ssp=70C88C54-8654-4219-A50A-E344F86A4A28&id=c46219ab-ca05-5281-b798-f1eed700b2bf
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H/1.1

200
OK

1px-matching-go2net.gif
m.trafmag.com/images/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=admixer_dmp&google_cm
https://inv-nets.admixer.net/gadx/cm.aspx?google_gid=CAESEAi1JRRSmt0HzIYTdWo40f0&google_cver=1
https://m.trafmag.com/images/1px-matching-go2net.gif?id=186b48387cab4ab6870f748a94b5cd7c

35 B
351 B

157ms
54ms

Image
image/gif

193.200.65.6
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.trafmag.com/images/1px-matching-go2net.gif?id=186b48387cab4ab6870f748a94b5cd7c
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.65.6 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: adforce.team
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
P3P: CP="NON DSP COR CURa TIA"

Redirect headers

Date: Sun, 09 May 2021 20:17:21 GMT
Server: nginx
Access-Control-Allow-Origin: *
P3p: CP="NID DSP ALL COR"
Location: https://m.trafmag.com/images/1px-matching-go2net.gif?id=186b48387cab4ab6870f748a94b5cd7c
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=25
Content-Length: 0
X-Xss-Protection: 0

GET
H2 200 cm.php
ismatlab.com/cp/api/ 43 B
149 B 201ms
63ms Image
image/gif 52.19.6.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ismatlab.com/cp/api/cm.php?t=016c23937bdc4f93bc967eb8638b88aa&rurl=https%3A%2F%2Finv-nets.admixer.net%2Fadxcm.aspx%3Fssp%3DE74212A8-B685-43DE-96BE-5625F08BF373%26id%3D%5Baclid%5D45

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.19.6.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-6-23.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
server: nginx
strict-transport-security: max-age=31536000
content-type: image/gif

GET
H/1.1

200
OK

1px-matching-go2net.gif
m.trafmag.com/images/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=admixer_technologies&google_hm=MDE2YzIzOTM3YmRjNGY5M2JjOTY3ZWI4NjM4Yjg4YWE=&google_cm
https://inv-nets.admixer.net/gadx/cm.aspx?google_nid=admixer_technologies&google_gid=CAESEG1NPiP5eXZdeHqDuwPCtZo&google_cver=1
https://m.trafmag.com/images/1px-matching-go2net.gif?id=160a37dd19604045b890b0af6ce03178

35 B
351 B

155ms
52ms

Image
image/gif

193.200.65.6
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.trafmag.com/images/1px-matching-go2net.gif?id=160a37dd19604045b890b0af6ce03178
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.65.6 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: adforce.team
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
P3P: CP="NON DSP COR CURa TIA"

Redirect headers

Date: Sun, 09 May 2021 20:17:21 GMT
Server: nginx
Access-Control-Allow-Origin: *
P3p: CP="NID DSP ALL COR"
Location: https://m.trafmag.com/images/1px-matching-go2net.gif?id=160a37dd19604045b890b0af6ce03178
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=25
Content-Length: 0
X-Xss-Protection: 0

GET
H2 200 mwayss_invocation.min.js Show response
ad.mox.tv/mox/ 27 KB
9 KB 181ms
55ms Script
application/javascript 212.8.250.83
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1552&height=300&width=400&tld=www.i.ua&ctype=div
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.83 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: customer.worldstream.nl
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 8fbe99cac77c56627e9529552e91498163cb49c395e5dd7e0aa8e24ff07c74e5

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
last-modified: Thu, 21 Jan 2021 19:18:06 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"6009d36e-6cbb"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Sun, 09 May 2021 21:17:21 GMT

GET
H/1.1 200
OK ev_view.aspx
inv-nets-eu.admixer.net/ 43 B
448 B 132ms
43ms Image
image/gif 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets-eu.admixer.net/ev_view.aspx?cc=CH%2FZH%2F2657896&am-uid=016c23937bdc4f93bc967eb8638b88aa&zone=10C147C0-92A2-4910-A618-1FBAF92467D1&device=28&rule=367981D1-53B6-4DD6-8A3E-50DB6709E57C&requestId=32aa6221-6e1b-4d57-bb16-cf9a01db7fe5&hp=2002562437&page=mail.i.ua%2F&ts=637561882413771191&ap=NDM%3D&asign=-1824450964&markups=ZG1wZj0wJmRtcHA9ZmFsc2UmY3J0Zj0wJmNydHA9ZmFsc2UmY3J0YXRzPTAmYWRtZj0wJmFkbXA9ZmFsc2UmdGRmPTAmdGRwPWZhbHNlJnRvdGY9MCZ0b3RwPWZhbHNl&sync=45&bt=3&carr=Datacamp+Limited&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=2&extpubid=B33B3BDF-BE0E-438D-ADD0-AADF085D0524&inst=ADS-EU-5&pxl=0&pvid=1f7a5cc3-081b-4c2c-bf97-184c392cafa1&ip=84.17.53.159&item=4B4C6D43-3812-4DB3-AF0C-895D7FF523C8&crid=4B4C6D43-3812-4DB3-AF0C-895D7FF523C8&profile=EA4CA8E5-6ECE-461C-8A10-D3C839FF9999&adv=Mediawayss&dsp=UMH+Digital&dmp_pr=MA==&dstUrl=&cet=4&sw=[e=screen.width]&sh=[e=screen.height]&sf=0

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

GET
H2 200 / Show response
m.mixadvert.com/show/ 4 KB
5 KB 185ms
61ms Script
application/javascript 147.135.189.55
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://m.mixadvert.com/show/?id=7640

Requested by

Host: i.holder.com.ua
URL: https://i.holder.com.ua/t/holder.y128.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.135.189.55 , France, ASN16276 (OVH, FR),

Reverse DNS

m.mixadvert.com

Software

nginx/1.12.0 / PHP/5.4.16

Resource Hash

74d58f283fbb7a9aea0f9023f2d90228f1302aeb78be102dba5ec0b2ac9c4089

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000, max-age=15768000

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
server: nginx/1.12.0
x-powered-by: PHP/5.4.16
strict-transport-security: max-age=15768000, max-age=15768000
content-type: application/javascript; charset=utf-8

GET
H/1.1 204
No Content ev_prebid.aspx
inv-nets-eu.admixer.net/ 0
220 B 131ms
45ms Image
text/plain 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets-eu.admixer.net/ev_prebid.aspx?cc=CH%2FZH%2F2657896&am-uid=016c23937bdc4f93bc967eb8638b88aa&zone=2724CBF4-A4A5-49CB-84FB-C8DD977B5901&device=28&rule=44B79AA5-6D98-4282-B061-968A02126BC6&requestId=b8b141c7-8c33-420a-b401-940e77130d97&hp=2002562437&page=mail.i.ua%2F&ts=637561882413771191&ap=MA%3D%3D&asign=1433439847&sync=45&bt=3&carr=Datacamp+Limited&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=B33B3BDF-BE0E-438D-ADD0-AADF085D0524&inst=ADS-EU-5&pxl=0&pvid=1f7a5cc3-081b-4c2c-bf97-184c392cafa1&ip=84.17.53.159&item=8167273D-0350-4192-A2A7-6E2A0FB7CFFF&crid=8167273D-0350-4192-A2A7-6E2A0FB7CFFF&size=350x240&profile=36DBA250-021E-4192-BB34-F2EE916251DD&adv=N%2FA&dsp=UMH+Digital&dstUrl=&cet=18&sw=[e=screen.width]&sh=[e=screen.height]

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 09 May 2021 20:17:21 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H/1.1 204
No Content ev_prebid.aspx
inv-nets-eu.admixer.net/ 0
220 B 130ms
43ms Image
text/plain 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets-eu.admixer.net/ev_prebid.aspx?cc=CH%2FZH%2F2657896&am-uid=016c23937bdc4f93bc967eb8638b88aa&zone=2724CBF4-A4A5-49CB-84FB-C8DD977B5901&device=28&rule=44B79AA5-6D98-4282-B061-968A02126BC6&requestId=b8b141c7-8c33-420a-b401-940e77130d97&hp=2002562437&page=mail.i.ua%2F&ts=637561882413771191&ap=MA%3D%3D&asign=1433439847&sync=45&bt=3&carr=Datacamp+Limited&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=B33B3BDF-BE0E-438D-ADD0-AADF085D0524&inst=ADS-EU-5&pxl=0&pvid=1f7a5cc3-081b-4c2c-bf97-184c392cafa1&ip=84.17.53.159&item=5E5EC4A4-287F-4613-8D3B-354B1602DCD2&crid=5E5EC4A4-287F-4613-8D3B-354B1602DCD2&size=350x240&profile=A01BDF0B-F125-40F1-9022-C7F2F7F7F847&adv=N%2FA&dsp=UMH+Digital&dstUrl=&cet=18&sw=[e=screen.width]&sh=[e=screen.height]

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 09 May 2021 20:17:21 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H2 200 cm.js Show response
source.mmi.bemobile.ua/cm/ 52 KB
20 KB 162ms
162ms Script
application/javascript 194.247.175.23
BEMOBILE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://source.mmi.bemobile.ua/cm/cm.js
Requested by: Host: source.mmi.bemobile.ua
URL: https://source.mmi.bemobile.ua/cm/cmeter_an.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 194.247.175.23 , Ukraine, ASN196831 (BEMOBILE-AS, UA),
Reverse DNS
Software: nginx/1.13.0 /
Resource Hash: 5d1b56a762d63b6e9bfb8a70552ce75c1c3938c782f8d9de971ecc960836c451

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
last-modified: Wed, 06 Nov 2019 07:53:34 GMT
server: nginx/1.13.0
etag: W/"5dc27bfe-d0f6"
content-type: application/javascript; charset=utf-8
cache-control: no-cache
expires: Thu, 07 Nov 2019 07:53:34 GMT

GET
H2 200 impress Show response
ad.mox.tv/delivery/ 15 KB
7 KB 86ms
86ms XHR
application/json 212.8.250.83
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/delivery/impress?ctype=div&pzoneid=1552&height=300&width=400&tld=www.i.ua&in_iframe=&position=atf&screen_width=1600&screen_height=1200&top_domain=mail.i.ua&top_url=https%3A%2F%2Fmail.i.ua%2F&domain=mail.i.ua&url=https%3A%2F%2Fmail.i.ua%2F&referrer=&async=1&uid=3368938749
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1552&height=300&width=400&tld=www.i.ua&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.83 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: customer.worldstream.nl
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: cd803bf6edd3eeb159f7ffc11d6078a06969c7ae3391c1a83cf851c24adac19e

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://mail.i.ua
date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H2

200

swiper-bundle.min.css
unpkg.com/swiper@6.5.9/
Redirect Chain

https://unpkg.com/swiper/swiper-bundle.min.css
https://unpkg.com/swiper@6.5.9/swiper-bundle.min.css

14 KB
4 KB

18ms
18ms

Stylesheet
text/css

2606:4700::6810:7caf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@6.5.9/swiper-bundle.min.css

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e7cf285a1b739de82e47d7d61d6cf98dacdf234af698510179eb55b951adca5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 800505
fly-request-id: 01F4HH0B7PW836M2B626C7Z338
content-encoding: br
vary: Accept-Encoding
cf-request-id: 09f4600f770000074aaaa61000000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"3631-5JEmBTI1CQwNJdqmyrVqZZKW6Qs"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 64cd9c5f2b4b074a-FRA

Redirect headers

date: Sun, 09 May 2021 20:17:21 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 317
vary: Accept, Accept-Encoding
cf-request-id: 09f4600f590000074ab21b6000000001
fly-request-id: 01F59C42P0B4EG3JR1PV77HD8N
server: cloudflare
location: /swiper@6.5.9/swiper-bundle.min.css
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
cf-ray: 64cd9c5efacc074a-FRA

GET
H2 200 achernar.min.js Show response
ad.mox.tv/js/achernar/ 10 KB
4 KB 58ms
56ms Script
application/javascript 212.8.250.83
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/js/achernar/achernar.min.js
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1552&height=300&width=400&tld=www.i.ua&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.83 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: customer.worldstream.nl
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 1475a32cbdb80935b16d0700efe8b105a645f5539caf3bd8aa1fc182f6595af1

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
last-modified: Wed, 28 Apr 2021 16:32:00 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"60898e00-29d6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Sun, 09 May 2021 21:17:21 GMT

GET
H2 200 prebid.js Show response
ad.mox.tv/js/achernar/ 148 KB
47 KB 74ms
72ms Script
application/javascript 212.8.250.83
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/js/achernar/prebid.js
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1552&height=300&width=400&tld=www.i.ua&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.83 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: customer.worldstream.nl
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 2b481fde7487d79cff39b1bd0f30d38ee7f561e6581a519aeb0f37feb8146653

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
last-modified: Wed, 14 Apr 2021 12:20:15 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"6076ddff-250e9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Sun, 09 May 2021 21:17:21 GMT

GET
H3-29 200 gpt.js Show response
www.googletagservices.com/tag/js/ 61 KB
21 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1552&height=300&width=400&tld=www.i.ua&ctype=div

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d01bee2217520e397ef576db7942e716b942351a43c356b487356f76da4a39c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "867 / 594 of 1000 / last-modified: 1620425395"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21191
x-xss-protection: 0
expires: Sun, 09 May 2021 20:17:21 GMT

GET
H2

200

swiper-bundle.min.js Show response
unpkg.com/swiper@6.5.9/
Redirect Chain

https://unpkg.com/swiper/swiper-bundle.min.js
https://unpkg.com/swiper@6.5.9/swiper-bundle.min.js

139 KB
35 KB

20ms
20ms

Script
application/javascript

2606:4700::6810:7caf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@6.5.9/swiper-bundle.min.js

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b61abad8ac3d9892a9f0448bfd4b18ebddd7d5f174111686d70f8f2b7d59dc61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 800505
fly-request-id: 01F4HH0B7TJ4GFVYMYX59YHXXK
content-encoding: br
vary: Accept-Encoding
cf-request-id: 09f4600f6f0000074a25a05000000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"22ba8-8SH95oteu8blm9i/AVPlRZXhFlM"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 64cd9c5f1b2c074a-FRA

Redirect headers

date: Sun, 09 May 2021 20:17:21 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 374
vary: Accept, Accept-Encoding
cf-request-id: 09f4600f590000074ae48fc000000001
fly-request-id: 01F59C2CJ34P4TM1HSNMXKC1ZD
server: cloudflare
location: /swiper@6.5.9/swiper-bundle.min.js
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
cf-ray: 64cd9c5efacd074a-FRA

GET
H2 200 mwayss_invocation.min.css
ad.mox.tv/mox/ 3 KB
850 B 104ms
104ms Stylesheet
text/css 212.8.250.83
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/mox/mwayss_invocation.min.css
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1552&height=300&width=400&tld=www.i.ua&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.83 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: customer.worldstream.nl
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 60f74110267d386c033ca330fc5bbd7d2472c972b63b33fa8000e87c8f815de6

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 14:52:51 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"5ee0f3c3-a0a"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 p-gsmZhdaUra0N6.gif
pixel.quantserve.com/pixel/ 35 B
373 B 24ms
8ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel/p-gsmZhdaUra0N6.gif

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:21 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 magic.png
bgstats.mox.tv/ 0
66 B 158ms
50ms Image
image/png 167.71.9.19
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bgstats.mox.tv/magic.png
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.9.19 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
server: nginx/1.14.0 (Ubuntu)
content-length: 0
content-type: image/png

GET
H2

200

sync
ad.vidver.to/delivery/
Redirect Chain

https://x.bidswitch.net/sync?ssp=prodoohmox&user_id=c2dea746-e032-4fed-bc0e-2ccdbb46ced4&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=prodoohmox&user_id=c2dea746-e032-4fed-bc0e-2ccdbb46ced4&gdpr=0&gdpr_consent=
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dprodoohmox%26bsw_param%3D7c547ee2-4670-4548-b291-bb28cc6a...
https://x.bidswitch.net/sync?dsp_id=80&user_id=f5986098-4351-4200-a8ef-256c140eeaf0&expires=30&ssp=prodoohmox&bsw_param=7c547ee2-4670-4548-b291-bb28cc6aacc4&gdpr=0&gdpr_consent=
https://ad.mox.tv/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4
https://ad.mediawayss.com/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=YWQub3V0c3RyZWFtLnRvZGF5LGFkL...
https://ad.outstream.today/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=YWQuYWRvcHgubmV0LGFkLmludmFt...
https://ad.adopx.net/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=YWQuaW52YW1pYS5jb20sYWQudmlkdmVydG...
https://ad.invamia.com/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=YWQudmlkdmVydG8uaW8sYWQudmlkdmVy...
https://ad.vidverto.io/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=YWQudmlkdmVyLnRv
https://ad.vidver.to/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=

0
431 B

186ms
66ms

Image
text/html

185.132.133.134
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.vidver.to/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.132.133.134 Vianen, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 09 May 2021 20:17:23 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

Redirect headers

location: https://ad.vidver.to/delivery/sync?userid=7c547ee2-4670-4548-b291-bb28cc6aacc4&inner_redirect=1&inner_uuid=f0b37fb8-6181-4c38-879c-aaeabc94efdf&redirect_host_list=
date: Sun, 09 May 2021 20:17:23 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-origin: *
content-type: text/html; charset=UTF-8

GET
H3-29 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame BD65 132 KB
47 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6bda1421fc5ce7934caf8d700fd8111808a0111e5e406ec96ae23f74f9177e85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47911
x-xss-protection: 0
server: cafe
etag: 1180854679999446135
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 09 May 2021 20:17:21 GMT

GET
H/1.1 204
No Content ev_prebid.aspx
inv-nets-eu.admixer.net/ 0
220 B 44ms
43ms Image
text/plain 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets-eu.admixer.net/ev_prebid.aspx?cc=CH%2FZH%2F2657896&am-uid=016c23937bdc4f93bc967eb8638b88aa&zone=2724CBF4-A4A5-49CB-84FB-C8DD977B5901&device=28&rule=44B79AA5-6D98-4282-B061-968A02126BC6&requestId=b8b141c7-8c33-420a-b401-940e77130d97&hp=2002562437&page=mail.i.ua%2F&ts=637561882413771191&ap=MA%3D%3D&asign=1433439847&sync=45&bt=3&carr=Datacamp+Limited&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=B33B3BDF-BE0E-438D-ADD0-AADF085D0524&inst=ADS-EU-5&pxl=0&pvid=1f7a5cc3-081b-4c2c-bf97-184c392cafa1&ip=84.17.53.159&item=9B1B0305-7D25-4D27-94D9-2AAB9CA411F2&crid=9B1B0305-7D25-4D27-94D9-2AAB9CA411F2&size=350x240&profile=A30ACB44-18F1-45CA-BA85-5B440B44C7DF&adv=N%2FA&dsp=UMH+Digital&dstUrl=&cet=18&sw=[e=screen.width]&sh=[e=screen.height]

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 09 May 2021 20:17:21 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H/1.1 200
OK ev_view.aspx
inv-nets-eu.admixer.net/ 43 B
448 B 45ms
44ms Image
image/gif 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets-eu.admixer.net/ev_view.aspx?cc=CH%2FZH%2F2657896&am-uid=016c23937bdc4f93bc967eb8638b88aa&zone=2724CBF4-A4A5-49CB-84FB-C8DD977B5901&device=28&rule=96C82BEC-B531-4B18-9DCA-C68C264FAC72&requestId=b8b141c7-8c33-420a-b401-940e77130d97&hp=2002562437&page=mail.i.ua%2F&ts=637561882413771191&ap=Nw%3D%3D&asign=1009953158&markups=ZG1wZj0wJmRtcHA9ZmFsc2UmY3J0Zj0wJmNydHA9ZmFsc2UmY3J0YXRzPTAmYWRtZj0wJmFkbXA9ZmFsc2UmdGRmPTAmdGRwPWZhbHNlJnRvdGY9MCZ0b3RwPWZhbHNl&sync=45&bt=3&carr=Datacamp+Limited&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=B33B3BDF-BE0E-438D-ADD0-AADF085D0524&inst=ADS-EU-5&pxl=0&pvid=1f7a5cc3-081b-4c2c-bf97-184c392cafa1&ip=84.17.53.159&item=D401BBDF-2D4C-44B3-BBF7-6E2344ED36A2&crid=D401BBDF-2D4C-44B3-BBF7-6E2344ED36A2&size=728x90&profile=5D5CA5BF-70E9-4F3F-9BF1-CBDE9C06628C&adv=Google&dsp=UMH+Digital&dmp_pr=MA==&dstUrl=&cet=4&sw=[e=screen.width]&sh=[e=screen.height]&sf=0

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:21 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

GET
H2 200 pubads_impl_2021050501.js Show response
securepubads.g.doubleclick.net/gpt/ 303 KB
107 KB 168ms
59ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050501.js?31061027

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

9cd58fce5ff7afd625c8e887719242e31afdc0bbfd418eb34d1eb8c9789b84a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 05 May 2021 08:38:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109323
x-xss-protection: 0
expires: Sun, 09 May 2021 20:17:21 GMT

GET get_cookie
pa.tns-ua.com/bug/ 0
0

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210505/r20190131/ Frame BD65 224 KB
83 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210505/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3755662197386269&plah=mail.i.ua&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cd6c951096f7a376ac4d67812d7c09a069452cba6c4fa4f0ea1f052c1fd0c28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84600
x-xss-protection: 0
server: cafe
etag: 12591075211014417161
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 09 May 2021 20:17:21 GMT

GET
H2 200 jquery_1_7_2.js Show response
m.mixadvert.com/show/application/js/ 93 KB
93 KB 58ms
58ms Script
application/javascript 147.135.189.55
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://m.mixadvert.com/show/application/js/jquery_1_7_2.js

Requested by

Host: m.mixadvert.com
URL: https://m.mixadvert.com/show/?id=7640

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.135.189.55 , France, ASN16276 (OVH, FR),

Reverse DNS

m.mixadvert.com

Software

nginx/1.12.0 /

Resource Hash

f43121e8466577816a16da77f5b7948aa5496afeac7876a6318d7e967e73cb39

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000, max-age=15768000

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
last-modified: Mon, 17 Oct 2016 18:47:41 GMT
server: nginx/1.12.0
etag: "58051ccd-17278"
strict-transport-security: max-age=15768000, max-age=15768000
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 94840
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame BD65 12 B
53 B 142ms
84ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=mail.i.ua&callback=_gfp_s_&client=ca-pub-3755662197386269&cookie=ID%3D7ecdb0c965ea1fe6-2216a1a00cc8001f%3AT%3D1620591441%3ART%3D1620591441%3AS%3DALNI_MbAnXb4leQf5i0mWjsKVB3fhJa-bQ

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ Frame BD65 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=mail.i.ua

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame BD65 107 B
122 B 30ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mail.i.ua

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 58E4 61 KB
22 KB 486ms
486ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&h=90&slotname=7531674348&adk=1361311546&adf=3279755405&pi=t.ma~as.7531674348&w=728&psa=0&format=728x90&url=https%3A%2F%2Fmail.i.ua%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620591441787&bpp=4&bdt=38&idt=95&shv=r20210505&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3D7ecdb0c965ea1fe6-2216a1a00cc8001f%3AT%3D1620591441%3ART%3D1620591441%3AS%3DALNI_MbAnXb4leQf5i0mWjsKVB3fhJa-bQ&correlator=3933519630770&frm=23&ife=5&pv=1&ga_vid=741534965.1620591442&ga_sid=1620591442&ga_hid=517240314&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=64&biw=1600&bih=1200&isw=728&ish=90&ifk=2639203729&scr_x=0&scr_y=0&eid=44739524%2C31060711&oid=3&pvsid=2963908536776363&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b019jey81f2r&fsb=1&dtd=103

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57c5be87b92ba8143fc1213270e4bc0eaf34591071871fea6a72380f5b0240d0

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPe-4sm1vfACFaFmFQgdQtIIxQ&gqi=UUOYYLyeN96EwuIP9YaX6AI&layout=/sadbundle/%24csp%253Der3%24/305021829766971392/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3755662197386269&output=html&h=90&slotname=7531674348&adk=1361311546&adf=3279755405&pi=t.ma~as.7531674348&w=728&psa=0&format=728x90&url=https%3A%2F%2Fmail.i.ua%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620591441787&bpp=4&bdt=38&idt=95&shv=r20210505&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3D7ecdb0c965ea1fe6-2216a1a00cc8001f%3AT%3D1620591441%3ART%3D1620591441%3AS%3DALNI_MbAnXb4leQf5i0mWjsKVB3fhJa-bQ&correlator=3933519630770&frm=23&ife=5&pv=1&ga_vid=741534965.1620591442&ga_sid=1620591442&ga_hid=517240314&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=64&biw=1600&bih=1200&isw=728&ish=90&ifk=2639203729&scr_x=0&scr_y=0&eid=44739524%2C31060711&oid=3&pvsid=2963908536776363&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b019jey81f2r&fsb=1&dtd=103
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mail.i.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnVcFbK33EmLu0qOaowvJy_ZUI-kWj3RZlkbrlZHFiumDsi0E1jvz0fxkH7zF0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mail.i.ua/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPe-4sm1vfACFaFmFQgdQtIIxQ&gqi=UUOYYLyeN96EwuIP9YaX6AI&layout=/sadbundle/%24csp%253Der3%24/305021829766971392/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 09 May 2021 20:17:22 GMT
server: cafe
content-length: 22042
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame BD65 10 KB
7 KB 29ms
28ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210505&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78814ede6b9f9c7199153e96dbd33de7dbafa59fac105f2ee9c04297364d435c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7633
x-xss-protection: 0

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame BD65 73 KB
27 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0248976da97cef9d507c26ab78186f1fc82a4dc71963f29cc49946f09e72d69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620386783045400"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28014
x-xss-protection: 0
expires: Sun, 09 May 2021 20:17:21 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame BD65 17 KB
7 KB 34ms
13ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Sun, 09 May 2021 20:17:21 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 1355 12 KB
5 KB 15ms
14ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mail.i.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mail.i.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Sun, 09 May 2021 18:34:50 GMT
expires: Mon, 09 May 2022 18:34:50 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 6151
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js Show response
pagead2.googlesyndication.com/bg/ Frame 1355 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8786ea05fcdb361c9f5bf875ad59965c141a27fcc7b99c6462a76ab35180dc5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 18:40:45 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 03 May 2021 10:48:00 GMT
server: sffe
age: 5796
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5698
x-xss-protection: 0
expires: Mon, 09 May 2022 18:40:45 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=mail.i.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050501.js?31061027

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mail.i.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050501.js?31061027

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
9 KB 442ms
379ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2604136478997217&correlator=2406915054791588&output=ldjh&impl=fifs&eid=31060789%2C31060841%2C31060899%2C31061027&vrg=2021050501&ptt=17&sc=1&sfv=1-0-38&ecs=20210509&iu_parts=21679382043%2Cmt_banners%2Cmt_umh_www.i.ua_banner_S&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x250&fluid=height&prev_scp=mt_fln%3D1&cookie=ID%3D7ecdb0c965ea1fe6-2216a1a00cc8001f%3AT%3D1620591441%3ART%3D1620591441%3AS%3DALNI_MbAnXb4leQf5i0mWjsKVB3fhJa-bQ&bc=31&abxe=1&lmt=1620591442&dt=1620591442141&dlt=1620591440487&idt=1610&frm=20&biw=1600&bih=1200&oid=3&adxs=0&adys=1200&adks=78290566&ucis=1&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmail.i.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=300x-1&ga_vid=2007371597.1620591441&ga_sid=1620591441&ga_hid=608186328&ga_fc=false&fws=516&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050501.js?31061027

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

3daab60e8bf12ab27a90ea193619004c6784827fb55307a67258fb1de3b4c11a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8934
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mail.i.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 48ms
13ms Other
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050501.js?31061027
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 7ms
6ms Other
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050501.js?31061027
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
9 KB 506ms
444ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2604136478997217&correlator=2406915054791588&output=ldjh&impl=fifs&eid=31060789%2C31060841%2C31060899%2C31061027&vrg=2021050501&ptt=17&sc=1&sfv=1-0-38&ecs=20210509&iu_parts=52555387%2Ci.ua_300x250_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250&fluid=height&prev_scp=yb_ab%3Db%26yb_dc%3Dd%26yb_mx%3Dm179%26yb_tt%3Dtt4%26yb_ff%3D1%26yb_th%3D12%26yb_tm%3D17%26yb_wd%3D0&cookie=ID%3D7ecdb0c965ea1fe6-2216a1a00cc8001f%3AT%3D1620591441%3ART%3D1620591441%3AS%3DALNI_MbAnXb4leQf5i0mWjsKVB3fhJa-bQ&bc=31&abxe=1&lmt=1620591442&dt=1620591442146&dlt=1620591440487&idt=1610&frm=20&biw=1600&bih=1200&oid=3&adxs=300&adys=1200&adks=1399114245&ucis=2&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmail.i.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=300x-1&ga_vid=2007371597.1620591441&ga_sid=1620591441&ga_hid=608186328&ga_fc=false&fws=516&ohw=0&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050501.js?31061027

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

2f2ebd8631b849f0de058213f9a0da527686384d8c14fde20fff22c2f9dba6cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8960
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mail.i.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 61 KB
21 KB 497ms
435ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2604136478997217&correlator=2406915054791588&output=ldjh&impl=fifs&eid=31060789%2C31060841%2C31060899%2C31061027&vrg=2021050501&ptt=17&sc=1&sfv=1-0-38&ecs=20210509&iu_parts=21830442390%2Ci.ua%2C300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x250&fluid=height&cookie=ID%3D7ecdb0c965ea1fe6-2216a1a00cc8001f%3AT%3D1620591441%3ART%3D1620591441%3AS%3DALNI_MbAnXb4leQf5i0mWjsKVB3fhJa-bQ&bc=31&abxe=1&lmt=1620591442&dt=1620591442149&dlt=1620591440487&idt=1610&frm=20&biw=1600&bih=1200&oid=3&adxs=600&adys=1200&adks=4038625107&ucis=3&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmail.i.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x-1&msz=300x-1&ga_vid=2007371597.1620591441&ga_sid=1620591441&ga_hid=608186328&ga_fc=false&fws=516&ohw=0&btvi=3&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050501.js?31061027

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

1b79095567dfba352749489d07181a4207a94460f7f08a7b873a4ca9d1343864

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNLD-cm1vfACFbjKuwgd4xADsw&gqi=&layout=/sadbundle/%24csp%253Der3%24/13264340863758106624/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNLD-cm1vfACFbjKuwgd4xADsw&gqi=&layout=/sadbundle/%24csp%253Der3%24/13264340863758106624/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21920
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Sun, 09 May 2021 20:17:22 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mail.i.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 427 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7d818c698d26d9d34c00c94853c93b34abb2fd53e97c415fafb9e84df993f31

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD65 0
20 B 40ms
39ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210505&jk=2963908536776363&bg=!gIOlg8fNAAYP3QOmD907ACkAdvg8WtMz54VNky5S9LTlZb4OXMsbwbXgAkInVz5cvPn9287R55hREgIAAAC8UgAAAA1oAQeZAlTIeDOqsx41NOU5tMX8qL_ZBh-Hq2gXePLT99uHe6L4f198xsWfNrK9c1AkHPn_qfubTYQyfSqEPXSm8xq6-R0_7II36osIZVb3gdg5MrmUDnvLQ-8lKU1IrhClhSx4sTG_ziH30qdgiccVIoTQNV4GBH9R-ddHr2-1cRKFleoMQiQ92SCyp4UJaTr6WXLo1zM9eLmniqLh0_ElDq4jjfWplz3hL8He6TgNjGzpde0wa0i84ukc_NrnYA3KF6ERjRKOke5kFNVNId-OuvECkMgVgcLiHLfnhPszfTUuK6nWxkd1nDCjcxAhbWzVSclDkHTPhqqra0OQC3WkwNwcTXfApILu9yy0o_Fa9nBVsFKu06eYjOYgdmgnfM_9VfhG4HQSZGVs-o7YavbfpXt-52-ezts-12FP7vpA42OvESX2CpI11W6bkcqgkxDquCmB6HQi2_lBtnuiaEDDP4FNOJzlVjPDUCUB7bMgPiMnJNgbS12Pf-x_Xvh2M4YkLxU6UYjNsFvpZ-C-fUY_6KSNu1FH5M92hRykJEHx4qrbTo_vP1bgYvIDeEDdrE9gqAp9hAPbcqK_nihpJpIl9keEra7SBKg7JUnHH7BhX9O0Jdfd0jdPr4FP5lUmAaQ17oq_DbwxKMqxrRCXd65X3X8a0c5ebrhiIqq-8XEzfsL5G4QumS7jSJaqI0x9YMyec28ZECarsGqy8V5tfcdVpZRMpMBTIBwZ8Ak0OcdP1gPXcEudfCCiP3EVH3L5NJ75VCkJZESc-JmbRBiJYInSdAgXWdP443106A

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame 58E4 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&h=90&slotname=7531674348&adk=1361311546&adf=3279755405&pi=t.ma~as.7531674348&w=728&psa=0&format=728x90&url=https%3A%2F%2Fmail.i.ua%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620591441787&bpp=4&bdt=38&idt=95&shv=r20210505&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3D7ecdb0c965ea1fe6-2216a1a00cc8001f%3AT%3D1620591441%3ART%3D1620591441%3AS%3DALNI_MbAnXb4leQf5i0mWjsKVB3fhJa-bQ&correlator=3933519630770&frm=23&ife=5&pv=1&ga_vid=741534965.1620591442&ga_sid=1620591442&ga_hid=517240314&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=64&biw=1600&bih=1200&isw=728&ish=90&ifk=2639203729&scr_x=0&scr_y=0&eid=44739524%2C31060711&oid=3&pvsid=2963908536776363&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b019jey81f2r&fsb=1&dtd=103

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:16:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:16:52 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 58E4 116 KB
35 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d0699772b8ca80d6ef1ac55871141afd77cda372f15f1a97b74b41dae70ab25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620386788828326"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36100
x-xss-protection: 0
expires: Sun, 09 May 2021 20:17:22 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame 58E4 13 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:15:57 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 58E4 0
0 15ms
15ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS0WFfa_U3w1ba8OtJK3CHX7lbCi2qbMbj5GwWXJweImfnLPv_fU97iNFLjd2FMmDzya8v-82QNJgZHuzQK8JXeVw05PA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&h=90&slotname=7531674348&adk=1361311546&adf=3279755405&pi=t.ma~as.7531674348&w=728&psa=0&format=728x90&url=https%3A%2F%2Fmail.i.ua%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620591441787&bpp=4&bdt=38&idt=95&shv=r20210505&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3D7ecdb0c965ea1fe6-2216a1a00cc8001f%3AT%3D1620591441%3ART%3D1620591441%3AS%3DALNI_MbAnXb4leQf5i0mWjsKVB3fhJa-bQ&correlator=3933519630770&frm=23&ife=5&pv=1&ga_vid=741534965.1620591442&ga_sid=1620591442&ga_hid=517240314&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=64&biw=1600&bih=1200&isw=728&ish=90&ifk=2639203729&scr_x=0&scr_y=0&eid=44739524%2C31060711&oid=3&pvsid=2963908536776363&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b019jey81f2r&fsb=1&dtd=103
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/ Frame C6A8 225 KB
29 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

782ed812720bd76fb55f0918e33fd9d79a2b9f1fd63b4919a65afed0eb6656a9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/305021829766971392/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Tue, 04 May 2021 07:50:39 GMT
expires: Wed, 04 May 2022 07:50:39 GMT
last-modified: Mon, 21 Dec 2020 16:07:03 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 29401
age: 476803
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 58E4 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CJuMcUUOYYLfSN6HN1fAPwqSjqAyTqtOpYtDMzYmhDbHR_d8FEAEgxuCLeWCVAqAB7MyG4QLIAQmpAghGsVcRaLQ-qAMByAMCqgSfAU_QX33Ez0qz_uyR1X3lw0fy2lFUa8i496lmhJ3JfEzXn-X88F1D_Ns16COhP6Kv7he6EFXI6Vcmb0UeVubIKkuWYdXH01lTcKCz2bS0pygZmEpA9nYU7ex-Sc9L2NLfDoS99Cncfv_q6h7ysjLwSmVjNhK-DUR3VFLpNpkmcAkj516urrh7nzpfyGTjNp6z8CVJJKNz1UazWmTsemLAXsAEqePU_6cDkgUECAQYAZIFBAgFGASgBl2AB_yy-Z4BqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEELr5YdIICQiA4YAQEAEYH4AKAcgLAdgTDNAVAZgWAYAXAbIXGgoYCAASFHB1Yi0zNzU1NjYyMTk3Mzg2MjY5&sigh=ZggftNexEKg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&h=90&slotname=7531674348&adk=1361311546&adf=3279755405&pi=t.ma~as.7531674348&w=728&psa=0&format=728x90&url=https%3A%2F%2Fmail.i.ua%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620591441787&bpp=4&bdt=38&idt=95&shv=r20210505&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3D7ecdb0c965ea1fe6-2216a1a00cc8001f%3AT%3D1620591441%3ART%3D1620591441%3AS%3DALNI_MbAnXb4leQf5i0mWjsKVB3fhJa-bQ&correlator=3933519630770&frm=23&ife=5&pv=1&ga_vid=741534965.1620591442&ga_sid=1620591442&ga_hid=517240314&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=64&biw=1600&bih=1200&isw=728&ish=90&ifk=2639203729&scr_x=0&scr_y=0&eid=44739524%2C31060711&oid=3&pvsid=2963908536776363&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b019jey81f2r&fsb=1&dtd=103
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 09 May 2021 20:17:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3A02 143 B
163 B 8ms
7ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&h=90&slotname=7531674348&adk=1361311546&adf=3279755405&pi=t.ma~as.7531674348&w=728&psa=0&format=728x90&url=https%3A%2F%2Fmail.i.ua%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620591441787&bpp=4&bdt=38&idt=95&shv=r20210505&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3D7ecdb0c965ea1fe6-2216a1a00cc8001f%3AT%3D1620591441%3ART%3D1620591441%3AS%3DALNI_MbAnXb4leQf5i0mWjsKVB3fhJa-bQ&correlator=3933519630770&frm=23&ife=5&pv=1&ga_vid=741534965.1620591442&ga_sid=1620591442&ga_hid=517240314&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=64&biw=1600&bih=1200&isw=728&ish=90&ifk=2639203729&scr_x=0&scr_y=0&eid=44739524%2C31060711&oid=3&pvsid=2963908536776363&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b019jey81f2r&fsb=1&dtd=103
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnVcFbK33EmLu0qOaowvJy_ZUI-kWj3RZlkbrlZHFiumDsi0E1jvz0fxkH7zF0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&h=90&slotname=7531674348&adk=1361311546&adf=3279755405&pi=t.ma~as.7531674348&w=728&psa=0&format=728x90&url=https%3A%2F%2Fmail.i.ua%2F&ea=0&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620591441787&bpp=4&bdt=38&idt=95&shv=r20210505&cbv=%2Fr20190131&ptt=9&saldr=aa&cookie=ID%3D7ecdb0c965ea1fe6-2216a1a00cc8001f%3AT%3D1620591441%3ART%3D1620591441%3AS%3DALNI_MbAnXb4leQf5i0mWjsKVB3fhJa-bQ&correlator=3933519630770&frm=23&ife=5&pv=1&ga_vid=741534965.1620591442&ga_sid=1620591442&ga_hid=517240314&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=64&biw=1600&bih=1200&isw=728&ish=90&ifk=2639203729&scr_x=0&scr_y=0&eid=44739524%2C31060711&oid=3&pvsid=2963908536776363&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.b019jey81f2r&fsb=1&dtd=103

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 09 May 2021 19:57:10 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1212
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 58E4 0
20 B 45ms
44ms Other
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPe-4sm1vfACFaFmFQgdQtIIxQ&gqi=UUOYYLyeN96EwuIP9YaX6AI&layout=/sadbundle/%24csp%253Der3%24/305021829766971392/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C6A8 4 KB
686 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cea0f8101de8a13f1f4a4610f910c8e6349c8f730ae8c5cb8e9b4823212e451c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 09 May 2021 18:59:42 GMT
server: ESF
date: Sun, 09 May 2021 20:17:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 09 May 2021 20:17:22 GMT

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame C6A8 16 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 03:56:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58829
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 10 May 2021 03:56:53 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame C6A8 26 KB
10 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 18:54:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4962
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 10 May 2021 18:54:40 GMT

GET
DATA 200
OK truncated
/ Frame 58E4 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: df0acf5ff16251aa86de74b66cec8431c7c767b6534ae97b7ca51bfb6203f403

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 204
No Content logcz.aspx
inv-nets.admixer.net/ 0
220 B 44ms
43ms Image
text/plain 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/logcz.aspx?zone=10c147c0-92a2-4910-a618-1fbaf92467d1

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 09 May 2021 20:17:22 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3A02
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnVcFbK33EmLu0qOaowvJy_ZUI-kWj3RZlkbrlZHFiumDsi0E1jvz0fxkH7zF0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 09 May 2021 20:17:22 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 09-May-2021 21:17:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 09 May 2021 20:17:22 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 09 May 2021 20:17:22 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame C6A8 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 04:23:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
age: 57239
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
expires: Mon, 09 May 2022 04:23:23 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame C6A8 15 KB
16 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 06 May 2021 15:35:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
age: 276113
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
expires: Fri, 06 May 2022 15:35:29 GMT

GET
H3-29 200 Logo_black_0.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/ Frame C6A8 4 KB
4 KB 9ms
7ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/Logo_black_0.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66e1d7f46761f438550f7894c1f43943000bd680b6043f756cc4492c30e639dc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 376521
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4365
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:07:03 GMT
server: sffe
date: Wed, 05 May 2021 11:42:01 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 May 2022 11:42:01 GMT

GET
H3-29 200 cta.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/ Frame C6A8 881 B
907 B 8ms
7ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/cta.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6eb1a910a8765764fbd2eee3f572e777bb6bdc14c4ad4030144a95a5e51c3a3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 227811
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 881
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:07:03 GMT
server: sffe
date: Fri, 07 May 2021 05:00:31 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 May 2022 05:00:31 GMT

GET
H3-29 200 logo.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/ Frame C6A8 3 KB
3 KB 12ms
11ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/logo.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

510d07bf2eb847c9f3b61f6c1624684febb6b04624ba304e3b8ef8a47f165cd1

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 376521
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3162
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:07:03 GMT
server: sffe
date: Wed, 05 May 2021 11:42:01 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 May 2022 11:42:01 GMT

GET
H3-29 200 CTA_Signers_blank.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/ Frame C6A8 2 KB
2 KB 11ms
10ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/CTA_Signers_blank.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

edbec997dbdb9747d5fbc76ebebf0fbf439c057ec50520205740a74c623994c0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 376521
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1889
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:07:03 GMT
server: sffe
date: Wed, 05 May 2021 11:42:01 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 May 2022 11:42:01 GMT

GET
H3-29 200 3_1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/ Frame C6A8 17 KB
17 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/3_1.jpg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

adf7d38407a81f931c0ae3f0b20c5d1cd801fc24fb6155b6c1e5ece2000431cc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 376521
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17428
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:07:03 GMT
server: sffe
date: Wed, 05 May 2021 11:42:01 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 May 2022 11:42:01 GMT

GET
H3-29 200 2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/ Frame C6A8 9 KB
9 KB 12ms
11ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/2.jpg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

166f2a180eccb745ea7fd7efb4675ad97146e15d7d49483725876bf9f19cb4e5

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 227808
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9097
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:07:03 GMT
server: sffe
date: Fri, 07 May 2021 05:00:34 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 May 2022 05:00:34 GMT

GET
H3-29 200 1_1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/ Frame C6A8 13 KB
13 KB 12ms
11ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/305021829766971392/1_1.jpg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c173dcd34cfd62b8830955492daf597321b2d3e73dbc9aa1fafae6e2162f716

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 476801
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13102
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:07:03 GMT
server: sffe
date: Tue, 04 May 2021 07:50:41 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 May 2022 07:50:41 GMT

GET
H3-29 200 container.html Show response
d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1083 6 KB
3 KB 20ms
6ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050501.js?31061027

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mail.i.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mail.i.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sun, 09 May 2021 20:17:22 GMT
expires: Mon, 09 May 2022 20:17:22 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 tracking
ad.mox.tv/delivery/ 51 B
51 B 61ms
61ms Image
text/html 212.8.250.83
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/delivery/tracking?hash=cSs0RDRlN1g0bjBpTVhPM3k1bnBtNzJDS2pmMjhMMElzbWhPc1N2b25lbjZyT1RaQlUzWHQwMk4yWVNZZHZaakFGM1VrNGdYclA4SFhOWDlRVEhjOUJBc2dRR3FEY1Uxd2pqdXZOSGM2TXdRRE1FL3Y4WlRtK2doYVhqeENjbWRLWG5MTTJpMU5QaVFxYy9HaVNESFZJQllwRHMveHBTODhkdlIyMUtWWUp1WGVIV0hEcGFRTU9tK1Rpblk4S0ZzVXFsM0E1VHhaQjJhRWxLb2NITFVJZDVWc2hnUWJIaEdqWWNRRFFPbFQyaz0%3D&params=WU5hbjdEMFYwSjFoSjB4VmZOWlNFUT09
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.83 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: customer.worldstream.nl
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D517 478 B
251 B 20ms
20ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQ1K6oAhim9OqVATAB&v=APEucNU6-reOgS82g-LhgSrNyxMVUM7-QaKAscQFdiZOTPZPZyHxXcrIyVn7CksAhNqMltW4_WMC5biF3NilFroUgRff_gbsWv15ZFJMUa9ruUnC_XrkFBxTqrh9cQ5FkBUIYeedCeh0Zfwt2JEnasACTfWzeGgjWNja4zCMcAYDmdG6uFk-NCBou2VKp_HZuVKMJc7pJQ_xkdCSA5ouSbdEF1IvFJuN1g

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMXlgQEQ1K6oAhim9OqVATAB&v=APEucNU6-reOgS82g-LhgSrNyxMVUM7-QaKAscQFdiZOTPZPZyHxXcrIyVn7CksAhNqMltW4_WMC5biF3NilFroUgRff_gbsWv15ZFJMUa9ruUnC_XrkFBxTqrh9cQ5FkBUIYeedCeh0Zfwt2JEnasACTfWzeGgjWNja4zCMcAYDmdG6uFk-NCBou2VKp_HZuVKMJc7pJQ_xkdCSA5ouSbdEF1IvFJuN1g
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnVcFbK33EmLu0qOaowvJy_ZUI-kWj3RZlkbrlZHFiumDsi0E1jvz0fxkH7zF0; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 09 May 2021 20:17:22 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1083 43 KB
20 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CgRB2shi2qZUh4840E-AjqxzbgDcEM-pwkCuaFjDDgeZyUUi16acrq8RHv2zevqubRFFB0CwOeSNdQdMQtFt9fu2ucOnsgl9rbuBlKpwegd1AKjppzP5f-6Lsdaw1DUmJTRq-K5vW1rco2RCt36fYuRumPyA&dbm_d=AKAmf-Cmm-7ATRHsngZO5Ly9aTqvpBmaLHLentby_SaZF0tussTCYKHD-lpdygkW1AAzWCoqzF68cCNLl_l2FnlzgFogLwrfxpuPnTmG1u9IROQtOkjgYaAeqwPSrwV3tBvUtZOAO42kZte34dBS45sDTB7A614fsjyLHdSRjUlhxx_mv07FStB-W15w_za4_yqzWizeVDz6b-I7hlB0t1VChT-DdYp0Ic3pLKGvvrc1RedymDEUmW3MkLLGekwnbC04X9cQ3-ELYxblq3oIZyqmBL7TUL4szGwBh_VPSQnP8_6LtsuCUZ8IfjXLD1UFXNaI6yX_JGD0UYjScnthvIRFFr7IVn-RGx-JL8EkmEPZcJmqAvTZJmn4G67IslcsMmWz5HkRoIdnq-dy5OuossmfjYZc_mKN4ulIZJv7uT7BwiePJY1qQ6tnR0zQlucQncRA2we6KEaoSAPnCr1stE3mE7u43tgdr016-1Z4PPaUcF3L0DDHit0X0ve4t8RyJ9XTd_YC5uvOOAIIg0__h_ZAzZt5zMC2-Jyl_sDmQ9lDZYdjn6pgArixgn4wfcKKnawY_L2nbSfJjI3XCbbWfP_NEd_IEq1vuRtthSChnlnvDo6nhBqpJUhOe0DDk5peH8ExePquo3NPJuPbQtcHiVmTSdODHn7Rn63veTrG_l51Lkig7eRLptuVxfy28tpqgZtLMtdds-lS6Ub-FWTo1WRQ4aXnjcfjCMj58j_y7VfPfaAm2E3xVJEu17cfOsNSNZ89bmVjcP-oS32S-6VJqaaoWO8dcptFiprhxhAM_BYLVACYQsJ-AKFxvPVE64yZFrdklJR4W2DQytc2pgE7oVn6_Ywhb4cVqoTHM1YHqLzleOKR2ydnDsWOghoRGXKsRF9rKoquhv4vawyaEV4FFy1ojE8kQ1KKZMOXZtHkjZ5h72F-xNhz3rgoDI9cldHm8nTG2PxE6xvF8jlRjeKTZDs0ViY58RKJz_iWo5jykQz87a8R8hySphjf9vgp8hhKfhyaH68FoPMLDvFlUncdkYtEWTv_-7URv6f99R5PU6sXBTgiA6lastIcXrMXwWRuBemTtp71hv6IVspjk0VckR689ngcJLa0tGriI8mTE8os1PIqbpKCC1pF8RVC_b9yp0LTXpR71jGkuDLv36OtwOHzRrRIbv_CaHFTKyau61BpOeJb5LChHUnwLoLBdcB8qw6b2j-ql4hA99Hlu4yS2tvaw0H3JjGk7k22g-jjjEtL3HSyq6Pcf96Moqm7Ci6db8Papwlmm_SlhvfKr9MdPMk-yMQGFxKxNSgkZrD6gi0-F1CPPdYdT3ReDtLxJqekWnO5Svc1cnfh2XGDqMty1H8-dnTgct9314UzJ_JOYQLqcv86JNMsO1rfLmuR-uEyq3E9JcfeGAWs4N-CoFCr2L5JB0zJP_YM72piibuZCmpEwxQrPXNMqmTQUHX3BRwLg96H4KqJ2X5iY9mLnrXX3zVxeByqGNJXHHTRirYAZ1CmULAdukluuX8n83zcKoW3LQ_WjXFt8vIhGswTYvnK1FRd-LP25qw9TawKKAmyJT23Tj2ZdfSt2L76S3lClRO0n3Qfmvpp2do2cJ7agEYpqoxSwrUfW34gqTcoZVJXG34OuGAY1hHTnv9uq-MOSxijDAuFJvzEU7-at6_L9s8W38AXObWt93fue1uKKuQc1owm11-_xHJZbX8CIPk9e4yJCj__gSvu0VGT2E0ASJGXHp6wFdLM5Zc-nOvY2SXfXRmZ73jfIqoU9ci1yTyUd0uR1ZhTp6gzYQUvgtXS3xL0_6f7c9gcSUwvqEtvb7pKPPH_MKQQ96ZFvSaz2P_tqcAzDxLbJ0lyNvSC7ICryZk7m9-CLlRnITp7QzdVjy8T2GU6ug7KJ-ydjDp3xCoOFzrRm3SfisV3p45iOoHxq8kfzfds0JRXMcmaDMTo731kTz0nlSty7lvZHJnxiOaixaV24WAfpRWwC4nzhZVWBr0MvF5W6kWHcYd5_O34V8fZ6LwDlqKYjM-D3khXe_TEpo-xyldx-91utH0EmeneK8ZXNYHqtiYel6eA0BSAebr81NhzUGBjwxGlojBBwMr7bWCPUg4YUnvdUaEsBsCfmo76qcLmQgk7RbT7jMdCl89lVAJmJIqH5MaDA_oGuEJONkgCoy-3dRE1VcmjoL6gA89Id9kRLryqUQ2FgVSBNTjKOseRcohHO8ik3MS4ogI-J2TyAfmsKvQQbYksG1IfaK0F9d-Db3R11kNYi7aA5ANbHvenJKuuIPAoimn1CltRcOVg8-0nsn3AqYju68PByW108Gpj3-ZoOXjasjauIaozz5YEx270pNrvdYWqrPPbqG15d0l1uxuzysWNPXKxQ8ZktCwzcQ9OHcsvrFmDUfVQ7Sm-cSJBtZatFde05QqqkGEDmgEWx8Gr1mZwynCPaj5s6XxAbYKwj53nZ_C6a0LJNBM2msjCWJSTnxEWVgX71kMQiObjkiYEAo14cMJaQ5zhO7mSLo0hV__avNX4Rrln78D7AClRvYGBxW_gnrqzQFS_UrQpxnEwRHbghGIwnotZATGuz9jFT7kc5j9DysbpRjP8MKB_aIzsPG48Zz-upk6IMjoqzgyRuS223flNL2z1GvPvJnNsWG0vxB6ectOZ1qfsly9xlbiKX5xerCFAcrXJwNwIdMtb1zXLmtoa4CKVMzqvugcRLWXjmXhprxw2H4AMxlaguq0jp9828QcZFMvdBCF4UU16oNrTWpKJQe4eTxnEO54ojgyxRfXrGItYu-vc6MOoClmSzA9Fdw1i1K3Pt2C08kNe2sSmo9H6xqGC2wlAX4os_EIgGaR8kDMVOc7aRCtKd-kEYVwoRGUnNA450BcauGJCPBoq-r0BJ7ncuOQxcZDv6_TluLV0C9xuLXDG83StTW5tzuUdiaiMWIaNVeDrqEldbVLGo9FDIS0OoQgoRwJfvN9TUxMlb9vUAGTeB11r6gsI7YA&cid=CAASEuRo7ZbLoUIuYwOmR1ul94WZqw&rfl=1%2Chttps%253A%252F%252Fmail.i.ua%252F%240

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

91e9d4a3826a7d2831bf8e85b079192ca76e4bbaf309f0699632bb4d68279245

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20906
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1083 42 B
63 B 39ms
38ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CvXuYy98jmoS-5OvmrrCetQQkMFP7umWeA52WmT0kRG5KzZdBlUljp_oNXk0NE_ilDhXC3Zaq4ksLKiInrQtHOUl1dmV4tjBspAd5PYgQ1M0YlKZ0

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame 1083 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/window_focus_fy2019.js

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:16:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:16:52 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1083 116 KB
35 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d0699772b8ca80d6ef1ac55871141afd77cda372f15f1a97b74b41dae70ab25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620386788828326"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36100
x-xss-protection: 0
expires: Sun, 09 May 2021 20:17:22 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame 1083 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:15:57 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 1083 0
0 15ms
14ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRb_ANiE1hH71ghz5I3JHgs_zhp_zC0gIZT-lnmTA3S3eRn14Gy1OuRGcOfOEZEMUD6cjTfjlPkqMxn61FkzCeJNrRweA
Requested by: Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 container.html Show response
d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D0D6 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050501.js?31061027

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mail.i.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mail.i.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sun, 09 May 2021 20:17:22 GMT
expires: Mon, 09 May 2022 20:17:22 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 tracking
ad.mox.tv/delivery/ 51 B
51 B 62ms
62ms Image
text/html 212.8.250.83
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/delivery/tracking?hash=dWFOQ2lleWRPaVZibkx6U3Rqd0V0dEN1bzFiVXZpN0E4ZlBVSENyR1VwV0l4UVRheGRPM0p2cGJCbGEwYkpPRm9WK01EbzNFQ0NwNDloV2hQWUpOeVU4ckJPMTRIMjF2YS9obnpmWlQ3NWlYeFYwS2JxenlUd1c3NGhIbFQzQ1QyOExIRTdvTGhtQWgyc1Z1dWpsdThmT3BvN25TcjUwa092eno0Qkw4c3U4QjRZRXlxck1ROXBUM3ZqT1Q1ZTdRbFN2c3FNOE5XRFVZSG1kL1RuV0U4bExrSHArME1OdGNlK0lPbDRrR1g5bz0%3D&params=WU5hbjdEMFYwSjFoSjB4VmZOWlNFUT09
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.83 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: customer.worldstream.nl
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3-29 200 container.html Show response
d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2B8C 6 KB
3 KB 8ms
6ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021050501.js?31061027

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mail.i.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mail.i.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sun, 09 May 2021 20:17:22 GMT
expires: Mon, 09 May 2022 20:17:22 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 tracking
ad.mox.tv/delivery/ 50 B
50 B 61ms
61ms Image
text/html 212.8.250.83
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/delivery/tracking?hash=NFZlWG5KZUlpZFZUVWgvYXdBZ0htdFhnZzA2S1ZJRFVqU2dQQWxlYzNnemROcDRiSnFUSVJ0UmVFelIxeDh5MmI5UXllZldBd2F0cGZMR2hzZXVvZFVIUC9oTXpvVlQ0eHNodXNRUk9PeWVGeUZWUy9SdjBMVVBHcEN0TFdpNm1zUE9qQzNPYWNrQzlZSXVOOTFxWnAzSlVjTS9hRjV3dUZiYjMxT292bDJVVkV0ZW9mSXJtK1IxTmRVWGNqVkZmNUp1RXc1TjZqWVpkYitDeXkzVjlJMGozcVFpTTdKL09RYXh2Wmh2VkNoUT0%3D&params=WU5hbjdEMFYwSjFoSjB4VmZOWlNFUT09
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.83 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: customer.worldstream.nl
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/ Frame 1083 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CgRB2shi2qZUh4840E-AjqxzbgDcEM-pwkCuaFjDDgeZyUUi16acrq8RHv2zevqubRFFB0CwOeSNdQdMQtFt9fu2ucOnsgl9rbuBlKpwegd1AKjppzP5f-6Lsdaw1DUmJTRq-K5vW1rco2RCt36fYuRumPyA&dbm_d=AKAmf-Cmm-7ATRHsngZO5Ly9aTqvpBmaLHLentby_SaZF0tussTCYKHD-lpdygkW1AAzWCoqzF68cCNLl_l2FnlzgFogLwrfxpuPnTmG1u9IROQtOkjgYaAeqwPSrwV3tBvUtZOAO42kZte34dBS45sDTB7A614fsjyLHdSRjUlhxx_mv07FStB-W15w_za4_yqzWizeVDz6b-I7hlB0t1VChT-DdYp0Ic3pLKGvvrc1RedymDEUmW3MkLLGekwnbC04X9cQ3-ELYxblq3oIZyqmBL7TUL4szGwBh_VPSQnP8_6LtsuCUZ8IfjXLD1UFXNaI6yX_JGD0UYjScnthvIRFFr7IVn-RGx-JL8EkmEPZcJmqAvTZJmn4G67IslcsMmWz5HkRoIdnq-dy5OuossmfjYZc_mKN4ulIZJv7uT7BwiePJY1qQ6tnR0zQlucQncRA2we6KEaoSAPnCr1stE3mE7u43tgdr016-1Z4PPaUcF3L0DDHit0X0ve4t8RyJ9XTd_YC5uvOOAIIg0__h_ZAzZt5zMC2-Jyl_sDmQ9lDZYdjn6pgArixgn4wfcKKnawY_L2nbSfJjI3XCbbWfP_NEd_IEq1vuRtthSChnlnvDo6nhBqpJUhOe0DDk5peH8ExePquo3NPJuPbQtcHiVmTSdODHn7Rn63veTrG_l51Lkig7eRLptuVxfy28tpqgZtLMtdds-lS6Ub-FWTo1WRQ4aXnjcfjCMj58j_y7VfPfaAm2E3xVJEu17cfOsNSNZ89bmVjcP-oS32S-6VJqaaoWO8dcptFiprhxhAM_BYLVACYQsJ-AKFxvPVE64yZFrdklJR4W2DQytc2pgE7oVn6_Ywhb4cVqoTHM1YHqLzleOKR2ydnDsWOghoRGXKsRF9rKoquhv4vawyaEV4FFy1ojE8kQ1KKZMOXZtHkjZ5h72F-xNhz3rgoDI9cldHm8nTG2PxE6xvF8jlRjeKTZDs0ViY58RKJz_iWo5jykQz87a8R8hySphjf9vgp8hhKfhyaH68FoPMLDvFlUncdkYtEWTv_-7URv6f99R5PU6sXBTgiA6lastIcXrMXwWRuBemTtp71hv6IVspjk0VckR689ngcJLa0tGriI8mTE8os1PIqbpKCC1pF8RVC_b9yp0LTXpR71jGkuDLv36OtwOHzRrRIbv_CaHFTKyau61BpOeJb5LChHUnwLoLBdcB8qw6b2j-ql4hA99Hlu4yS2tvaw0H3JjGk7k22g-jjjEtL3HSyq6Pcf96Moqm7Ci6db8Papwlmm_SlhvfKr9MdPMk-yMQGFxKxNSgkZrD6gi0-F1CPPdYdT3ReDtLxJqekWnO5Svc1cnfh2XGDqMty1H8-dnTgct9314UzJ_JOYQLqcv86JNMsO1rfLmuR-uEyq3E9JcfeGAWs4N-CoFCr2L5JB0zJP_YM72piibuZCmpEwxQrPXNMqmTQUHX3BRwLg96H4KqJ2X5iY9mLnrXX3zVxeByqGNJXHHTRirYAZ1CmULAdukluuX8n83zcKoW3LQ_WjXFt8vIhGswTYvnK1FRd-LP25qw9TawKKAmyJT23Tj2ZdfSt2L76S3lClRO0n3Qfmvpp2do2cJ7agEYpqoxSwrUfW34gqTcoZVJXG34OuGAY1hHTnv9uq-MOSxijDAuFJvzEU7-at6_L9s8W38AXObWt93fue1uKKuQc1owm11-_xHJZbX8CIPk9e4yJCj__gSvu0VGT2E0ASJGXHp6wFdLM5Zc-nOvY2SXfXRmZ73jfIqoU9ci1yTyUd0uR1ZhTp6gzYQUvgtXS3xL0_6f7c9gcSUwvqEtvb7pKPPH_MKQQ96ZFvSaz2P_tqcAzDxLbJ0lyNvSC7ICryZk7m9-CLlRnITp7QzdVjy8T2GU6ug7KJ-ydjDp3xCoOFzrRm3SfisV3p45iOoHxq8kfzfds0JRXMcmaDMTo731kTz0nlSty7lvZHJnxiOaixaV24WAfpRWwC4nzhZVWBr0MvF5W6kWHcYd5_O34V8fZ6LwDlqKYjM-D3khXe_TEpo-xyldx-91utH0EmeneK8ZXNYHqtiYel6eA0BSAebr81NhzUGBjwxGlojBBwMr7bWCPUg4YUnvdUaEsBsCfmo76qcLmQgk7RbT7jMdCl89lVAJmJIqH5MaDA_oGuEJONkgCoy-3dRE1VcmjoL6gA89Id9kRLryqUQ2FgVSBNTjKOseRcohHO8ik3MS4ogI-J2TyAfmsKvQQbYksG1IfaK0F9d-Db3R11kNYi7aA5ANbHvenJKuuIPAoimn1CltRcOVg8-0nsn3AqYju68PByW108Gpj3-ZoOXjasjauIaozz5YEx270pNrvdYWqrPPbqG15d0l1uxuzysWNPXKxQ8ZktCwzcQ9OHcsvrFmDUfVQ7Sm-cSJBtZatFde05QqqkGEDmgEWx8Gr1mZwynCPaj5s6XxAbYKwj53nZ_C6a0LJNBM2msjCWJSTnxEWVgX71kMQiObjkiYEAo14cMJaQ5zhO7mSLo0hV__avNX4Rrln78D7AClRvYGBxW_gnrqzQFS_UrQpxnEwRHbghGIwnotZATGuz9jFT7kc5j9DysbpRjP8MKB_aIzsPG48Zz-upk6IMjoqzgyRuS223flNL2z1GvPvJnNsWG0vxB6ectOZ1qfsly9xlbiKX5xerCFAcrXJwNwIdMtb1zXLmtoa4CKVMzqvugcRLWXjmXhprxw2H4AMxlaguq0jp9828QcZFMvdBCF4UU16oNrTWpKJQe4eTxnEO54ojgyxRfXrGItYu-vc6MOoClmSzA9Fdw1i1K3Pt2C08kNe2sSmo9H6xqGC2wlAX4os_EIgGaR8kDMVOc7aRCtKd-kEYVwoRGUnNA450BcauGJCPBoq-r0BJ7ncuOQxcZDv6_TluLV0C9xuLXDG83StTW5tzuUdiaiMWIaNVeDrqEldbVLGo9FDIS0OoQgoRwJfvN9TUxMlb9vUAGTeB11r6gsI7YA&cid=CAASEuRo7ZbLoUIuYwOmR1ul94WZqw&rfl=1%2Chttps%253A%252F%252Fmail.i.ua%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f6579b2c579aa6a2e089f3d0f7beda646657ccbc948b87d1c3ff972bd05fa4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 116
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8628
x-xss-protection: 0
server: cafe
etag: 13656602236642303355
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:15:26 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/elements/html/ Frame 1083 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:16:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:16:34 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1083 0
255 B 97ms
95ms Ping
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstoHDZpeeNngwDk-AMampNadJCc3ANLT-X04o_hk2I3M4C37KsMLqHSGG2V6KN7_IFyzIhFtNBPwrsfQxeAsqss3bk0ZsD0t6-0xhdhBKT4g4jtTgKPAdrO8snHxm0OTAPO7UJRr2lC_P1JvVeLfPn3KuusqUJpD0YYSESCnLRDqvyoEmqbG_hMxGmjUNjGo9Dw8BmVuIxE_RrXYkcC9bgxagaV91XJDI1AhcFKp60WEscMbz6B0uhuu7Ei99SiGYpOMpZMPhAxahBnhdEj_AyV3OwuL6WpNwTTUNAjovmhRISPP8yB-kVNr3AMpz8v3vLKh8Wcd4HjbbXn_QDACyRcR55LgtSWlmnApA1ATTT7nSN7ayue_xKg-AO-NN7mN-WQjxlZQwoQiBum5TXlb94_hgiwOqPIz6_L_UcqhLU5X2PSTeNVadZUWhJjJKLEWbtLHB7tuoLJWDtpeMWj105HuYfAejK8LHVRqyRmGjnCkqhikrLdNDfGMEjk8dDqsN11ENMSkNYXvBJH0tVNLkXvLjVvF6vBDQH6XztOGlfOY4MyTac5v9mngPMkCkYR3Irvnnre-qiImpyWnfQyxFtzC3UV-5dCmnLkOQvFpo6T7cipfWJYAtwEjgyS-_96HsngzjSowFizGpiq4SVzCa8u-5mcqo7Tzv26tMd-s00eSscNWhODc6-Mx7eqdtVv-UejGVMYKGblgC8MR_rt9laMaaUseAfrTUiSHbVRvomPM9bmzjDiQ-Js626RyzYx_74wh7sIj35sBiu7OART6Ox9IZDdWWxBP8EK4AQH8Rq9slGCyw0NjMzaBBEJIn7UTJ2y24n5i_WxPOVVZ7TgDs4ncP0B6z3xgOHUAWBPNp1gJPcEJxXGIOkZKNqKTDYsGibVY2LcPcQtkUb971fWLA39LyHf2xTmV_JnWBAwGGnusGXNUlpgTpZ6Lywv_NiGe-ZcfVnvZHkhON04F4ZeZS-vrK-RvbCnbQ2H90pKJuOs7QjYK7ZuDkw9J5l-TdQXrHg9AlqvCbURr5BnRgj9XycD_FkjtC4Lf_-9B01lzWbcMC4sDYD7Qy6BBzLVrb4-v6TMgicZ_TtuxN6IfT1XvJfikB-SDH6HI2r4lhQMydj4YWYoqFovcj4XJl9FJbwflp3hFmKPGW0znOKQ2u5DtSQJs4RCFgXkEuPEzsI82MfB3o4nbL5pLLBEzBaJJGWyftjButt_gD-8uRrTiR5yatU&sai=AMfl-YQxkDvVfq08pEKhD2wW0lkCpJRD2jRbeuR8RHvPBD6_wZR6K2P49ZKcNSCRQxTABM2qEhIO_Rw5bjuVsOihZoPouI9cuPkl2ZDj4CknBhcyJnZWim02lP3rgYpwQ_4JzfyNZo-QfAfwIeSN96x0kCA4gsrd9KgsvCYBQd89_-Bbc86e_u_2zA&sig=Cg0ArKJSzKVxObqDnJecEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210505.63336&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 09 May 2021 20:17:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1083 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 12:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27593
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 09 May 2022 12:37:29 GMT

GET
H2 200 DE_SP_M1_GDN_300x250.png
s0.2mdn.net/9504762/ Frame 1083 18 KB
18 KB 28ms
7ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9504762/DE_SP_M1_GDN_300x250.png

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57866e277d94d47eada9fe91d003a23e0a14498af5076b30297970c5f04c94ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 12:34:17 GMT
x-content-type-options: nosniff
last-modified: Fri, 06 Nov 2020 16:15:11 GMT
server: sffe
age: 27785
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18110
x-xss-protection: 0
expires: Mon, 10 May 2021 12:34:17 GMT

GET
H3-29 200 pixel
cm.g.doubleclick.net/ Frame D517 170 B
188 B 121ms
61ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQ1K6oAhim9OqVATAB&v=APEucNU6-reOgS82g-LhgSrNyxMVUM7-QaKAscQFdiZOTPZPZyHxXcrIyVn7CksAhNqMltW4_WMC5biF3NilFroUgRff_gbsWv15ZFJMUa9ruUnC_XrkFBxTqrh9cQ5FkBUIYeedCeh0Zfwt2JEnasACTfWzeGgjWNja4zCMcAYDmdG6uFk-NCBou2VKp_HZuVKMJc7pJQ_xkdCSA5ouSbdEF1IvFJuN1g

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D517
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIb5abglSarbDWgGErXmkEo&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIb5abglSarbDWgGErXmkEo&google_cver=1&C=1

43 B
1014 B

66ms
50ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIb5abglSarbDWgGErXmkEo&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQ1K6oAhim9OqVATAB&v=APEucNU6-reOgS82g-LhgSrNyxMVUM7-QaKAscQFdiZOTPZPZyHxXcrIyVn7CksAhNqMltW4_WMC5biF3NilFroUgRff_gbsWv15ZFJMUa9ruUnC_XrkFBxTqrh9cQ5FkBUIYeedCeh0Zfwt2JEnasACTfWzeGgjWNja4zCMcAYDmdG6uFk-NCBou2VKp_HZuVKMJc7pJQ_xkdCSA5ouSbdEF1IvFJuN1g
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:17:22 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 09 May 2021 20:17:22 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:17:22 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIb5abglSarbDWgGErXmkEo&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Sun, 09 May 2021 20:17:22 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D517
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YJhDUp5As6otff0Xm6gSxwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIb5abglSarbDWgGErXmkEo&google_cver=1

43 B
1014 B

52ms
52ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIb5abglSarbDWgGErXmkEo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQ1K6oAhim9OqVATAB&v=APEucNU6-reOgS82g-LhgSrNyxMVUM7-QaKAscQFdiZOTPZPZyHxXcrIyVn7CksAhNqMltW4_WMC5biF3NilFroUgRff_gbsWv15ZFJMUa9ruUnC_XrkFBxTqrh9cQ5FkBUIYeedCeh0Zfwt2JEnasACTfWzeGgjWNja4zCMcAYDmdG6uFk-NCBou2VKp_HZuVKMJc7pJQ_xkdCSA5ouSbdEF1IvFJuN1g
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:17:23 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 09 May 2021 20:17:23 GMT

Redirect headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIb5abglSarbDWgGErXmkEo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/ Frame ED72 225 KB
29 KB 8ms
8ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/index.html

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c5a2785b0eadac3c7ae64624227cfb2bec2574fe58220ac18d8e58f912aa666

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/13264340863758106624/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Tue, 04 May 2021 08:42:31 GMT
expires: Wed, 04 May 2022 08:42:31 GMT
last-modified: Mon, 21 Dec 2020 16:11:47 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 29401
age: 473691
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D0D6 0
0 91ms
90ms Fetch
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CMJY4UkOYYNLSEbiV7_UP46GMmAuTqtOpYpjOzYmhDbHR_d8FEAEgmb2_dmCVAqAB7MyG4QLIAQmpAghGsVcRaLQ-4AIAqAMByAMCqgTAAU_Qj44_Gmq0hwSgja_BmZ3xEhKXJXYgCmD2NvDunn0ACKtn_ON1z_q54QOtsBYKY16uPcGfMoCRmAP4573L5QOAgRCNUGqbXIqz3wxwumxgxxc_SmxbGGnkTlZiROJiMAIvBM0t3S-l0RdlsSoIKKTea5Qe17p2Hz9l7BEa0u6HcOhHM8oYta9fllkfNVU3Wj9bmFdJe3VkkE8P_qM5RduNQvibYI7mPz3EZAgQkg94uawqXMkuVzdaCrPVZUdCXMAEqePU_6cD4AQBkgUECAQYAZIFBAgFGASgBl2AB_yy-Z4BqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEMrHCNIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tMTk4MjQ0ODQyMjQ5ODIyOYAKA8gLAdgTDNAVAZgWAYAXAbIXGgoYCAASFHB1Yi0zMTMyODkzNzI1NjAzOTM1&sigh=2-pWyG9DAlU
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A68C 143 B
163 B 9ms
8ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnVcFbK33EmLu0qOaowvJy_ZUI-kWj3RZlkbrlZHFiumDsi0E1jvz0fxkH7zF0; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 09 May 2021 19:57:10 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1212
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame D0D6 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/window_focus_fy2019.js

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:16:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:16:52 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D0D6 116 KB
35 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d0699772b8ca80d6ef1ac55871141afd77cda372f15f1a97b74b41dae70ab25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620386788828326"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36100
x-xss-protection: 0
expires: Sun, 09 May 2021 20:17:22 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame D0D6 13 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:15:57 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame D0D6 0
0 17ms
17ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTS_b6If99Az3yjOnBzQjpiS-gmBgbhto3fssThsVnEGaNwgHPemoPCt-O6ldwvGnShIIo7wntvDWOQgnQfHW4CDeqGqw
Requested by: Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 69A3 611 B
316 B 21ms
16ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQ1K6oAhim9OqVATAB&v=APEucNUvrbz_g2F__MlCe-Q90aUnwg-wmyeurYUgBI8ptmUpomaXCYdUw9j3Npe97omINq2dBCgRWf1LLuYOBG3CF6_SVl6NEPa8l326dNCgZEny-bv6WWfy0_6NO5_brkXccECc208QHmiSD1n3vx7t4wWAU-k9a8RWDxau2Gm9kK0fiPM-U4GHJaHjusPX8wHQif2rC31e5W28LxNiA0UG4bYhU52l_Q

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMXlgQEQ1K6oAhim9OqVATAB&v=APEucNUvrbz_g2F__MlCe-Q90aUnwg-wmyeurYUgBI8ptmUpomaXCYdUw9j3Npe97omINq2dBCgRWf1LLuYOBG3CF6_SVl6NEPa8l326dNCgZEny-bv6WWfy0_6NO5_brkXccECc208QHmiSD1n3vx7t4wWAU-k9a8RWDxau2Gm9kK0fiPM-U4GHJaHjusPX8wHQif2rC31e5W28LxNiA0UG4bYhU52l_Q
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnVcFbK33EmLu0qOaowvJy_ZUI-kWj3RZlkbrlZHFiumDsi0E1jvz0fxkH7zF0; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 09 May 2021 20:17:22 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2B8C 43 KB
21 KB 46ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CbLHtwfUZh3NFVkOnY2_Vczy-mA70h0xd45Otru2YiWOJHWI2cJl8CuGKmCHsoFECdrpaNXzJliCCXlvNGPlmKcqZTwrfhQFYVIpzpm2ajbu5YVIwvzz0G4ox8rc0siKJKIJX-lsMP_THtAvTW-Lx7gHccSA&dbm_d=AKAmf-BvOoYSfzqVK4Wx2feHuJcMvUym6kUmv6ydgNebR0vwdtiy_rnC2mmZ0HHrG93zxqymbRb_V3NWOQi6w6Gb22uVxHsYBgDkNR4Ji-TLFtJ6MB-9CmlPi9-E6YlzfjowiAs7ARkCFTkYbaSl5Yf18IMjKp99XXNWjRqj6ReLNG2SnGU5qZ44GoY6q_22UiKh28235QlSt__-QwszFPy-sPcP8YuZXDdqHQ3ACv-kJZuyw6pHdLDUQZBJKZkoeLIfvVXUSsh6FjUCcdWBdhAdsx6gr-5FLQBvmFkb1uQCGArGt7d28dpuVbe7SrC9ganBbnZ8W-x8nsmq2AXYmlCItR-6g7ftLxADjjoVzf7krrPGOZ3l9BKfa92m2MS_Y4tt7kQyJPoznYrSogX4bo3B8PyHdMOUgOI1gZ9tahAZsRTKoedw0IUsGqKVjqOL52MhmWYC5EPionCqmBFXW09FH5bVJJA58LNrLkEyGF9Lz87IyMLEQhQBO0l1_4liQcvhaMrNF0wx7OHaDULgohsSFsrYVP40oNUI6bWKqVAxlpoKNf6b1xdaXnxWQn2FbzAiXHDw0LpHD5tYLKTqKUCFFdO3jfmxddRGSbNZUYSk6f0uVxb0KvyY8h_G4edsAR4eI_7GBSbYxYzVHbNb1_DtuziQIspU-3Qay7Ck2u1KydZaKc9S4hsWO1L0zdpqlH-RPSfF0e611UCHiJ_-8RdcmWsp--ZUOvRYK0xVZAb-Cf4sHWMu0MwvZsirIlE_R_LOBSpM4SHaFfzy6RsRZuhOe2DHg6oTaoKWIXPFFNC4H15k1ncMcoyV7njRpteHuKhRv78s2eIyhHrEp70GvM40NVZA2aS87P56aSgjP85ZJ2Oe7idWTVvEM03AazY3JeESLngc5BB-Uh0Xf6xTU9fPoIMpppRRC87bZO-7YtWWc73ZsTCXo4Br8bSLxeGRwJzWixTsNN3VYn6U01Xl5gmRY5tkS49I1LZmbjof9_w9BKYfHX3qVETQ-dohZ_SPCdf9sShAPotFPedrv3kXIyAwnH7bal_J6v6mFbsEWej4enGMo3_gsUSZ_vPN2sueeT5tdwcKfAFXaQKDVdUp0j9VeKxv3ioE_4qIQLJ46jRWFlck6KOm-G5oCFH-ywI_kS2c7bCwU8ECM8J1TzHzW_U1TIoJ5_84Yv0I-D11tfyv8DSSk0yCU1GXsUhEKxJ_iOYgpEFnmxdlzq1yNgU2HFhje3GT1YxF83APowXR7XiVO_3E_NA9HhRJpmv9pM0xx0S7R0bTS5HDFy4NwrOu35YrVvS5lILqeAUudrOnDydtAmMadcbAciO57A0wrR0r0o0FFsS6_LoqsA0Za5CkFPWatNo8A1yFwP0KUqJAiBr0dQ-4pzB6CQvvjI7kLlNbpxAWENr_DfUvgSUQMeTp6wbdfn5cDh8ckW3FywS-lFqjtz5ETFJpUmA4pebMJMwwdA6wBmawFC0ZPxdOa3nFwV04NnBYHWTOxYu5W8x_XKxgQFFjs-FZ4r63C5m4R7Ab1bDHtyr44XD3TonvBLgpX8WUH4pJ0JIcylM4AmEsoIyfRH-3tdSb37lmHN5PkT0PwoQ9h7eMLd1sSaMY2bcbUF8anBQT3pAfUaocadxAu9snwjXJ3CCwhKevuyEH2pV-frG1JtOo2etxhzgAGrIrykXDx7mND9lUYeEmfJZN0lR-CoxN_GvBUA8YtyqbtLNonv1DbzNZmUkr36W5RyM-Q5TVSt2Ysus4hsFNaqLdmhskelLJZoTwnLG6SSTTmyDtmZvYBzTpY6Ucy8an_V54Bmod-UKirqqylf2x69ZAqydmFnMLy9lZQqDHUuEBr-UNxXQwDA7WOA0T9uIl1k98U77RMSkQQfiZew76BE5lKOkQWhA8tUHK74g-U5UgasLFyCMAxNKe_arzzZPDvf0wAzn0zOA5M3JAnqY1xt6ve7PDFzw3jEsIZNz3wsrq7PzNxquz7vmBEJ5GYkI-gSbUXgKqGqh5QNTC-auqIMpm_a0KSu_7mIkW-L0OH2xwReybngMBdsP_3zVnNlZuiKt-DGeOSLCw63yucvIy7lh-KQQ6UKvwJeioYEdRBcxEcqqXE63etO-iW2XwTkuhgRQJFpLhbGsSKGX7wXU1XCzNhiXOn5wHugIVdF0_q7WmdhGWGr8rfSoir9Msuh5D5qdnRqiRrf-QgOYCZeDXFJKkAY6WHgocV1vLsHsmArdTFZr57w-uctwQAIKNuY1ArqE-sk7QftVwysC_Lm56eEBJf7iVv0Qr1j-EtoSuoDRnH1fQRGcnmGRTEvanZDg0rM2Pcw3mDSXZ0qO6PdfvbDbabmSp9iIoIcw2gf7LmO7COlV76XpxpCMt1kVQCoOyHQNePUjraLdJ8SMDzVPfJrGqwTXehQCApM-ctD4jM0KS8CZLdikcridYlSdiP9a5O3Qu8sw2gDRXFRSC5mKFleJI_dKX3ND7IWgewm_eMj5LcLVQOhPCAUoMWQmUnj8n8JY0SsN39WA2BUExSQDFo17TJ9OPNO9YH4q2T3GgAQ0sUIBxmAxV_qYbyy6hfCCphDv0_y4wTkh3XrMP5JPFD_pJewmpGMwFvro6yVIHeiP6JjyLP5NSANfh1EVAnjkgkVannNvSWl8vnSM84AIr_JwDa2m4kgSCEEtWE32Sd2AOOVRW7Yac1wV-ffoRlYRndtlfqGO9f4zGdI2EBXEO9hR5W0o4mJ76HmR5F8zG8sj4d4OVBd4lTzDozev5D4kEUgtN_Tq6Q6Q2_EqPKeKoVfYvmyRQTiiaJLqsxYARoRC7Cpo0YYwaR3Rkl4HFDoESBgNcfKIznEPOJiRkk4tvyQ_GwSxkCpLDx7YUHievvWhPfaHNSMHMGOBX66BeJPOGvPn4J7FsguFfPCv5BA6EMEX7FHsa_N62YN0agE6fDJflHY17XvSANjLylEoItVW0xtsEW7PZCaM1W76H116TdE37lSH_NL0D7HWolKw&cid=CAASEuRoJRaMU80_w3aqP3cyMa1pVQ&rfl=1%2Chttps%253A%252F%252Fmail.i.ua%252F%240

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82f55d8336d76c7b5b89106d7a440d2b01f2b895ef796015ff5b0cf433743f40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20966
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2B8C 42 B
63 B 45ms
39ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Dhbadm8gJwxAp74qvSmG2ub6SKfBX8rpokXhTPD5yDTjpV57ChimDnTTZNXxm-vJ40OUnxK0y-xWVoat5mZUu0gN0lb2MFRfz02iyesHDVtBwX6uQ

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame 2B8C 2 KB
1 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/window_focus_fy2019.js

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:16:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:16:52 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2B8C 116 KB
35 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d0699772b8ca80d6ef1ac55871141afd77cda372f15f1a97b74b41dae70ab25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620386788828326"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36100
x-xss-protection: 0
expires: Sun, 09 May 2021 20:17:22 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/ Frame 2B8C 13 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210505/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:15:57 GMT

POST
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2B8C 0
20 B 40ms
39ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=75&version=r20210505&sample=0.01

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8040 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 09 May 2021 12:37:29 GMT
expires: Mon, 09 May 2022 12:37:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 27593
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 204
No Content logcz.aspx
inv-nets.admixer.net/ 0
220 B 44ms
43ms Image
text/plain 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/logcz.aspx?zone=2724cbf4-a4a5-49cb-84fb-c8dd977b5901

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 09 May 2021 20:17:22 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=25
X-Xss-Protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1083 0
60 B 87ms
87ms Ping
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:17:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame FBB0 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 09 May 2021 03:14:09 GMT
expires: Mon, 10 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 61393
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1083 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34d2fbda9fa1fb9b703d86ab3952e210aa4b345747e719ca8d4221e8b7d982d3

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK ev_view.aspx
inv-nets-eu.admixer.net/ 43 B
300 B 44ms
44ms Image
image/gif 146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 09 May 2021 20:17:22 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

GET
H3-29 200 DE_SP_M1_GDN_300x250.png
s0.2mdn.net/9504762/ Frame 2B8C 18 KB
18 KB 23ms
8ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9504762/DE_SP_M1_GDN_300x250.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CbLHtwfUZh3NFVkOnY2_Vczy-mA70h0xd45Otru2YiWOJHWI2cJl8CuGKmCHsoFECdrpaNXzJliCCXlvNGPlmKcqZTwrfhQFYVIpzpm2ajbu5YVIwvzz0G4ox8rc0siKJKIJX-lsMP_THtAvTW-Lx7gHccSA&dbm_d=AKAmf-BvOoYSfzqVK4Wx2feHuJcMvUym6kUmv6ydgNebR0vwdtiy_rnC2mmZ0HHrG93zxqymbRb_V3NWOQi6w6Gb22uVxHsYBgDkNR4Ji-TLFtJ6MB-9CmlPi9-E6YlzfjowiAs7ARkCFTkYbaSl5Yf18IMjKp99XXNWjRqj6ReLNG2SnGU5qZ44GoY6q_22UiKh28235QlSt__-QwszFPy-sPcP8YuZXDdqHQ3ACv-kJZuyw6pHdLDUQZBJKZkoeLIfvVXUSsh6FjUCcdWBdhAdsx6gr-5FLQBvmFkb1uQCGArGt7d28dpuVbe7SrC9ganBbnZ8W-x8nsmq2AXYmlCItR-6g7ftLxADjjoVzf7krrPGOZ3l9BKfa92m2MS_Y4tt7kQyJPoznYrSogX4bo3B8PyHdMOUgOI1gZ9tahAZsRTKoedw0IUsGqKVjqOL52MhmWYC5EPionCqmBFXW09FH5bVJJA58LNrLkEyGF9Lz87IyMLEQhQBO0l1_4liQcvhaMrNF0wx7OHaDULgohsSFsrYVP40oNUI6bWKqVAxlpoKNf6b1xdaXnxWQn2FbzAiXHDw0LpHD5tYLKTqKUCFFdO3jfmxddRGSbNZUYSk6f0uVxb0KvyY8h_G4edsAR4eI_7GBSbYxYzVHbNb1_DtuziQIspU-3Qay7Ck2u1KydZaKc9S4hsWO1L0zdpqlH-RPSfF0e611UCHiJ_-8RdcmWsp--ZUOvRYK0xVZAb-Cf4sHWMu0MwvZsirIlE_R_LOBSpM4SHaFfzy6RsRZuhOe2DHg6oTaoKWIXPFFNC4H15k1ncMcoyV7njRpteHuKhRv78s2eIyhHrEp70GvM40NVZA2aS87P56aSgjP85ZJ2Oe7idWTVvEM03AazY3JeESLngc5BB-Uh0Xf6xTU9fPoIMpppRRC87bZO-7YtWWc73ZsTCXo4Br8bSLxeGRwJzWixTsNN3VYn6U01Xl5gmRY5tkS49I1LZmbjof9_w9BKYfHX3qVETQ-dohZ_SPCdf9sShAPotFPedrv3kXIyAwnH7bal_J6v6mFbsEWej4enGMo3_gsUSZ_vPN2sueeT5tdwcKfAFXaQKDVdUp0j9VeKxv3ioE_4qIQLJ46jRWFlck6KOm-G5oCFH-ywI_kS2c7bCwU8ECM8J1TzHzW_U1TIoJ5_84Yv0I-D11tfyv8DSSk0yCU1GXsUhEKxJ_iOYgpEFnmxdlzq1yNgU2HFhje3GT1YxF83APowXR7XiVO_3E_NA9HhRJpmv9pM0xx0S7R0bTS5HDFy4NwrOu35YrVvS5lILqeAUudrOnDydtAmMadcbAciO57A0wrR0r0o0FFsS6_LoqsA0Za5CkFPWatNo8A1yFwP0KUqJAiBr0dQ-4pzB6CQvvjI7kLlNbpxAWENr_DfUvgSUQMeTp6wbdfn5cDh8ckW3FywS-lFqjtz5ETFJpUmA4pebMJMwwdA6wBmawFC0ZPxdOa3nFwV04NnBYHWTOxYu5W8x_XKxgQFFjs-FZ4r63C5m4R7Ab1bDHtyr44XD3TonvBLgpX8WUH4pJ0JIcylM4AmEsoIyfRH-3tdSb37lmHN5PkT0PwoQ9h7eMLd1sSaMY2bcbUF8anBQT3pAfUaocadxAu9snwjXJ3CCwhKevuyEH2pV-frG1JtOo2etxhzgAGrIrykXDx7mND9lUYeEmfJZN0lR-CoxN_GvBUA8YtyqbtLNonv1DbzNZmUkr36W5RyM-Q5TVSt2Ysus4hsFNaqLdmhskelLJZoTwnLG6SSTTmyDtmZvYBzTpY6Ucy8an_V54Bmod-UKirqqylf2x69ZAqydmFnMLy9lZQqDHUuEBr-UNxXQwDA7WOA0T9uIl1k98U77RMSkQQfiZew76BE5lKOkQWhA8tUHK74g-U5UgasLFyCMAxNKe_arzzZPDvf0wAzn0zOA5M3JAnqY1xt6ve7PDFzw3jEsIZNz3wsrq7PzNxquz7vmBEJ5GYkI-gSbUXgKqGqh5QNTC-auqIMpm_a0KSu_7mIkW-L0OH2xwReybngMBdsP_3zVnNlZuiKt-DGeOSLCw63yucvIy7lh-KQQ6UKvwJeioYEdRBcxEcqqXE63etO-iW2XwTkuhgRQJFpLhbGsSKGX7wXU1XCzNhiXOn5wHugIVdF0_q7WmdhGWGr8rfSoir9Msuh5D5qdnRqiRrf-QgOYCZeDXFJKkAY6WHgocV1vLsHsmArdTFZr57w-uctwQAIKNuY1ArqE-sk7QftVwysC_Lm56eEBJf7iVv0Qr1j-EtoSuoDRnH1fQRGcnmGRTEvanZDg0rM2Pcw3mDSXZ0qO6PdfvbDbabmSp9iIoIcw2gf7LmO7COlV76XpxpCMt1kVQCoOyHQNePUjraLdJ8SMDzVPfJrGqwTXehQCApM-ctD4jM0KS8CZLdikcridYlSdiP9a5O3Qu8sw2gDRXFRSC5mKFleJI_dKX3ND7IWgewm_eMj5LcLVQOhPCAUoMWQmUnj8n8JY0SsN39WA2BUExSQDFo17TJ9OPNO9YH4q2T3GgAQ0sUIBxmAxV_qYbyy6hfCCphDv0_y4wTkh3XrMP5JPFD_pJewmpGMwFvro6yVIHeiP6JjyLP5NSANfh1EVAnjkgkVannNvSWl8vnSM84AIr_JwDa2m4kgSCEEtWE32Sd2AOOVRW7Yac1wV-ffoRlYRndtlfqGO9f4zGdI2EBXEO9hR5W0o4mJ76HmR5F8zG8sj4d4OVBd4lTzDozev5D4kEUgtN_Tq6Q6Q2_EqPKeKoVfYvmyRQTiiaJLqsxYARoRC7Cpo0YYwaR3Rkl4HFDoESBgNcfKIznEPOJiRkk4tvyQ_GwSxkCpLDx7YUHievvWhPfaHNSMHMGOBX66BeJPOGvPn4J7FsguFfPCv5BA6EMEX7FHsa_N62YN0agE6fDJflHY17XvSANjLylEoItVW0xtsEW7PZCaM1W76H116TdE37lSH_NL0D7HWolKw&cid=CAASEuRoJRaMU80_w3aqP3cyMa1pVQ&rfl=1%2Chttps%253A%252F%252Fmail.i.ua%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57866e277d94d47eada9fe91d003a23e0a14498af5076b30297970c5f04c94ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 12:34:17 GMT
x-content-type-options: nosniff
last-modified: Fri, 06 Nov 2020 16:15:11 GMT
server: sffe
age: 27785
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18110
x-xss-protection: 0
expires: Mon, 10 May 2021 12:34:17 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/ Frame 2B8C 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f6579b2c579aa6a2e089f3d0f7beda646657ccbc948b87d1c3ff972bd05fa4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:15:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 116
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8628
x-xss-protection: 0
server: cafe
etag: 13656602236642303355
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:15:26 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/elements/html/ Frame 2B8C 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210505/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:16:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 23 May 2021 20:16:34 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2B8C 0
24 B 91ms
91ms Ping
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsujMjtZ4Zo6G78aLac-n-snLGy_V845JViatNayz0csaoYBepRkg1hUcijBVRCVQMbCKhsQyzMoC3zlLkn1U5LO4xZkiGzyNyH-1pld21Ww1GkrptzuiLhieZR8HQBzBuCggpfzwKT7cQMB2x2gfEjrzmdN_XWjyCPgXJ6kx738rfMUwBScqgOHuaCCfBkTygfP21VRMygxh7symRgVa7X8W7fVpc9ixkgDPfQifTiZUqWPmV3d2WMyoJGGhNGWunLuznqS_NoVAN_eZ5mEFIdZgiF6BQtQ7hzGTfS7wa7LTSXmVgX7p1l1rdZaXHqZBIwHPhtbOaQNxRxELYb6Z4xb9fYNI8uSlPdKPuCMYf0HA6k_K388I7AUm3sXd0fAhFneY37Nj6axTcahLkl7Fm5W0913ZYnc751Dks4RccGMfc3pqp3M1DarUPqGsc6pD_tqKf-yzZ0s5DM7TQ7abIVNUlZ4Do9z0hdjQlVk99spSaVBA1xt6L4sJY05afhqblcoFPkC3oNYcnXq4B0IQiKkl94BeU9eszH9F3shMzXWL2e9T9pZ9BxJD_mTJhmwEq4DP9OEPHGz4HhH5RpDobBSkgi1tYiMAF8XJz-x5s46FQiI4R0_6fYZLYDHSIqjkcf82tVh02iLNMv9uYYZC3jElnpeQ8DHjLEbUtrQ2-9ozT-TE8hzaasVpYoReBRTWGd_ZUShD67w1Ou_pJelS-sGP4QDgtTBLhqBuwPWGzbGwFHmCtEVteNzNRDvJ5DYsNFc40zdOiwnj0IGSeh3Re0eo6LYNf5lJdD7ZH0_zD57YXsT9pSJ-4Sc5Y3oKb8DIHjsje8Ur1dP41W7e46IzR8cB0VyQP4564LbqF5jhITmzs_5vNpgoP0J_Z-cX3pXabZKUEitxhzO9ah2EevhBGMUJ1RYvFzVShD6RlXk1HeMou5RABrdUSQ38CTlXjILLeUxZeIbqjTlKPOy8kVymmy6FhfEgNb60pVmXNqjQu0ouq1cVDTMCmOV7_M8gZXNokvo_JC-Xq54NPqaQNZiX316iRi3pHZ3p96zJomnePdPOjtE_9JSzV2M0SdR-l4TIm91DWI0lo_z0T1FvWGn5DuB4WMLjN_-QNZmr3c0IdDkZ6LJhFuVP3tTE5wZJv8sI37GHyY1YHqmJHNHtlyI9NsrbF-X2DrStGCnMB5QlMUoWQpL1FG2BsAJ8YMuvYiACPucYvqMsHyZyLNf5CPeNI8&sai=AMfl-YRqonGYrwMods67Optukq7DEVuZ443uxUG5ceoBwiAmpyc0e14ynDNd2uhTWDL_D8Ziya1hAzIt9vOfSUmvuxHgvA7_9RO9pchD9GyEHYogWACKKQLkUmiRVGaTLAA4bkAvikLWtgmXiadlR8UISzDqCsQcJAe_0hiqx1czVnGe7wbaXFaunQ&sig=Cg0ArKJSzKMg1LSTwmgTEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20210505.98113&adurl=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 09 May 2021 20:17:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2B8C 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 12:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27593
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 09 May 2022 12:37:29 GMT

GET
DATA 200
OK truncated
/ Frame D0D6 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1acb0b960e4b3cef820ec00163ffa6509522bd3d45716b190cf560f09c7c52e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 css
fonts.googleapis.com/ Frame ED72 4 KB
590 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cea0f8101de8a13f1f4a4610f910c8e6349c8f730ae8c5cb8e9b4823212e451c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 09 May 2021 19:15:49 GMT
server: ESF
date: Sun, 09 May 2021 20:17:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 09 May 2021 20:17:22 GMT

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame ED72 16 KB
6 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 03:56:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58829
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 10 May 2021 03:56:53 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame ED72 26 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 18:54:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4962
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 10 May 2021 18:54:40 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 69A3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEO2kgF_X7hXFv7X8-XyeOu8&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO2kgF_X7hXFv7X8-XyeOu8%26google_cver%3D1

43 B
1 KB

50ms
49ms

Image
image/gif

37.252.173.62
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO2kgF_X7hXFv7X8-XyeOu8%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQ1K6oAhim9OqVATAB&v=APEucNUvrbz_g2F__MlCe-Q90aUnwg-wmyeurYUgBI8ptmUpomaXCYdUw9j3Npe97omINq2dBCgRWf1LLuYOBG3CF6_SVl6NEPa8l326dNCgZEny-bv6WWfy0_6NO5_brkXccECc208QHmiSD1n3vx7t4wWAU-k9a8RWDxau2Gm9kK0fiPM-U4GHJaHjusPX8wHQif2rC31e5W28LxNiA0UG4bYhU52l_Q

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:17:23 GMT
X-Proxy-Origin: 84.17.53.159; 84.17.53.159; 535.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.143:80
AN-X-Request-Uuid: 3666dc19-4337-4fb1-92c9-7daf40d5598b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:17:23 GMT
X-Proxy-Origin: 84.17.53.159; 84.17.53.159; 535.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.150:80
AN-X-Request-Uuid: ab9e79ae-ccb1-4de9-9353-74f58d04fbe3
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO2kgF_X7hXFv7X8-XyeOu8%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 69A3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzk3Nzg5MzMwODA3NDMzMTY2Mg%3D%3D

170 B
188 B

61ms
60ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzk3Nzg5MzMwODA3NDMzMTY2Mg%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:17:23 GMT
X-Proxy-Origin: 84.17.53.159; 84.17.53.159; 535.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.49:80
AN-X-Request-Uuid: 79e13d21-f9cd-454b-afb1-51b52cb8c574
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzk3Nzg5MzMwODA3NDMzMTY2Mg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 69A3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEExcjsKT8GqN0POlXyLbPs4&google_cver=1
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEExcjsKT8GqN0POlXyLbPs4&google_cver=1

43 B
180 B

62ms
62ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEExcjsKT8GqN0POlXyLbPs4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQ1K6oAhim9OqVATAB&v=APEucNUvrbz_g2F__MlCe-Q90aUnwg-wmyeurYUgBI8ptmUpomaXCYdUw9j3Npe97omINq2dBCgRWf1LLuYOBG3CF6_SVl6NEPa8l326dNCgZEny-bv6WWfy0_6NO5_brkXccECc208QHmiSD1n3vx7t4wWAU-k9a8RWDxau2Gm9kK0fiPM-U4GHJaHjusPX8wHQif2rC31e5W28LxNiA0UG4bYhU52l_Q
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.206.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
via: 1.1 google
server: OXGW/16.206.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEExcjsKT8GqN0POlXyLbPs4&google_cver=1
date: Sun, 09 May 2021 20:17:23 GMT
via: 1.1 google
server: OXGW/16.206.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 69A3
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGZjYWJmMTUtMjcyYS0yZGQ4LWQzMTMtMzJhZmQ2MTdlYzI5

170 B
188 B

61ms
60ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGZjYWJmMTUtMjcyYS0yZGQ4LWQzMTMtMzJhZmQ2MTdlYzI5

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 09 May 2021 20:17:23 GMT
content-encoding: gzip
server: OXGW/16.206.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGZjYWJmMTUtMjcyYS0yZGQ4LWQzMTMtMzJhZmQ2MTdlYzI5
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A68C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnVcFbK33EmLu0qOaowvJy_ZUI-kWj3RZlkbrlZHFiumDsi0E1jvz0fxkH7zF0; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 09 May 2021 20:17:22 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 09-May-2021 21:17:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 09 May 2021 20:17:22 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 09 May 2021 20:17:22 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D397 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 09 May 2021 12:37:29 GMT
expires: Mon, 09 May 2022 12:37:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 27593
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET /
google2waycm.netmng.com/cm/ Frame FBB0 0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame FBB0
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPe7YotbMHMDxBVcPkcysck&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPe7YotbMHMDxBVcPkcysck&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=N0QyZGRrRFYxTEZQUkY1&google_gid=CAESEPe7YotbMHMDxBVcPkcysck&google_cver=1&google_push=AQvitUKO-Eb_1brIvjsLQY_NBVl-CJ6H4qpnkBg9K0IXSPC...

170 B
188 B

62ms
61ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=N0QyZGRrRFYxTEZQUkY1&google_gid=CAESEPe7YotbMHMDxBVcPkcysck&google_cver=1&google_push=AQvitUKO-Eb_1brIvjsLQY_NBVl-CJ6H4qpnkBg9K0IXSPCamc1QM5RWAglGI37KY16HgH9GnfhVKgKigLgyCx8IWY0dQOJua9Y

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:17:22 GMT
Server: PingMatch/v2.0.30-649-g03fe1b8#rel-ec2-master i-0a1405953f2666354@eu-central-1a@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=N0QyZGRrRFYxTEZQUkY1&google_gid=CAESEPe7YotbMHMDxBVcPkcysck&google_cver=1&google_push=AQvitUKO-Eb_1brIvjsLQY_NBVl-CJ6H4qpnkBg9K0IXSPCamc1QM5RWAglGI37KY16HgH9GnfhVKgKigLgyCx8IWY0dQOJua9Y
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame FBB0
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEJfNxiZ2Z_SQWlcoi6JYaRQ&google_cver=1&google_push=AQvitUK3NTXibUYzs6CjJqPxwNZRyIJ_AkLR57Z9eXXXaFILY87-8o2m_CXrvg3D2F0dn5ZmyvV99N3mqnuqLeB1NNwPTKcwhxE&r...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJfNxiZ2Z_SQWlcoi6JYaRQ&google_cver=1&google_push=AQvitUK3NTXibUYzs6CjJqPxwNZRyIJ_AkLR57Z9eXXXaFILY87-8o2m_CXrvg3D2F0dn5ZmyvV99N3mqnuqLeB1NNwPTKcwhxE...

43 B
420 B

164ms
164ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJfNxiZ2Z_SQWlcoi6JYaRQ&google_cver=1&google_push=AQvitUK3NTXibUYzs6CjJqPxwNZRyIJ_AkLR57Z9eXXXaFILY87-8o2m_CXrvg3D2F0dn5ZmyvV99N3mqnuqLeB1NNwPTKcwhxE&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUK3NTXibUYzs6CjJqPxwNZRyIJ_AkLR57Z9eXXXaFILY87-8o2m_CXrvg3D2F0dn5ZmyvV99N3mqnuqLeB1NNwPTKcwhxE%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: mail.i.ua
URL: https://mail.i.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 64cd9c682faf4aa4-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
cf-request-id: 09f460151c00004aa4a5a9a000000001
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 186
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 64cd9c66299e4aa4-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJfNxiZ2Z_SQWlcoi6JYaRQ&google_cver=1&google_push=AQvitUK3NTXibUYzs6CjJqPxwNZRyIJ_AkLR57Z9eXXXaFILY87-8o2m_CXrvg3D2F0dn5ZmyvV99N3mqnuqLeB1NNwPTKcwhxE&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUK3NTXibUYzs6CjJqPxwNZRyIJ_AkLR57Z9eXXXaFILY87-8o2m_CXrvg3D2F0dn5ZmyvV99N3mqnuqLeB1NNwPTKcwhxE%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09f46013d700004aa41028c000000001
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame FBB0
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESELiDyzGpizxvIa90D9SKkBg&google_cver=1&google_push=AQvitUKDY2e7oL96_1EJxZaGSKenezkdSng_CgaBjA3z6AF_HtPLv3AeRUzk3...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESELiDyzGpizxvIa90D9SKkBg&google_cver=1&google_push=AQvitUKDY2e7oL96_1EJxZaGSKenezkdSng_CgaBjA3z6AF_HtPLv3AeRUzk3...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=Bm8hGSawhdzkSWOCII2z_A&google_push=AQvitUKDY2e7oL96_1EJxZaGSKenezkdSng_CgaBjA3z6AF_HtPLv3AeRUzk3iAtDPnVMi7ifaQmyxW5V...

170 B
188 B

61ms
60ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=Bm8hGSawhdzkSWOCII2z_A&google_push=AQvitUKDY2e7oL96_1EJxZaGSKenezkdSng_CgaBjA3z6AF_HtPLv3AeRUzk3iAtDPnVMi7ifaQmyxW5VAtmIBKRkgQ7bAINaA

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=Bm8hGSawhdzkSWOCII2z_A&google_push=AQvitUKDY2e7oL96_1EJxZaGSKenezkdSng_CgaBjA3z6AF_HtPLv3AeRUzk3iAtDPnVMi7ifaQmyxW5VAtmIBKRkgQ7bAINaA
Date: Sun, 09 May 2021 20:17:23 GMT
Server: nginx
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Content-Length: 236
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame FBB0
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEGRh_YBJTbdXMwiF4YNzgkY&google_cver=1&google_push=AQvitUK0r6UAPiyi_4YRiNJzsx8AiqhUV_5W8gm3N2PXav99ulEKY04o7ATtthGaUEvtEbzeRLYivBMtyfaIHLhPx4ICxh0...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUK0r6UAPiyi_4YRiNJzsx8AiqhUV_5W8gm3N2PXav99ulEKY04o7ATtthGaUEvtEbzeRLYivBMtyfaIHLhPx4ICxh0Dlqw&google_hm=NzczNDk2NDk1OTc3MjI5NDc...

170 B
188 B

61ms
61ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUK0r6UAPiyi_4YRiNJzsx8AiqhUV_5W8gm3N2PXav99ulEKY04o7ATtthGaUEvtEbzeRLYivBMtyfaIHLhPx4ICxh0Dlqw&google_hm=NzczNDk2NDk1OTc3MjI5NDc0OQ%3D%3D

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 09 May 2021 20:17:22 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUK0r6UAPiyi_4YRiNJzsx8AiqhUV_5W8gm3N2PXav99ulEKY04o7ATtthGaUEvtEbzeRLYivBMtyfaIHLhPx4ICxh0Dlqw&google_hm=NzczNDk2NDk1OTc3MjI5NDc0OQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame FBB0
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEItj1gDfCLRSMaKdNCXPuGk&google_cver=1&google_push=AQvitUKh5et3QnFe-E4L-VCNDhhafhcstUxtRjCxVDwZnwqfe0OptW13...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEItj1gDfCLRSMaKdNCXPuGk&google_cver=1&google_push=AQvitUKh5et3QnFe-E4L-VCNDhhafhcstUxtRjCxVDwZnwqfe0OptW13...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEItj1gDfCLRSMaKdNCXPuGk&google_cver=1&google_push=AQvitUKh5et3QnFe-E4L-VCNDhhafhcstUxtRjCxVDwZnwqfe0OptW...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA5MDVmYWU3NS1iMTAzLTExZWItYTE2OC0wNjkwZDY5MGMwMjA%3D&google_push=AQvitUKh5et3QnFe-E4L-VCNDhhafhcstUxtRjCxVDwZnwqfe0OptW13NYyw_e_iES...

170 B
188 B

60ms
60ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA5MDVmYWU3NS1iMTAzLTExZWItYTE2OC0wNjkwZDY5MGMwMjA%3D&google_push=AQvitUKh5et3QnFe-E4L-VCNDhhafhcstUxtRjCxVDwZnwqfe0OptW13NYyw_e_iESpUgMH0bvTru9JsAVVluWFCdSgTyRYCgCa_

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 09 May 2021 20:17:23 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA5MDVmYWU3NS1iMTAzLTExZWItYTE2OC0wNjkwZDY5MGMwMjA%3D&google_push=AQvitUKh5et3QnFe-E4L-VCNDhhafhcstUxtRjCxVDwZnwqfe0OptW13NYyw_e_iESpUgMH0bvTru9JsAVVluWFCdSgTyRYCgCa_
Connection: keep-alive
Content-Length: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame FBB0 0
12 B 59ms
57ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L3mYLrmfQK1IjV32osDRzVqF-QKdP4U_VU8QLZncrHwpnnRSPufzzL3rxIydW0Gn0

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:22 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2B8C 0
23 B 87ms
86ms Ping
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:17:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2EC6 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 09 May 2021 03:14:09 GMT
expires: Mon, 10 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 61393
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2B8C 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cab3c494c4882f59a3b9fba0adfce067833619b0e87fb4fcec783b0b591b05ef

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js Show response
pagead2.googlesyndication.com/bg/ Frame 8040 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8786ea05fcdb361c9f5bf875ad59965c141a27fcc7b99c6462a76ab35180dc5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 18:40:45 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 03 May 2021 10:48:00 GMT
server: sffe
age: 5797
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5698
x-xss-protection: 0
expires: Mon, 09 May 2022 18:40:45 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame ED72 15 KB
15 KB 20ms
19ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 04:23:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
age: 57239
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
expires: Mon, 09 May 2022 04:23:23 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame ED72 15 KB
15 KB 16ms
14ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 06 May 2021 15:35:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
age: 276113
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
expires: Fri, 06 May 2022 15:35:29 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 2EC6
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEJfNxiZ2Z_SQWlcoi6JYaRQ&google_cver=1&google_push=AQvitUJBTwi7v4XDJo3X3CjldfkJLH2jUwwaXX5oDYSoXvekkzPrJvZJp8_4CwdfABolURLEKAHzh-rKL3IZq6plYtWMSE7ep6M4&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJfNxiZ2Z_SQWlcoi6JYaRQ&google_cver=1&google_push=AQvitUJBTwi7v4XDJo3X3CjldfkJLH2jUwwaXX5oDYSoXvekkzPrJvZJp8_4CwdfABolURLEKAHzh-rKL3IZq6plYtWMSE7ep6M...

43 B
546 B

175ms
173ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJfNxiZ2Z_SQWlcoi6JYaRQ&google_cver=1&google_push=AQvitUJBTwi7v4XDJo3X3CjldfkJLH2jUwwaXX5oDYSoXvekkzPrJvZJp8_4CwdfABolURLEKAHzh-rKL3IZq6plYtWMSE7ep6M4&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUJBTwi7v4XDJo3X3CjldfkJLH2jUwwaXX5oDYSoXvekkzPrJvZJp8_4CwdfABolURLEKAHzh-rKL3IZq6plYtWMSE7ep6M4%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 64cd9c67ce7a4aa4-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
cf-request-id: 09f46014df00004aa4bb03b000000001
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 87
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 64cd9c669adc4aa4-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJfNxiZ2Z_SQWlcoi6JYaRQ&google_cver=1&google_push=AQvitUJBTwi7v4XDJo3X3CjldfkJLH2jUwwaXX5oDYSoXvekkzPrJvZJp8_4CwdfABolURLEKAHzh-rKL3IZq6plYtWMSE7ep6M4&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAQvitUJBTwi7v4XDJo3X3CjldfkJLH2jUwwaXX5oDYSoXvekkzPrJvZJp8_4CwdfABolURLEKAHzh-rKL3IZq6plYtWMSE7ep6M4%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09f460141e00004aa410294000000001
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 2EC6 70 B
265 B 202ms
66ms Image
image/gif 54.228.162.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEIWeGzy-uNQQFBqxPu9DPdo&google_cver=1&google_push=AQvitUIcJZqxB5ial5-0m-oM-1vdj712AgxOxoXVqfd4lz-_MT3ajfkJTZTVQZxaGx4pRrs4nxglD52JgCO0Ue1oQEpO-K_1jdrh
Requested by: Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.162.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-228-162-19.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2EC6
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFpuYFaeqQNiI_W1RBCdXdE&google_cver=1&google_push=AQvitUKhDDoHK1Cwi1VCjtrUjtm9w27Y8ikYzZuFO4MOZdrAa7Xp0mZ8uHrt3IkFGg1QZXKRUTu...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09ITUFXR0ItWi1MWTVH&google_push=AQvitUKhDDoHK1Cwi1VCjtrUjtm9w27Y8ikYzZuFO4MOZdrAa7Xp0mZ8uHrt3IkFGg1QZXKRUTuVeDNOTuojIPPjlqI3TfYQh_Pj

170 B
188 B

61ms
61ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09ITUFXR0ItWi1MWTVH&google_push=AQvitUKhDDoHK1Cwi1VCjtrUjtm9w27Y8ikYzZuFO4MOZdrAa7Xp0mZ8uHrt3IkFGg1QZXKRUTuVeDNOTuojIPPjlqI3TfYQh_Pj

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09ITUFXR0ItWi1MWTVH&google_push=AQvitUKhDDoHK1Cwi1VCjtrUjtm9w27Y8ikYzZuFO4MOZdrAa7Xp0mZ8uHrt3IkFGg1QZXKRUTuVeDNOTuojIPPjlqI3TfYQh_Pj
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2EC6
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIw1_gCfV2kRyE3RwR6Ry04&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJhDUoDPgWAUeLhdvFQqSQAABIYAAAAB&google_gid=CAESEIw1_gCfV2kRyE3RwR6Ry04&google_push=AQvitUJ2NfGv1AHzNpm7XY0GWxWif1cZukcQBqeNCRWnjOgda6R...

170 B
188 B

61ms
60ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJhDUoDPgWAUeLhdvFQqSQAABIYAAAAB&google_gid=CAESEIw1_gCfV2kRyE3RwR6Ry04&google_push=AQvitUJ2NfGv1AHzNpm7XY0GWxWif1cZukcQBqeNCRWnjOgda6Rs6_yCp8xo93jpCyiUn2gwMn1mxNkByqYuFA4tdO3vwd8FSVhB&google_cver=1

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:17:23 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJhDUoDPgWAUeLhdvFQqSQAABIYAAAAB&google_gid=CAESEIw1_gCfV2kRyE3RwR6Ry04&google_push=AQvitUJ2NfGv1AHzNpm7XY0GWxWif1cZukcQBqeNCRWnjOgda6Rs6_yCp8xo93jpCyiUn2gwMn1mxNkByqYuFA4tdO3vwd8FSVhB&google_cver=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 460
Expires: Sun, 09 May 2021 20:17:23 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2EC6
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGa8pUmfZVe5EfUV-x3gqJs&google_cver=1&google_push=AQvitUIqXeQejXSxD6d34DifULL14lSP2e-wlq7y65p5Z7oYINNeLDHIJpju7qAHwxVcQqw_FJI4xTlC7vWS1Mvnp...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGa8pUmfZVe5EfUV-x3gqJs&google_cver=1&google_push=AQvitUIqXeQejXSxD6d34DifULL14lSP2e-wlq7y65p5Z7oYINNeLDHIJpju7qAHwxVcQqw_FJI4xTlC7vWS1Mvnp...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AQvitUIqXeQejXSxD6d34DifULL14lSP2e-wlq7y65p5Z7oYINNeLDHIJpju7qAHwxVcQqw_FJI4xTlC7vWS1MvnpNv0xMREHhPE&google_hm=1ad13188f3fc46590a7893ee

170 B
188 B

62ms
61ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AQvitUIqXeQejXSxD6d34DifULL14lSP2e-wlq7y65p5Z7oYINNeLDHIJpju7qAHwxVcQqw_FJI4xTlC7vWS1MvnpNv0xMREHhPE&google_hm=1ad13188f3fc46590a7893ee

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 09 May 2021 20:17:23 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AQvitUIqXeQejXSxD6d34DifULL14lSP2e-wlq7y65p5Z7oYINNeLDHIJpju7qAHwxVcQqw_FJI4xTlC7vWS1MvnpNv0xMREHhPE&google_hm=1ad13188f3fc46590a7893ee
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2EC6
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEN2LtDjh35Fug-MMzJNZ1iE&google_cver=1&google_push=AQvitUKu1Pw_hRKIvd_myDI1aZGQXRFJXO-D-d3oD6r-vdU-UXxTeuVIOll2h0FxuP3mHKt-cNSVd7BLYFW4ekxo...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=59e179bce89c2df4621c&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AQvitUKu1Pw_hRKIvd_myDI1aZGQXRFJXO-D...

170 B
188 B

60ms
60ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=59e179bce89c2df4621c&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AQvitUKu1Pw_hRKIvd_myDI1aZGQXRFJXO-D-d3oD6r-vdU-UXxTeuVIOll2h0FxuP3mHKt-cNSVd7BLYFW4ekxo1rM6lpvS7Sdn

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 09 May 2021 20:17:23 GMT
via: 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=59e179bce89c2df4621c&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AQvitUKu1Pw_hRKIvd_myDI1aZGQXRFJXO-D-d3oD6r-vdU-UXxTeuVIOll2h0FxuP3mHKt-cNSVd7BLYFW4ekxo1rM6lpvS7Sdn
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: cKsN1R2F6ZDyxbKVyvRzwYptJ7j_oa5sD6g9d0LpGXi4Sc_WhgpnoQ==

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2EC6
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEMPCrvXtqnNbeJuSwn_JjZQ&google_cver=1&google_push=AQvitUKlWz9RstRD2b0yMn3hDbmQqNbaA6dUuGx37RFu-Dkeg_-2Gv7yCLrIHjmbPEBitM2xar...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEMPCrvXtqnNbeJuSwn_JjZQ&google_cver=1&google_push=AQvitUKlWz9RstRD2b0yMn3hDbmQqNbaA6dUuGx37RFu-Dkeg_-2Gv7yCLrIHjmbPEBitM2xar...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1SeHllVFhORTJ1RUJXd1ptdUM0c1NhR3FHVC5VS0FzSn5B&google_push=AQvitUKlWz9RstRD2b0yMn3hDbmQqNbaA6dUuGx37RFu-Dkeg_-2Gv7yC...

170 B
188 B

61ms
61ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1SeHllVFhORTJ1RUJXd1ptdUM0c1NhR3FHVC5VS0FzSn5B&google_push=AQvitUKlWz9RstRD2b0yMn3hDbmQqNbaA6dUuGx37RFu-Dkeg_-2Gv7yCLrIHjmbPEBitM2xarAY0EcUPFyY2BFZYmgZGEZWXA0m

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 09 May 2021 20:17:23 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1SeHllVFhORTJ1RUJXd1ptdUM0c1NhR3FHVC5VS0FzSn5B&google_push=AQvitUKlWz9RstRD2b0yMn3hDbmQqNbaA6dUuGx37RFu-Dkeg_-2Gv7yCLrIHjmbPEBitM2xarAY0EcUPFyY2BFZYmgZGEZWXA0m
Connection: keep-alive
Content-Length: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 2EC6 0
12 B 59ms
58ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KDMCMbyGe2QYUEUBqbV-6caR2n68RqcesTVj4jU5czn75reN0UwTRqCH77JNiwiNM2gkwP1A

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:23 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js Show response
pagead2.googlesyndication.com/bg/ Frame D397 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8786ea05fcdb361c9f5bf875ad59965c141a27fcc7b99c6462a76ab35180dc5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 18:40:45 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 03 May 2021 10:48:00 GMT
server: sffe
age: 5797
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5698
x-xss-protection: 0
expires: Mon, 09 May 2022 18:40:45 GMT

GET
H3-29 200 Logo_black_0.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/ Frame ED72 4 KB
4 KB 9ms
8ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/Logo_black_0.png

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66e1d7f46761f438550f7894c1f43943000bd680b6043f756cc4492c30e639dc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 286923
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4365
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:11:47 GMT
server: sffe
date: Thu, 06 May 2021 12:35:19 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 May 2022 12:35:19 GMT

GET
H3-29 200 cta.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/ Frame ED72 881 B
911 B 12ms
10ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/cta.png

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6eb1a910a8765764fbd2eee3f572e777bb6bdc14c4ad4030144a95a5e51c3a3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 93120
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 881
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:11:47 GMT
server: sffe
date: Sat, 08 May 2021 18:25:22 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 08 May 2022 18:25:22 GMT

GET
H3-29 200 logo.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/ Frame ED72 3 KB
3 KB 11ms
10ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/logo.png

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

510d07bf2eb847c9f3b61f6c1624684febb6b04624ba304e3b8ef8a47f165cd1

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 564760
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3162
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:11:47 GMT
server: sffe
date: Mon, 03 May 2021 07:24:42 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 May 2022 07:24:42 GMT

GET
H3-29 200 CTA_Signers_blank.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/ Frame ED72 2 KB
2 KB 11ms
9ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/CTA_Signers_blank.png

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

edbec997dbdb9747d5fbc76ebebf0fbf439c057ec50520205740a74c623994c0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 93120
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1889
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:11:47 GMT
server: sffe
date: Sat, 08 May 2021 18:25:22 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 08 May 2022 18:25:22 GMT

GET
H3-29 200 3_1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/ Frame ED72 17 KB
17 KB 10ms
8ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/3_1.jpg

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

adf7d38407a81f931c0ae3f0b20c5d1cd801fc24fb6155b6c1e5ece2000431cc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 227812
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17428
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:11:47 GMT
server: sffe
date: Fri, 07 May 2021 05:00:30 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 May 2022 05:00:30 GMT

GET
H3-29 200 2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/ Frame ED72 9 KB
9 KB 12ms
11ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/2.jpg

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

166f2a180eccb745ea7fd7efb4675ad97146e15d7d49483725876bf9f19cb4e5

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 575698
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9097
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:11:47 GMT
server: sffe
date: Mon, 03 May 2021 04:22:24 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 May 2022 04:22:24 GMT

GET
H3-29 200 1_1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/ Frame ED72 13 KB
13 KB 12ms
11ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13264340863758106624/1_1.jpg

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c173dcd34cfd62b8830955492daf597321b2d3e73dbc9aa1fafae6e2162f716

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 93120
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13102
x-xss-protection: 0
last-modified: Mon, 21 Dec 2020 16:11:47 GMT
server: sffe
date: Sat, 08 May 2021 18:25:22 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 08 May 2022 18:25:22 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8040 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BOhRxUkOYYJDuJ4mZrASNkoC4AQAAAAA4AeAEAg&bg=!5uWl5aHNAAYP3QOmD907ACkAdvg8Wo2lzcU544Z7oa0UhfT1rR6qXJE_z-2FK1lpJHTkl93ATVnEkAIAAADDUgAAABtoAQcKAAR3zGxNmQKGbvlfJrScYzXdda1I30GqqGJ9vV8fBb311Rxg3uYC9yZAwMxDiE2Styz3MQuzN0490QhNYx4G1JzpJVST42v0Rt8ymz8sSTyawEUfL0Wu3Ihx-bxeWwAALZ_su1EJ4bRnFc4pQecDobvHnC1Af51HGAvuAjftbMTJdrOwDgIeGUEet48qJiFl4UvPZlrIFv-sWWI1AEKAzsGO_R8ZOV3uLwxoqk7o7q3r1mjEqoKYKd__JDmSwQVqmfcegOTyn1Cyf35O-FEmlaXFZJnPSxvGdAZnKm7ukP71vDMS2MuRyunihQILOcaZ7NuJS1Ssz-74QpPLJYLgyuqhKnbKWEjxq24wj-013pdU4ZVe7mwrOgk216BdDOty2oIsqnkaF8qoVXTd-65h7Tv4247JhrFwjo8pY6-R_enTiRVpNDZ3xAqHBzQuPYNB0lBk1Edl8yfmSYQuxr-FlSlWEFq3m5Lf-50tlnj7jcGaGgSBu_m_dg6Ru3V5WfDRXdYXp0mwSZQKspFeY8KqTCmFxBQlBN_mk-_QXutoBgscOVQ6WWUAIIZsSpU5XSxsPX8-We2VO_WdV32861J8HCjNvwMd4kWT5NQE4li07tVXV9dAS-Cko8hPgjNwJiNL8B1bn8fi8YC10CLWIth_1JSJ9B44DdBmrHsdwT6q8Zgjdirjuvr_hD9gaynGyY0lii8zPehAKLt9cp_Hg7q-239hyiNVrFCwmEBhiipV7Tja2xgtaj6ysIv0ybRE2Z80kqadwFQ_EQbJf7p3HpGgKZL03zWp0CWl3phvwBOEW4K1ckAlCyG6kDTIPK-q_DORVmRG9WVL1abitACDXD5pMFYsK1eW8XamnUq1rpEa2Q

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D397 0
20 B 51ms
51ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BDU7AUkOYYM2FLsSSrAT2iKfAAQAAAAA4AeAEAg&bg=!IiGlIWXNAAYP3QOmD907ACkAdvg8WooStC1AA8PmV-fogqOdMQNYX8Xjfn6KcKwmRrjVrf_jInMv8gIAAADFUgAAABhoAQcKADBn52JvECbm_PYKx1aPzxzRkEfNKQCuYM4YfyzODGT8eBfrqGxJY_ChyfB7jNfjpN2ZAojenLrzhZ2_0Ou7UroQHGv0tF4MFeltR-mpxpNbDezF54HaU5jSew5gi6ZoxNWsD5mcFx1tx9zrFg8NSVCXWpSDrl9w9MNFdb57sVGxbSSxebDU8Rga0oncz2GNO7cmqcIfksCFPhircxBw6DRvIlDC-niq02a6_z-YUgJeWQZ_YnPnllwLOR2nEsQ0xl7gvfybuRni3TPA1gvtX_teVC4AUAFHrQl-0S29a7qADrknKdL0n6k2JahCIEqynjePkxYM1ONwVK7eDnqZr_qCTvRDJAAXvvCOjplB0TE0OinmmqO0ZMsxd6d3gxyjQcf4YO_jD35OGT_rODl0q7aismoOGHv9_sY6MxUzRi3CcB2TAfjdGDZe4GtqXffo4xIdUaEqeTeArP2JFSCRCgUk33Lnot2z86jGZNEtSupIwOLVCYN6TKfxt5pkDrT5qAmp0KlJ_G3Ij0o60fC3oAPIfEZW90ZVXM-EVcldg67stD2380rOuXhNuDcBy6fxcXrHEPyqjfpz4EPIbCoEu6xPaGpLbJoyPiVHflbQcfbaOIYrVAcOtLWGm9kM2IqEPU7haloQYg63Aopg_ujbU_aQT53nHvVRHuWG7x1BAof9tTQEfdepdOuKlg8VIbC9doFiVlAeH2tWbtJFTZv7kj9jNpGLzIo4hUxeIKIqaARMxVDd1rQlxJzR8QGuaj16Dg8ct1XpRQo3iG5agz0HpMpWmgXUcs1qXmo9BjuY3c5YElAmjXtX1GJn0D2A_6DGbHbRQTOwIlGXz0YEjWIjITuEbEFbFvqZIhfcfrKZGGXUXAPznw0q0xH1TVD0DtYzsH03-me4rjyXRelHNQs2Ps-r-IFBQhWVBimQ0Kw

Requested by

Host: d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
URL: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

06.gif
i.bigmir.net/cnt/
Redirect Chain

https://c.bigmir.net/?s134156&t6&n0.028799821893710664&c1&d24&r1600&f
https://i.bigmir.net/cnt/06.gif

43 B
185 B

228ms
71ms

Image
image/gif

193.239.71.100
BIGMIR-INTERNET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.bigmir.net/cnt/06.gif
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.239.71.100 , Ukraine, ASN39468 (BIGMIR-INTERNET-AS, UA),
Reverse DNS: rs.img.com.ua
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:23 GMT
cache-control: max-age=315360000
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
content-type: image/gif
content-length: 43
expires: Thu, 31 Dec 2037 23:55:55 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 09 May 2021 20:17:23 GMT
Server: nginx
Transfer-Encoding: chunked
Location: //i.bigmir.net/cnt/06.gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Keep-Alive: timeout=5
Expires: 0

GET
H2 200 dc.js Show response
stats.g.doubleclick.net/ 45 KB
17 KB 42ms
14ms Script
text/javascript 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/dc.js

Requested by

Host: mail.i.ua
URL: https://mail.i.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 2565
date: Sun, 09 May 2021 19:34:38 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17093
expires: Sun, 09 May 2021 21:34:38 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 25ms
25ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210505&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3bc6020c8b3cd8cea48084359e664dccd468ab9a7c6c5d61f7cd919274d88d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 09 May 2021 20:17:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7722
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 20:17:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Sun, 09 May 2021 20:17:23 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 5889 12 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mail.i.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mail.i.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Sun, 09 May 2021 18:34:50 GMT
expires: Mon, 09 May 2022 18:34:50 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 6153
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js Show response
pagead2.googlesyndication.com/bg/ Frame 5889 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/h4bqBfzbNhyfW_h1rVmWXBQaJ_zHuZxkYqdqs1GA3F4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8786ea05fcdb361c9f5bf875ad59965c141a27fcc7b99c6462a76ab35180dc5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 09 May 2021 18:40:45 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 03 May 2021 10:48:00 GMT
server: sffe
age: 5798
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5698
x-xss-protection: 0
expires: Mon, 09 May 2022 18:40:45 GMT

GET
H3-29 200 __utm.gif
stats.g.doubleclick.net/r/ 35 B
55 B 28ms
14ms Image
image/gif 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=589712422&utmhn=mail.i.ua&utmcs=windows-1251&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D0%9F%D0%BE%D1%87%D1%82%D0%B0%20-%20%D1%8D%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B0%D1%8F%20%D0%BF%D0%BE%D1%87%D1%82%D0%B0%20%D1%81%20%D0%B4%D0%BE%D0%BC%D0%B5%D0%BD%D0%B0%D0%BC%D0%B8%20%40i.ua%2C%20%40ua.fm%20%D0%B8%20%40email.ua%2C%20%D1%81%D0%BE%D0%B7%D0%B4%D0%B0%D0%B9%D1%82%D0%B5%20%D1%81%D0%B5%D0%B1%D0%B5%20e-mail%20%D0%B0%D0%B4%D1%80%D0%B5%D1%81%20%D0%BD%D0%B0%20%D0%BD%D0%B0%D1%88%D0%B5%D0%BC%20%D0%BF%D0%BE%D1%80%D1%82%D0%B0%D0%BB%D0%B5%20%C2%A0&utmhid=608186328&utmr=-&utmp=%2F&utmht=1620591443452&utmac=UA-34374057-1&utmcc=__utma%3D11729771.1243827245.1620591443.1620591443.1620591443.1%3B%2B__utmz%3D11729771.1620591443.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1964385225&utmredir=3&utmu=qBEAAAAAAAAAAAAAAAAAAAAE~

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 09 May 2021 20:17:23 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 58E4 42 B
64 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsti8jONyrxmcfCBPbPL-zpEOgiFlLWa2gmNDx4iUZWryDEzx8GKdjMSswRuf4rpRyh0ct6o40EeeOfudE2_A4QthUrZ7EZ_J-l8NgbGaXIsFpEZJ-hvAN_-tbKtKA&sai=AMfl-YT4yPebH2N3Bs29lT0ok8kC-Rrf09wRNFlgd3ILWIgr8dCVtc40LzzJEEtXtHekRqH7H1T_QWQChgEGCDSuec7fxBwc-2JbSZXqCY4Jx8WNfJdMkg3NNTkUUrA&sig=Cg0ArKJSzHk2kwiyvAw2EAE&cid=CAASF-Ro88rnJEo-s5f7N3Eek-GDUoZRLarj&id=lidar2&mcvt=1009&p=0,0,90,728&mtos=1009,1009,1009,1009,1009&tos=1009,0,0,0,0&v=20210507&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=1361311546&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1620591441892&dlt=489&rpt=31&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
39ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210505&jk=2604136478997217&bg=!qqmlqe3NAAYP3QOmD907ACkAdvg8WuaLEge56SaW5rfx8P16V9gu8lcqEl5_ObpLqa4fxOpiygoWzAIAAABjUgAAAAxoAQcKAAPYTK-ZAjLzF0aYkIT-UEr_MLMZff1rLShWv4aqBaAXg0j4keO5vzbCBGURg0RlFRcHMpU2TxpI8X9eh_GGROfswLmevXfnSLPJo5vT6D8eATbuT_hMjfyQY5g-OYiy-maS7MUdbAhFkhq7hH0P--q-dTJzVcJ_oLLqFSSnfPBkjlwqUkb7Y6XigQBNRFjkC97zWp015Ljhy0_cNUEcfhPe7di_i0IbQu5s31ldOW5hyCT3OAwxiddW0X_RP9my7QVY1g7lhctbKYsnTXu9C8y5RKgU4XhBpXr-SGqV-oSnC1TQLExmBVJwQ4cOu0TzLNp60oB_AyClssv5Gq3hBy0hEuWxL3-T4WT9gTivGJ9R1D3KcK0UXq2jylu1Gy_FHR3Do86aHA-zrC2oQSxcWwb9Zjgpjl48WY5F1dDrMRKfdy9sEpXYoW2wrQgpYOJqyoasWFIlbsAacBXb4U_J50YjDWrma5EO3GHNRNtz91MUGJJndvwv4ubFMDVatkXUPYNFSBV7-xhlEjZY7bmtviiO04YGEHeaOHFJzvSuszE_-jKzIdudQ4oqAoj5VDI38Y9PD4Me6FyRfq6f0RZXcma2R9H1uCADzoNTgzHUtgXFAQ0II5XkzQztviV8yVRmvHOML-oJrQWlg5V9qDNgvSmusj9DRReEf542X7cxsCUtMk9YcuKY_736PYI-tRQqnE4BrU8LC8z3JlLYGLyENGy4qeIEJNtHFgHOq0ekfF4zqUWPSwkNAbzx

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.i.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1083 42 B
64 B 47ms
46ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstFMTugj-dTtarb525654_F4JzZlMHHkSHBgNjOK0eUhGCKp40-QLyfKQG6hn8xILPZOwrZOtDaj2-blfGzHhSyFy3xOheRXBqPVFQnaHNme2oeHUgas1U3mzyv0A&sai=AMfl-YTVDdCzJrG2ZT1eG_3a0KqK_-V1On6rh9lJ9n1XbnpjLFWe2UqwGqOpqXKaQn4rdS1T_dV6cQZof5YBDvDdxCNOr0WMDTJ2u3rQa4Y9UIt5OYEzjPIdsJRzKZ0&sig=Cg0ArKJSzJmq0Cww4jnpEAE&cid=CAASEuRo7ZbLoUIuYwOmR1ul94WZqw&id=lidar2&mcvt=1000&p=950,0,1204,300&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210507&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=78290566&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1620591442617&dlt=15&rpt=1&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2B8C 42 B
501 B 61ms
43ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvENevp93SyfEbRehfIGsBdVf1F-AeCJIeOOA-EAkTPWG8CuffD90BI-pV2ZRPsVTLBTnZI0QIbwbuh13sESPXITSC_FVZdpiNP4jTAaabFi7LxymZF7AqmY7ICWQ&sai=AMfl-YSxBpxGDgvtdwd9aoZhUtKNtfGLhiV_x8ugg-XJwppE1c3mrW3GGebcir2b91mQWnpQ9SV_jKRziBbp9XR1G3Nzl8u1ALP3SZGxJsv-ba49KmCOnEnGoL49CHc&sig=Cg0ArKJSzJKP-5_8PuH0EAE&cid=CAASEuRoJRaMU80_w3aqP3cyMa1pVQ&id=lidar2&mcvt=1000&p=950,0,1204,300&mtos=0,917,1000,1034,1034&tos=0,917,83,34,0&v=20210507&bin=7&avms=nio&bs=0,0&mc=0.76&if=1&app=0&itpl=20&adk=1399114245&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1620591442681&dlt=18&rpt=1&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 May 2021 20:17:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pa.tns-ua.com
URL: http://pa.tns-ua.com/bug/get_cookie

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEJcRJeiAwMQ98T-jBq1jjZs&google_cver=1&google_push=AQvitULGf0AIf0soacEwBkmjquU00NPrGvXJRfHu2w6wsc_18WgandXOjCDGqX9unH29AXbneHKVL0BiejWEnNLavieOqM6U7R0

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 03:31:27	Name: IDE Value: AHWqTUnVcFbK33EmLu0qOaowvJy_ZUI-kWj3RZlkbrlZHFiumDsi0E1jvz0fxkH7zF0
.i.ua/	1970-01-20 03:31:27	Name: __gads Value: ID=7ecdb0c965ea1fe6:T=1620591441:S=ALNI_Mb1QLooudZooIe21149YdFIWMgFUw
.i.ua/	1970-01-20 18:09:51	Name: __gfp_64b Value: rITVBG2YqL8yWZSskDBPoaGFark9nL.8.cV3Z5zBoRj.Y7\|1620591441
.doubleclick.net/	1970-01-19 18:09:55	Name: DSID Value: NO_DATA
mail.i.ua/	1969-12-31 23:59:59	Name: b Value: b
.i.ua/	1970-01-19 18:24:15	Name: US Value: 0
.i.ua/	1970-01-19 18:24:15	Name: UH Value: 5411359f58d53447
mail.i.ua/	1969-12-31 23:59:59	Name: Value: store.test

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js(Line 1) Message: Chrome
console-api	log	URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js(Line 1) Message: Mraid Ready false
console-api	log	URL: https://i3.i.ua/js/i/autoload.y718797e6.js(Line 80) Message: == DOMLoaded ==
console-api	log	URL: https://i3.i.ua/js/i/autoload.y718797e6.js(Line 80) Message: Autoload._init: initialize
console-api	log	URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js(Line 1) Message: Chrome
console-api	log	URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js(Line 1) Message: Chrome
console-api	log	URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js(Line 1) Message: Event view https://inv-nets-eu.admixer.net/ev_view.aspx?cc=CH%2FZH%2F2657896&am-uid=016c23937bdc4f93bc967eb8638b88aa&zone=10C147C0-92A2-4910-A618-1FBAF92467D1&device=28&rule=367981D1-53B6-4DD6-8A3E-50DB6709E57C&requestId=32aa6221-6e1b-4d57-bb16-cf9a01db7fe5&hp=2002562437&page=mail.i.ua%2F&ts=637561882413771191&ap=NDM%3D&asign=-1824450964&markups=ZG1wZj0wJmRtcHA9ZmFsc2UmY3J0Zj0wJmNydHA9ZmFsc2UmY3J0YXRzPTAmYWRtZj0wJmFkbXA9ZmFsc2UmdGRmPTAmdGRwPWZhbHNlJnRvdGY9MCZ0b3RwPWZhbHNl&sync=45&bt=3&carr=Datacamp+Limited&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=2&extpubid=B33B3BDF-BE0E-438D-ADD0-AADF085D0524&inst=ADS-EU-5&pxl=0&pvid=1f7a5cc3-081b-4c2c-bf97-184c392cafa1&ip=84.17.53.159&item=4B4C6D43-3812-4DB3-AF0C-895D7FF523C8&crid=4B4C6D43-3812-4DB3-AF0C-895D7FF523C8&profile=EA4CA8E5-6ECE-461C-8A10-D3C839FF9999&adv=Mediawayss&dsp=UMH+Digital&dmp_pr=MA==&dstUrl=&cet=4&sw=[e=screen.width]&sh=[e=screen.height]&sf=0
console-api	log	URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js(Line 1) Message: Event view https://inv-nets-eu.admixer.net/ev_view.aspx?cc=CH%2FZH%2F2657896&am-uid=016c23937bdc4f93bc967eb8638b88aa&zone=2724CBF4-A4A5-49CB-84FB-C8DD977B5901&device=28&rule=96C82BEC-B531-4B18-9DCA-C68C264FAC72&requestId=b8b141c7-8c33-420a-b401-940e77130d97&hp=2002562437&page=mail.i.ua%2F&ts=637561882413771191&ap=Nw%3D%3D&asign=1009953158&markups=ZG1wZj0wJmRtcHA9ZmFsc2UmY3J0Zj0wJmNydHA9ZmFsc2UmY3J0YXRzPTAmYWRtZj0wJmFkbXA9ZmFsc2UmdGRmPTAmdGRwPWZhbHNlJnRvdGY9MCZ0b3RwPWZhbHNl&sync=45&bt=3&carr=Datacamp+Limited&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=B33B3BDF-BE0E-438D-ADD0-AADF085D0524&inst=ADS-EU-5&pxl=0&pvid=1f7a5cc3-081b-4c2c-bf97-184c392cafa1&ip=84.17.53.159&item=D401BBDF-2D4C-44B3-BBF7-6E2344ED36A2&crid=D401BBDF-2D4C-44B3-BBF7-6E2344ED36A2&size=728x90&profile=5D5CA5BF-70E9-4F3F-9BF1-CBDE9C06628C&adv=Google&dsp=UMH+Digital&dmp_pr=MA==&dstUrl=&cet=4&sw=[e=screen.width]&sh=[e=screen.height]&sf=0
console-api	log	URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js(Line 1) Message: Event confirmview https://inv-nets.admixer.net/logcz.aspx?zone=10c147c0-92a2-4910-a618-1fbaf92467d1
console-api	log	URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js(Line 1) Message: Event confirmview https://inv-nets.admixer.net/logcz.aspx?zone=2724cbf4-a4a5-49cb-84fb-c8dd977b5901
console-api	log	URL: https://cdn.admixer.net/scripts3/d9d92df4fba73716000e.b.js(Line 1) Message: Event confirmview https://inv-nets-eu.admixer.net/ev_view.aspx?cc=CH%2FZH%2F2657896&am-uid=016c23937bdc4f93bc967eb8638b88aa&zone=2724CBF4-A4A5-49CB-84FB-C8DD977B5901&device=28&rule=96C82BEC-B531-4B18-9DCA-C68C264FAC72&requestId=b8b141c7-8c33-420a-b401-940e77130d97&hp=2002562437&page=mail.i.ua%2F&ts=637561882413771191&ap=Nw%3D%3D&asign=1009953158&markups=ZG1wZj0wJmRtcHA9ZmFsc2UmY3J0Zj0wJmNydHA9ZmFsc2UmY3J0YXRzPTAmYWRtZj0wJmFkbXA9ZmFsc2UmdGRmPTAmdGRwPWZhbHNlJnRvdGY9MCZ0b3RwPWZhbHNl&sync=45&bt=3&carr=Datacamp+Limited&connt=1&devt=2&isapp=0&make=Google&mod=Google+Chrome+-+Windows&os=Windows+10&osv=NT+10.0&adtype=0&extpubid=B33B3BDF-BE0E-438D-ADD0-AADF085D0524&inst=ADS-EU-5&pxl=0&pvid=1f7a5cc3-081b-4c2c-bf97-184c392cafa1&ip=84.17.53.159&item=D401BBDF-2D4C-44B3-BBF7-6E2344ED36A2&crid=D401BBDF-2D4C-44B3-BBF7-6E2344ED36A2&size=728x90&profile=5D5CA5BF-70E9-4F3F-9BF1-CBDE9C06628C&adv=Google&dsp=UMH+Digital&dmp_pr=MA==&dstUrl=&cet=9&sw=[e=screen.width]&sh=[e=screen.height]&sf=0
console-api	log	URL: https://i3.i.ua/js/i/autoload.y718797e6.js(Line 80) Message: == TIMEOUT ==
console-api	log	URL: https://i3.i.ua/js/i/autoload.y718797e6.js(Line 80) Message: == ONLOAD ==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
ad.adopx.net
ad.adriver.ru
ad.invamia.com
ad.mediawayss.com
ad.mox.tv
ad.outstream.today
ad.vidver.to
ad.vidverto.io
ads.betweendigital.com
adservice.google.com
adservice.google.de
ap.lijit.com
bgstats.mox.tv
c.bigmir.net
cdn.admixer.net
cm.g.doubleclick.net
creativecdn.com
d4c5a051ff125c1be89f68824493d522.safeframe.googlesyndication.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
h.holder.com.ua
i.bigmir.net
i.holder.com.ua
i.i.ua
i.ua
i3.i.ua
ib.adnxs.com
idsync.admixer.co.kr
inv-nets-eu.admixer.net
inv-nets.admixer.net
ismatlab.com
kpmediagaua.hit.gemius.pl
m.mixadvert.com
m.trafmag.com
mail.i.ua
match.adsrvr.org
onetag-sys.com
pa.tns-ua.com
pagead2.googlesyndication.com
partner.googleadservices.com
passport.i.ua
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid-eu.creativecdn.com
prg.smartadserver.com
r.i.ua
s.ad.smaato.net
s.console.adtarget.com.tr
s.tribalfusion.com
s0.2mdn.net
securepubads.g.doubleclick.net
source.mmi.bemobile.ua
ssum-sec.casalemedia.com
stats.g.doubleclick.net
sync.mathtag.com
tpc.googlesyndication.com
tracking.m6r.eu
unpkg.com
ups.analytics.yahoo.com
us-u.openx.net
www.google.com
www.googletagservices.com
x.bidswitch.net
google2waycm.netmng.com
pa.tns-ua.com
104.111.237.88
142.250.181.226
142.250.185.130
143.204.209.110
146.0.227.110
147.135.189.55
167.71.9.19
18.197.47.23
183.110.238.136
185.132.133.134
185.165.240.175
185.180.220.208
185.180.223.67
185.184.8.30
185.29.132.69
185.86.138.16
188.42.191.196
193.200.65.6
193.239.68.97
193.239.71.100
194.247.175.23
195.209.108.37
2.18.234.21
212.8.250.83
2606:4700::6810:7caf
2606:4700::6812:c05
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1288:110:c305::8000
2a00:1450:4001:802::2003
2a00:1450:4001:808::2004
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2001
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:812::2006
2a00:1450:4001:813::2001
2a00:1450:4001:827::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2003
2a00:1450:400c:c08::9d
2a03:90c0:41:2801::254
2a0c:5c81:5095:0:225:90ff:fefa:245d
3.125.99.7
3.126.56.137
35.244.159.8
37.252.173.62
51.38.120.206
52.19.6.23
52.59.128.17
54.228.162.19
54.37.238.28
69.173.144.165
72.251.249.13
91.198.36.14
91.198.36.16
91.198.36.26
91.198.36.35
91.198.36.78
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
0aafcf7215f16bffb8bd442910b5d318a004d91f2d7018163bed08e3446cab6d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c173dcd34cfd62b8830955492daf597321b2d3e73dbc9aa1fafae6e2162f716
0de7a49f6d21fbef846aba4bd271502d7ec9489bfbb3fd96f5ff7cf19140875e
0e7cf285a1b739de82e47d7d61d6cf98dacdf234af698510179eb55b951adca5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
11322d98807a606db0ee33e701418e86e952c81fbfcbf4a025e5244c4e734c36
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1475a32cbdb80935b16d0700efe8b105a645f5539caf3bd8aa1fc182f6595af1
166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da
166f2a180eccb745ea7fd7efb4675ad97146e15d7d49483725876bf9f19cb4e5
16b32184cbd9833b9808463219857d6ef0f6abb8832c3e9d305a7a972ee1e52b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1841ed9521bbac24ba8cf06cff19eeea6cb313e771a3e54f2b477ddf057ea19c
1b79095567dfba352749489d07181a4207a94460f7f08a7b873a4ca9d1343864
1d4af9cf7fd74a43e7640f0d828823068c6d6dfe7688ca8a122cc1cf6fd6ca03
271d3016dc92531bffe29291ecbb0f3e557cebaa5570ed917c914e1edadbe43a
281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340
2b481fde7487d79cff39b1bd0f30d38ee7f561e6581a519aeb0f37feb8146653
2bcb06d6faa4ca062642d7b2e98970ef0343614d2ec8364f52d2a78d42b3732b
2c5a2785b0eadac3c7ae64624227cfb2bec2574fe58220ac18d8e58f912aa666
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f2ebd8631b849f0de058213f9a0da527686384d8c14fde20fff22c2f9dba6cc
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
34d2fbda9fa1fb9b703d86ab3952e210aa4b345747e719ca8d4221e8b7d982d3
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3daab60e8bf12ab27a90ea193619004c6784827fb55307a67258fb1de3b4c11a
43ce5e5fc944426f117531e92e0f3b86daa5fd4d4a9230a8019fdb5c1e2d1dd1
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
510d07bf2eb847c9f3b61f6c1624684febb6b04624ba304e3b8ef8a47f165cd1
5226fb47729833e6358fa45f0d21d10c1b498c0782cd216fe051f8ec1e55012a
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
57866e277d94d47eada9fe91d003a23e0a14498af5076b30297970c5f04c94ef
57c5be87b92ba8143fc1213270e4bc0eaf34591071871fea6a72380f5b0240d0
594ca5002b9cdd63b301365c4dd76f3a08e23049f6aee1f62258d20da8ef1345
5cd6c951096f7a376ac4d67812d7c09a069452cba6c4fa4f0ea1f052c1fd0c28
5d1b56a762d63b6e9bfb8a70552ce75c1c3938c782f8d9de971ecc960836c451
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
606fb015f87ba5bbcf783cd6fecf1ac351ede8dafa4767a43be8cf80f1634eb6
60f74110267d386c033ca330fc5bbd7d2472c972b63b33fa8000e87c8f815de6
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
63b18b5635fc1818da6712734fc0d500652a85fecf6dfe1b4cb3cee139e52899
66e1d7f46761f438550f7894c1f43943000bd680b6043f756cc4492c30e639dc
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
684b25843a4e19f497910eeaea919db40b3cadb0c2d1f5122ad1ef6ce6268bed
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6bda1421fc5ce7934caf8d700fd8111808a0111e5e406ec96ae23f74f9177e85
6c0323654adf4b827bfe0a98ffa48359d6468e3cc7aee1b909616c7ae5b7343a
6df001cf4999e4267172cbc7294dbc17a43a2af6e558a36c476286322fbcc7bc
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
74d58f283fbb7a9aea0f9023f2d90228f1302aeb78be102dba5ec0b2ac9c4089
77651d06d987b95f32821dd3800c754db04b4ab74f6e7cebec2e7f59cda47b1f
782ed812720bd76fb55f0918e33fd9d79a2b9f1fd63b4919a65afed0eb6656a9
78814ede6b9f9c7199153e96dbd33de7dbafa59fac105f2ee9c04297364d435c
7c39286215941be6b862e4204ec6e9a8fad353faf02fd09b571a0a363bdddfdf
802c6d8cd4c0f4b05291044633e84e1a86093eedecc2dc4e15c46c66d5b10f06
82f55d8336d76c7b5b89106d7a440d2b01f2b895ef796015ff5b0cf433743f40
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8786ea05fcdb361c9f5bf875ad59965c141a27fcc7b99c6462a76ab35180dc5e
8d0699772b8ca80d6ef1ac55871141afd77cda372f15f1a97b74b41dae70ab25
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dcad27b286bd77aedd1eab01d9209261c594910c278a21c1195297ecda42867
8f6579b2c579aa6a2e089f3d0f7beda646657ccbc948b87d1c3ff972bd05fa4e
8fbe99cac77c56627e9529552e91498163cb49c395e5dd7e0aa8e24ff07c74e5
8fc4de112cb05f02f61d7856ee3b9ca6a8cd68ea5397520120c5183b99bffc17
91e9d4a3826a7d2831bf8e85b079192ca76e4bbaf309f0699632bb4d68279245
92d292af41bdad8a7e5cdea19da14fd3f496bc02965aacd93a013c3b6464edee
937511b9ff4b72a44415cbf3bbcf0fa2723781a9174d031f9cdc2d44b117c1d5
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
97ce8ab21f20c49ac4f5f581cbf8dde59b5c314ed7c97c6fbb1a1e21e6b63541
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9cd58fce5ff7afd625c8e887719242e31afdc0bbfd418eb34d1eb8c9789b84a4
9d1b34b11ccdac9862d314258cbdbbbcbe8354eac135e7e45a74926095d3b2cc
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1acb0b960e4b3cef820ec00163ffa6509522bd3d45716b190cf560f09c7c52e
a3bc6020c8b3cd8cea48084359e664dccd468ab9a7c6c5d61f7cd919274d88d7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
a6eb1a910a8765764fbd2eee3f572e777bb6bdc14c4ad4030144a95a5e51c3a3
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
abca7a4362ed8b6c7a04d77317bbabd0443d27430ce5d4670878ef39b61ae871
acb8d9c7e9ffc6b6873755e1a15d74e39339218515d82dbda78d252a1c7f0f55
adf7d38407a81f931c0ae3f0b20c5d1cd801fc24fb6155b6c1e5ece2000431cc
ae31dd5732a2f7e44b749c738632e61ec6cccb4bf62c871842f100196d18646a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1d0602272ae1a1a50d071170b1d810f3a09925fe2e530a739663a7f12e3f98d
b3883229115068714ffc63c82db6f810e84201317cb0385cc3b7c94b0c305554
b5f1343b46d0b18e78ae7bfb6ec5cfd0195a35a07f74da58d0612e06b1c429c2
b61abad8ac3d9892a9f0448bfd4b18ebddd7d5f174111686d70f8f2b7d59dc61
b7d818c698d26d9d34c00c94853c93b34abb2fd53e97c415fafb9e84df993f31
c0fb029202d8de1191ed09e7a435bec23c5bbcd8f447ceb609bfc71eaebf1430
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
cab3c494c4882f59a3b9fba0adfce067833619b0e87fb4fcec783b0b591b05ef
cc4485b98bb5818c5d48fb23119879c956a55a4e3630f9305192aaa770b17399
cd803bf6edd3eeb159f7ffc11d6078a06969c7ae3391c1a83cf851c24adac19e
cea0f8101de8a13f1f4a4610f910c8e6349c8f730ae8c5cb8e9b4823212e451c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d01bee2217520e397ef576db7942e716b942351a43c356b487356f76da4a39c9
d11ff26c512fe268c542d080b40ad6f60bb563c8dceca6879599fea3b7047246
d1201a9350c4b69ee61d8b77bf78ce64de672ed519aa71d8df8e2dae1ff84e3a
d41478a8574c785058d0145576d696cd83de38a293b6f20d553bc5f69c78501e
d7d7eee7eab46d218652eb981e64483ebe6157186cf779e11f0a99fec70ef0e2
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
dce31a6eb9372790fc1bffe91850698f06d5f85efe59555770f63aa8f0693537
df0acf5ff16251aa86de74b66cec8431c7c767b6534ae97b7ca51bfb6203f403
e0754399a6b65b8ec41171e4462edad8a3105cb0e624aceb45d64b05d718b8e2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e76161afe81de38b97738d5d9008b7f211017ed268ebc8998acce1f3e9c49f61
edbec997dbdb9747d5fbc76ebebf0fbf439c057ec50520205740a74c623994c0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0248976da97cef9d507c26ab78186f1fc82a4dc71963f29cc49946f09e72d69
f43121e8466577816a16da77f5b7948aa5496afeac7876a6318d7e967e73cb39
fb3099c6cbde742389b5c2907f2f05d32f57e295648e7e726575ab5f1bb90b57

mail.i.ua Open in urlscan Pro 91.198.36.14 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

221 Requests

97 %HTTPS

31 %IPv6

50 Domains

71 Subdomains

43 IPs

12 Countries

1808 kBTransfer

4720 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

221 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

mail.i.ua Open in urlscan Pro
91.198.36.14 Public Scan

Screenshot
Live screenshot

Full Image

221
Requests

97 %
HTTPS

31 %
IPv6

50
Domains

71
Subdomains

43
IPs

12
Countries

1808 kB
Transfer

4720 kB
Size

8
Cookies

221 HTTP transactions
1 data transactions