subject.com.ua Open in urlscan Pro
31.131.26.2 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.subject.com.ua/
Effective URL:
https://subject.com.ua/
Submission: On March 20 via api (March 20th 2021, 6:47:09 pm UTC) from US

Summary HTTP 507 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 79 IPs in 14 countries across 84 domains to perform 507 HTTP transactions. The main IP is 31.131.26.2, located in Ukraine and belongs to VPS-UA-AS, UA. The main domain is subject.com.ua.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 19th 2020. Valid for: a year.

This is the only time subject.com.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 4	31.131.26.2 31.131.26.2	56851 (VPS-UA-AS) (VPS-UA-AS)
1	2600:9000:218... 2600:9000:2182:3600:6:b871:4f00:93a1	16509 (AMAZON-02) (AMAZON-02)
55	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
19	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
2	2600:9000:206... 2600:9000:206f:b200:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2606:4700:303... 2606:4700:3033::ac43:de92	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a03:90c0:41:... 2a03:90c0:41:2801::254	199524 (GCORE) (GCORE)
6	91.134.109.141 91.134.109.141	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700:303... 2606:4700:3033::6815:2384	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
2	13.226.158.204 13.226.158.204	16509 (AMAZON-02) (AMAZON-02)
1	18.196.233.38 18.196.233.38	16509 (AMAZON-02) (AMAZON-02)
1 10	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
8	144.217.66.206 144.217.66.206	16276 (OVH) (OVH)
6	51.79.79.82 51.79.79.82	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
30	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:1b:... 2a04:4e42:1b::621	54113 (FASTLY) (FASTLY)
10	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
49	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
38	142.44.213.167 142.44.213.167	16276 (OVH) (OVH)
32	2a00:1450:400... 2a00:1450:4001:801::2006	15169 (GOOGLE) (GOOGLE)
1	193.200.65.5 193.200.65.5	6681 (GIVEME-CLOUD) (GIVEME-CLOUD)
2 2	104.19.135.78 104.19.135.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	31.220.27.134 31.220.27.134	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	136.243.84.75 136.243.84.75	24940 (HETZNER-AS) (HETZNER-AS)
1	34.120.139.69 34.120.139.69	15169 (GOOGLE) (GOOGLE)
2 3	193.232.148.144 193.232.148.144	48061 (UMA-TECH-AS) (UMA-TECH-AS)
1 1	146.0.227.110 146.0.227.110	20773 (GODADDY) (GODADDY)
1	193.200.65.6 193.200.65.6	6681 (GIVEME-CLOUD) (GIVEME-CLOUD)
1	37.18.16.22 37.18.16.22	205675 (HYBRID-AS) (HYBRID-AS)
14	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
21 78	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
11 25	104.75.89.8 104.75.89.8	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	3.127.88.255 3.127.88.255	16509 (AMAZON-02) (AMAZON-02)
4 4	35.157.13.31 35.157.13.31	16509 (AMAZON-02) (AMAZON-02)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	124.146.215.42 124.146.215.42	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
1 1	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1 2	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
2 2	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
3	51.178.20.139 51.178.20.139	16276 (OVH) (OVH)
3 3	37.157.4.28 37.157.4.28	198622 (ADFORM) (ADFORM)
8 8	213.19.147.151 213.19.147.151	3356 (LEVEL3) (LEVEL3)
3 3	3.124.88.100 3.124.88.100	16509 (AMAZON-02) (AMAZON-02)
2	34.241.165.231 34.241.165.231	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1 1	34.246.227.69 34.246.227.69	16509 (AMAZON-02) (AMAZON-02)
1 1	2620:119:50e3... 2620:119:50e3:101::6cae:b45	14413 (LINKEDIN) (LINKEDIN)
3 3	172.105.203.31 172.105.203.31	63949 (LINODE-AP...) (LINODE-AP Linode)
2 2	31.172.81.172 31.172.81.172	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
2 2	37.9.245.57 37.9.245.57	16345 (BEE-AS Ru...) (BEE-AS Russia)
1	213.202.235.8 213.202.235.8	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	34.247.220.143 34.247.220.143	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
5	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	104.75.88.140 104.75.88.140	16625 (AKAMAI-AS) (AKAMAI-AS)
1	78.40.88.153 78.40.88.153	51664 (AS-BILEND...) (AS-BILENDI-TECH)
2 3	54.216.123.169 54.216.123.169	16509 (AMAZON-02) (AMAZON-02)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
1 1	13.226.159.49 13.226.159.49	16509 (AMAZON-02) (AMAZON-02)
2 2	52.58.236.252 52.58.236.252	16509 (AMAZON-02) (AMAZON-02)
1 1	104.76.200.23 104.76.200.23	16625 (AKAMAI-AS) (AKAMAI-AS)
4 4	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2 3	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
2 4	34.196.174.57 34.196.174.57	14618 (AMAZON-AES) (AMAZON-AES)
2 3	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	18.197.99.6 18.197.99.6	16509 (AMAZON-02) (AMAZON-02)
10	136.243.5.16 136.243.5.16	24940 (HETZNER-AS) (HETZNER-AS)
2	34.206.10.182 34.206.10.182	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:50::8	15169 (GOOGLE) (GOOGLE)
3 3	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
1 1	81.222.128.214 81.222.128.214	20597 (ELTEL-AS) (ELTEL-AS)
2 2	70.42.32.63 70.42.32.63	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	80.64.106.148 80.64.106.148	20764 (RASCOM-AS...) (RASCOM-AS CJSC RASCOM ISP)
1	18.179.240.58 18.179.240.58	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
1	144.76.128.227 144.76.128.227	24940 (HETZNER-AS) (HETZNER-AS)
4 4	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
4 4	213.155.156.167 213.155.156.167	1299 (TELIANET ...) (TELIANET Telia Carrier)
9	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
2	104.75.88.214 104.75.88.214	16625 (AKAMAI-AS) (AKAMAI-AS)
14	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5 5	54.194.129.87 54.194.129.87	16509 (AMAZON-02) (AMAZON-02)
1 1	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
1	185.86.137.110 185.86.137.110	201081 (SMARTADSE...) (SMARTADSERVER)
1	2606:4700:10:... 2606:4700:10::6816:1957	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	77.243.60.138 77.243.60.138	42697 (NETIC-AS) (NETIC-AS)
2 2	35.201.96.126 35.201.96.126	15169 (GOOGLE) (GOOGLE)
1	185.64.189.249 185.64.189.249	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	159.253.128.188 159.253.128.188	36351 (SOFTLAYER) (SOFTLAYER)
1 1	185.29.132.68 185.29.132.68	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	185.33.221.50 185.33.221.50	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	51.255.68.171 51.255.68.171	16276 (OVH) (OVH)
2	185.64.189.114 185.64.189.114	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
1 1	159.65.197.210 159.65.197.210	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
507	79

4 31.131.26.2 (Ukraine) 1 redirects

ASN56851 (VPS-UA-AS, UA)
PTR: valerym.sv

www.subject.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
subject.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:3600:6:b871:4f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

55 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:206f:b200:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3033::ac43:de92 (United States)

ASN13335 (CLOUDFLARENET, US)

a.vdo.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:90c0:41:2801::254 (Frankfurt am Main, Germany)

ASN199524 (GCORE, LU)

cdn.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 91.134.109.141 (France)

ASN16276 (OVH, FR)
PTR: app-08.adpartner.pro

a4p.adpartner.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3033::6815:2384 (United States)

ASN13335 (CLOUDFLARENET, US)

targeting.vdo.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.158.204 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-158-204.dus51.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.196.233.38 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-233-38.eu-central-1.compute.amazonaws.com

stat.optad360.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 144.217.66.206 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: ns535844.ip-144-217-66.net

analytics.vdo.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 51.79.79.82 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: ns568735.ip-51-79-79.net

track.vdo.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::621 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 142.44.213.167 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: ns554459.ip-142-44-213.net

h.vdo.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:801::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.200.65.5 (Amsterdam, Netherlands)

ASN6681 (GIVEME-CLOUD, PL)
PTR: t.trafmag.com

t.trafmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.135.78 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

cm.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.220.27.134 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

s.uuidksinc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 136.243.84.75 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.75.84.243.136.clients.your-server.de

recreativ.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.139.69 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 69.139.120.34.bc.googleusercontent.com

dsp-trk.eskimi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 193.232.148.144 (Russian Federation) 2 redirects

ASN48061 (UMA-TECH-AS, RU)
PTR: hosting.adhigh.net

px.adhigh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.0.227.110 (Ascension Island) 1 redirects

ASN20773 (GODADDY, DE)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.200.65.6 (Amsterdam, Netherlands)

ASN6681 (GIVEME-CLOUD, PL)
PTR: adforce.team

m.trafmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.18.16.22 (Netherlands)

ASN205675 (HYBRID-AS, RU)

dm.hybrid.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

78 142.250.185.130 (United States) 21 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 104.75.89.8 (Frankfurt am Main, Germany) 11 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-8.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.127.88.255 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.157.13.31 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.162.133.149 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.42 (Setagaya-ku, Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.159.118 (Germany) 2 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.178.20.139 (France)

ASN16276 (OVH, FR)
PTR: proxy0393.eu3.dynfactory.com

c.eu1.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.4.28 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 213.19.147.151 (United Kingdom) 8 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.124.88.100 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.241.165.231 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-165-231.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.246.227.69 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-227-69.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:119:50e3:101::6cae:b45 (United States) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.105.203.31 (Tokyo, Japan) 3 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1857-31.members.linode.com

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.172.81.172 (Germany) 2 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync3.sniperlog.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.bumlam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.9.245.57 (Russian Federation) 2 redirects

ASN16345 (BEE-AS Russia, RU)

google.ops.beeline.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.202.235.8 (Düsseldorf, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.247.220.143 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-220-143.eu-west-1.compute.amazonaws.com

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.75.88.140 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-140.deploy.static.akamaitechnologies.com

s407.mxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.40.88.153 (France)

ASN51664 (AS-BILENDI-TECH, FR)
PTR: darcs.maximiles.com

darcs.meinungsplatz.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.216.123.169 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.159.49 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-49.dus51.r.cloudfront.net

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.58.236.252 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-236-252.eu-central-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.76.200.23 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-200-23.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.56.137 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1288:110:c305::8000 (United Kingdom) 2 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.196.174.57 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-174-57.compute-1.amazonaws.com

cs.chocolateplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.99.6 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-99-6.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 136.243.5.16 (Germany)

ASN24940 (HETZNER-AS, DE)

b53.s407.meetrics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.206.10.182 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:50::8 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r2---sn-4g5e6nle.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.114.49 (Frankfurt am Main, Germany) 3 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.222.128.214 (Russian Federation) 1 redirects

ASN20597 (ELTEL-AS, RU)
PTR: ad14.adriver.ru

ssp.adriver.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.63 (United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.64.106.148 (Russian Federation) 1 redirects

ASN20764 (RASCOM-AS CJSC RASCOM ISP, RU)
PTR: s-fr3.rutarget.ru

google-sync.rutarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.179.240.58 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.76.128.227 (Remscheid, Germany)

ASN24940 (HETZNER-AS, DE)

serving.stat-rock.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 66.155.71.149 (Portsmouth, United Kingdom) 4 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.155.156.167 (Sweden) 4 redirects

ASN1299 (TELIANET Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.75.88.214 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.194.129.87 (Dublin, Ireland) 5 redirects

ASN16509 (AMAZON-02, US)

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.140 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.110 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:1957 (United States)

ASN13335 (CLOUDFLARENET, US)

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.243.60.138 (Aalborg, Denmark)

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.96.126 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.249 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

aud.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.253.128.188 (Amsterdam, Netherlands)

ASN36351 (SOFTLAYER, US)

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.68 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.50 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.255.68.171 (France) 1 redirects

ASN16276 (OVH, FR)

dsp.nrich.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.65.197.210 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1400 (United States)

ASN41041 (VCLK-EU-SE, US)

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
138	doubleclick.net 21 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net googleads4.g.doubleclick.net cm.g.doubleclick.net ad.doubleclick.net	411 KB
123	googlesyndication.com pagead2.googlesyndication.com 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	855 KB
60	vdo.ai a.vdo.ai targeting.vdo.ai analytics.vdo.ai track.vdo.ai h.vdo.ai	5 MB
34	2mdn.net 1 redirects s0.2mdn.net gcdn.2mdn.net r2---sn-4g5e6nle.c.2mdn.net	2 MB
27	pubmatic.com 2 redirects hbopenbid.pubmatic.com image6.pubmatic.com ads.pubmatic.com image2.pubmatic.com simage2.pubmatic.com aud.pubmatic.com image4.pubmatic.com simage4.pubmatic.com	41 KB
25	casalemedia.com 11 redirects dsum-sec.casalemedia.com ssum-sec.casalemedia.com	23 KB
23	google.com 1 redirects cse.google.com www.google.com clients1.google.com adservice.google.com	172 KB
11	google-analytics.com www.google-analytics.com	38 KB
10	meetrics.net b53.s407.meetrics.net	3 KB
10	googletagservices.com www.googletagservices.com	348 KB
7	yahoo.com 6 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	6 KB
6	google.ch adservice.google.ch	2 KB
6	adsafeprotected.com pixel.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	93 KB
6	adpartner.pro a4p.adpartner.pro	7 KB
5	bidr.io 5 redirects match.prod.bidr.io	3 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	38 KB
5	admixer.net 1 redirects cdn.admixer.net inv-nets.admixer.net	78 KB
4	de17a.com 4 redirects d5p.de17a.com	1 KB
4	sitescout.com 4 redirects pixel-sync.sitescout.com	2 KB
4	chocolateplatform.com 2 redirects cs.chocolateplatform.com	864 B
4	everesttech.net 4 redirects pixel.everesttech.net sync-tm.everesttech.net	1 KB
4	unrulymedia.com 4 redirects sync.targeting.unrulymedia.com	3 KB
4	1rx.io 4 redirects sync.1rx.io	2 KB
4	bidswitch.net 4 redirects x.bidswitch.net	2 KB
4	googleapis.com imasdk.googleapis.com www.googleapis.com fonts.googleapis.com	304 KB
4	subject.com.ua 1 redirects www.subject.com.ua subject.com.ua	34 KB
3	adsrvr.org 2 redirects match.adsrvr.org	1 KB
3	appier.net 3 redirects a.c.appier.net	2 KB
3	3lift.com 3 redirects eb2.3lift.com	1 KB
3	adform.net 3 redirects c1.adform.net	1 KB
3	dyntrk.com c.eu1.dyntrk.com	645 B
3	adhigh.net 2 redirects px.adhigh.net	1 KB
3	googletagmanager.com www.googletagmanager.com	115 KB
3	optad360.io cmp.optad360.io get.optad360.io	547 KB
2	adnxs.com 2 redirects ib.adnxs.com	2 KB
2	fiftyt.com 2 redirects visitor.fiftyt.com	996 B
2	zemanta.com 2 redirects b1sync.zemanta.com	1 KB
2	advertising.com 2 redirects pixel.advertising.com	935 B
2	360yield.com 2 redirects match.360yield.com	788 B
2	beeline.ru 2 redirects google.ops.beeline.ru	1 KB
2	adition.com 2 redirects dsp.adfarm1.adition.com	1 KB
2	quantserve.com 1 redirects cms.quantserve.com pixel.quantserve.com	905 B
2	sonobi.com 2 redirects sync.go.sonobi.com	2 KB
2	openx.net 2 redirects rtb.openx.net	761 B
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	mgid.com 2 redirects cm.mgid.com	951 B
2	trafmag.com t.trafmag.com m.trafmag.com	583 B
2	google.de www.google.de adservice.google.de	906 B
2	amazon-adsystem.com c.amazon-adsystem.com	34 KB
1	dotomi.com pubmatic-match.dotomi.com	104 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	550 B
1	turn.com 1 redirects ad.turn.com	518 B
1	nrich.ai 1 redirects dsp.nrich.ai	489 B
1	mathtag.com 1 redirects sync.mathtag.com	680 B
1	simpli.fi um.simpli.fi	609 B
1	semasio.net uipglob.semasio.net	253 B
1	zeotap.com mwzeom.zeotap.com	596 B
1	smartadserver.com rtb-csync.smartadserver.com	163 B
1	contextweb.com 1 redirects bh.contextweb.com	793 B
1	criteo.com dis.criteo.com	284 B
1	stat-rock.com serving.stat-rock.com	95 KB
1	adingo.jp cc.adingo.jp	44 B
1	rutarget.ru 1 redirects google-sync.rutarget.ru	578 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	461 B
1	adriver.ru 1 redirects ssp.adriver.ru	339 B
1	media.net 1 redirects cs.media.net	1 KB
1	smaato.net 1 redirects s.ad.smaato.net	689 B
1	blismedia.com tr.blismedia.com	135 B
1	meinungsplatz.ch darcs.meinungsplatz.ch	634 B
1	mxcdn.net s407.mxcdn.net	53 KB
1	exactag.com m.exactag.com	1 KB
1	bumlam.com 1 redirects sync.bumlam.com	681 B
1	sniperlog.ru 1 redirects sync3.sniperlog.ru	370 B
1	linkedin.com 1 redirects px.ads.linkedin.com	594 B
1	rfihub.com 1 redirects a.rfihub.com	1 KB
1	socdm.com 1 redirects tg.socdm.com	1 KB
1	hybrid.ai dm.hybrid.ai	332 B
1	eskimi.com dsp-trk.eskimi.com	133 B
1	recreativ.ru recreativ.ru	112 B
1	uuidksinc.net s.uuidksinc.net	268 B
1	jsdelivr.net cdn.jsdelivr.net	904 B
1	googleadservices.com partner.googleadservices.com	440 B
1	consensu.org stat.optad360.mgr.consensu.org	286 B
0	netmng.com Failed google2waycm.netmng.com Failed
507	84

	Domain	Requested by
78	cm.g.doubleclick.net	21 redirects googleads.g.doubleclick.net 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com subject.com.ua
55	pagead2.googlesyndication.com	subject.com.ua pagead2.googlesyndication.com srcdoc 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com s0.2mdn.net
49	tpc.googlesyndication.com	securepubads.g.doubleclick.net googleads.g.doubleclick.net subject.com.ua 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com tpc.googlesyndication.com s0.2mdn.net pagead2.googlesyndication.com
38	h.vdo.ai	a.vdo.ai
32	s0.2mdn.net	imasdk.googleapis.com 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com subject.com.ua s0.2mdn.net
26	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com subject.com.ua imasdk.googleapis.com
23	dsum-sec.casalemedia.com	9 redirects googleads.g.doubleclick.net
18	securepubads.g.doubleclick.net	subject.com.ua securepubads.g.doubleclick.net
14	googleads4.g.doubleclick.net	subject.com.ua googleads.g.doubleclick.net
13	www.google.com	1 redirects cse.google.com subject.com.ua www.google.com 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
11	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com subject.com.ua a4p.adpartner.pro
10	b53.s407.meetrics.net	3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com subject.com.ua
10	3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com	securepubads.g.doubleclick.net 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
10	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
9	ade.googlesyndication.com	subject.com.ua
8	simage2.pubmatic.com	image6.pubmatic.com ads.pubmatic.com
8	analytics.vdo.ai	a.vdo.ai
7	adservice.google.com	pagead2.googlesyndication.com imasdk.googleapis.com
6	image2.pubmatic.com	image6.pubmatic.com ads.pubmatic.com
6	adservice.google.ch	imasdk.googleapis.com
6	track.vdo.ai	subject.com.ua
6	a4p.adpartner.pro	subject.com.ua a4p.adpartner.pro
6	a.vdo.ai	subject.com.ua a.vdo.ai
5	match.prod.bidr.io	5 redirects
5	hbopenbid.pubmatic.com	a.vdo.ai
4	d5p.de17a.com	4 redirects
4	pixel-sync.sitescout.com	4 redirects
4	cs.chocolateplatform.com	2 redirects subject.com.ua
4	ups.analytics.yahoo.com	4 redirects
4	sync.targeting.unrulymedia.com	4 redirects
4	sync.1rx.io	4 redirects
4	x.bidswitch.net	4 redirects
4	cdn.admixer.net	subject.com.ua cdn.admixer.net
3	sync-tm.everesttech.net	3 redirects
3	image6.pubmatic.com	2 redirects ads.pubmatic.com
3	pr-bh.ybp.yahoo.com	2 redirects ads.pubmatic.com
3	match.adsrvr.org	2 redirects 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
3	a.c.appier.net	3 redirects
3	www.gstatic.com	3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
3	eb2.3lift.com	3 redirects
3	c1.adform.net	3 redirects
3	c.eu1.dyntrk.com	3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
3	px.adhigh.net	2 redirects subject.com.ua
3	www.googletagmanager.com	subject.com.ua a.vdo.ai www.googletagmanager.com
3	subject.com.ua	subject.com.ua
2	ib.adnxs.com	2 redirects
2	visitor.fiftyt.com	2 redirects
2	ads.pubmatic.com	a.vdo.ai ads.pubmatic.com
2	b1sync.zemanta.com	2 redirects
2	dt.adsafeprotected.com	subject.com.ua
2	pixel.advertising.com	2 redirects
2	match.360yield.com	2 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	fonts.gstatic.com	fonts.googleapis.com
2	static.adsafeprotected.com	pixel.adsafeprotected.com 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
2	google.ops.beeline.ru	2 redirects
2	pixel.adsafeprotected.com	3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com subject.com.ua
2	dsp.adfarm1.adition.com	2 redirects
2	sync.go.sonobi.com	2 redirects
2	rtb.openx.net	2 redirects
2	pm.w55c.net	2 redirects
2	cm.mgid.com	2 redirects
2	imasdk.googleapis.com	a.vdo.ai imasdk.googleapis.com
2	c.amazon-adsystem.com	subject.com.ua c.amazon-adsystem.com
2	targeting.vdo.ai	a.vdo.ai
2	get.optad360.io	subject.com.ua get.optad360.io
2	cse.google.com	subject.com.ua www.google.com
1	simage4.pubmatic.com	ads.pubmatic.com
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	match.adsby.bidtheatre.com	1 redirects
1	ad.turn.com	1 redirects
1	pixel.quantserve.com	1 redirects
1	image4.pubmatic.com	ads.pubmatic.com
1	dsp.nrich.ai	1 redirects
1	sync.mathtag.com	1 redirects
1	um.simpli.fi	ads.pubmatic.com
1	aud.pubmatic.com	ads.pubmatic.com
1	uipglob.semasio.net	ads.pubmatic.com
1	mwzeom.zeotap.com	ads.pubmatic.com
1	rtb-csync.smartadserver.com	image6.pubmatic.com
1	bh.contextweb.com	1 redirects
1	dis.criteo.com	image6.pubmatic.com
1	serving.stat-rock.com	get.optad360.io
1	ad.doubleclick.net	subject.com.ua
1	cc.adingo.jp	3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
1	google-sync.rutarget.ru	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	ssp.adriver.ru	1 redirects
1	r2---sn-4g5e6nle.c.2mdn.net	s0.2mdn.net
1	gcdn.2mdn.net	1 redirects
1	cs.media.net	1 redirects
1	s.ad.smaato.net	1 redirects
1	tr.blismedia.com	3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
1	darcs.meinungsplatz.ch	3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
1	s407.mxcdn.net	s0.2mdn.net
1	m.exactag.com	3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
1	sync.bumlam.com	1 redirects
1	sync3.sniperlog.ru	1 redirects
1	px.ads.linkedin.com	1 redirects
1	pixel.everesttech.net	1 redirects
1	fonts.googleapis.com	3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
1	cms.quantserve.com	3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
1	a.rfihub.com	1 redirects
1	tg.socdm.com	1 redirects
1	dm.hybrid.ai	subject.com.ua
1	m.trafmag.com	subject.com.ua
1	inv-nets.admixer.net	1 redirects
1	dsp-trk.eskimi.com	subject.com.ua
1	recreativ.ru	subject.com.ua
1	s.uuidksinc.net	subject.com.ua
1	t.trafmag.com	subject.com.ua
1	cdn.jsdelivr.net	get.optad360.io
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	clients1.google.com	subject.com.ua
1	www.googleapis.com	subject.com.ua
1	www.google.de	subject.com.ua
1	stat.optad360.mgr.consensu.org	get.optad360.io
1	stats.g.doubleclick.net	www.google-analytics.com
1	cmp.optad360.io	subject.com.ua
1	www.subject.com.ua	1 redirects
0	google2waycm.netmng.com Failed	3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
507	122

This site contains links to these domains. Also see Links.

Domain
lifelib.info
vdo.ai
ua.jooble.org
www.zarlit.com
www.ukrlit.net
mypaperwriter.com
assignmentgeek.com
nuschool.com.ua
creativecommons.org
www.gnu.org
website-designer-2149.business.site

Subject Issuer	Validity	Valid
subject.com.ua Sectigo RSA Domain Validation Secure Server CA	`2020-12-19` - `2021-12-23`	a year	crt.sh
*.optad360.io Amazon	`2020-12-17` - `2022-01-15`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-18` - `2021-08-18`	a year	crt.sh
*.admixer.net Sectigo RSA Domain Validation Secure Server CA	`2020-03-12` - `2021-06-21`	a year	crt.sh
adpartner.pro R3	`2021-02-26` - `2021-05-27`	3 months	crt.sh
www.google.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
stat.optad360.mgr.consensu.org R3	`2021-02-27` - `2021-05-28`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.vdo.ai Go Daddy Secure Certificate Authority - G2	`2019-10-15` - `2021-10-15`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-03-09` - `2021-04-17`	a month	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.trafmag.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-15` - `2021-06-21`	a year	crt.sh
uuidksinc.net R3	`2021-02-17` - `2021-05-18`	3 months	crt.sh
*.recreativ.ru Thawte RSA CA 2018	`2020-08-14` - `2021-09-06`	a year	crt.sh
*.eskimi.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2020-10-05` - `2021-04-13`	6 months	crt.sh
*.adhigh.net Sectigo RSA Domain Validation Secure Server CA	`2020-06-19` - `2021-04-19`	10 months	crt.sh
*.hybrid.ai Sectigo RSA Domain Validation Secure Server CA	`2020-07-07` - `2022-10-05`	2 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
c.eu1.dyntrk.com R3	`2021-02-09` - `2021-05-10`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2020-09-09` - `2021-10-09`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2020-01-22` - `2022-04-21`	2 years	crt.sh
static.adsafeprotected.com Amazon	`2021-01-06` - `2022-02-04`	a year	crt.sh
*.google.ch GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.mxcdn.net DigiCert SHA2 Secure Server CA	`2020-12-07` - `2021-12-14`	a year	crt.sh
darcs.meinungsplatz.de R3	`2021-03-02` - `2021-05-31`	3 months	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
tr.blismedia.com GTS CA 1D2	`2021-03-03` - `2021-06-01`	3 months	crt.sh
*.chocolateplatform.com Amazon	`2020-10-17` - `2021-11-16`	a year	crt.sh
meetrics.net R3	`2021-02-02` - `2021-05-03`	3 months	crt.sh
dt.adsafeprotected.com Amazon	`2020-05-20` - `2021-06-20`	a year	crt.sh
*.c.docs.google.com GTS CA 1O1	`2021-03-11` - `2021-05-20`	2 months	crt.sh
*.adingo.jp DigiCert SHA2 Secure Server CA	`2020-03-26` - `2021-04-15`	a year	crt.sh
serving.stat-rock.com R3	`2021-02-14` - `2021-05-15`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-01-30` - `2021-04-28`	3 months	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
*.semasio.net GlobalSign GCC R3 DV TLS CA 2020	`2021-03-09` - `2022-04-10`	a year	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-10-30` - `2021-04-27`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh

This page contains 54 frames:

Primary Page: https://subject.com.ua/
Frame ID: 6FBA57910AB5DD794E25B879CCE96789
Requests: 130 HTTP requests in this frame

Frame: https://cdn.admixer.net/scripts3/c.html
Frame ID: 150774B2D2EA3427783D587BE38470B1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210316/r20190131/zrt_lookup.html
Frame ID: 0276F6B32F8A9CA52A0F126D9898EFC0
Requests: 1 HTTP requests in this frame

Frame: https://c.amazon-adsystem.com/aax2/apstag.js
Frame ID: 750B4FA16AA88CCA4F51D287D3CBA91B
Requests: 2 HTTP requests in this frame

Frame: https://a4p.adpartner.pro/jsunit/ls?jsunit=809&unit_id=1273&session_pageview=1&session_id=af3a287e-28cb-4e2e-a993-fdda898b190c&site_visited=1&apuid=cdbc2668-de42-4bae-991f-98220decdcad&width=245&screen_width=1600&ref=&location=https%3A%2F%2Fsubject.com.ua%2F
Frame ID: BF84AE8F9A30A729ADA4A0C25F83C6FA
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2062463022593482&output=html&adk=1812271804&adf=3025194257&lmt=1616265993&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsubject.com.ua%2F&ea=0&flash=0&pra=5&wgl=1&dt=1616265993476&bpp=15&bdt=237&idt=345&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7773717486641&frm=20&pv=2&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068083%2C44739387&oid=3&pvsid=282971650721183&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=1&uci=a!1&fsb=1&dtd=372
Frame ID: A870120EF2D2E743937D4698E07BB9B8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2062463022593482&output=html&h=600&slotname=2231225757&adk=3129635753&adf=941345768&pi=t.ma~as.2231225757&w=252&fwrn=4&fwrnh=100&lmt=1616265993&rafmt=1&psa=0&format=252x600&url=https%3A%2F%2Fsubject.com.ua%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&dt=1616265993491&bpp=4&bdt=253&idt=374&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7773717486641&frm=20&pv=1&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=8&ady=914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068083%2C44739387&oid=3&pvsid=282971650721183&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=0Ozj5GEeIh&p=https%3A//subject.com.ua&dtd=382
Frame ID: D62591377F1C712A8FBB721AB5A056FF
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: D3B06A339AB384C3D1873113C0857AD2
Requests: 2 HTTP requests in this frame

Frame: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: ABC75453D303A2F9DA59598437D992F6
Requests: 14 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.447.1_en.html
Frame ID: 92D303400F9889C76157D869996F4A21
Requests: 7 HTTP requests in this frame

Frame: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: EED07A86B71993D79C6083BE11C3CE31
Requests: 17 HTTP requests in this frame

Frame: https://a4p.adpartner.pro/tracker/if?data=%7B%22apuid%22%3A%22cdbc2668-de42-4bae-991f-98220decdcad%22%2C%22event%22%3A%22dry_real_show%22%2C%22ad_id%22%3A%5B%7B%22ad_id%22%3A0%2C%22rule_id%22%3A0%7D%5D%2C%22unit_id%22%3A1273%2C%22region_id%22%3A124%2C%22sub_region_id%22%3A0%2C%22city_id%22%3A0%2C%22apsid%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fsubject.com.ua%2F%22%7D
Frame ID: DFC5C13C0CEE8DE25BB3F7341AC2191F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 15F2ADF8E8DD62F528C2C671CB35844D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPL6BhCr7HQY3cXsngEwAQ&v=APEucNWOIbUvODHtj-tgzONfZZ6zprWKV5zUUzGoW7r6Bh8iCijHbhHTukklCsD-CxMXtdTCDQ8FsTkH2xgGnytnDG3NbKkReA
Frame ID: 8E998FCC0B9556E29A6525C87EF0A941
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js
Frame ID: B73831EEEB02B8F3C38A2D311CCB83C0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQpK2PAhjngfeeATAB&v=APEucNUZWUtMdSGm45rGw6mY_TufQnarwSAKFslG0ygTlk6nwZNO6uohMeRHGy83JZvpyXDg9Wr_1hXvInx_9Qb1KuHKmmxAAg
Frame ID: C19E35CB2396FE3ACB2CF6ED99163DCC
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 532309E9118FBEAF3C6E14D66C569165
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0AC2ED4B775DF5994A865473A4A5930C
Requests: 9 HTTP requests in this frame

Frame: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: FBBC22F72F17CC1ABC0DBBD72F82161A
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D93C63FE5E3857F89E9462382673AE25
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/9331698/472291887891528/SP21_CKU_FEM_HTML5_300x600-W-1/index.html
Frame ID: 74B5591A7FE0F5CB9049DBB2B69B0BC2
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQpK2PAhin-faeATAB&v=APEucNVO7Pz7wX3Dt6yn8aaEEKMzw8Tgq3AnQ4s--NVtrCighsOquvgJ05ewd1MiaNvGQuubwY71xQl5RwCC6pIlgnF76MV5oA
Frame ID: 0BE5EC6CEB7C4032A44236C141D88BF1
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C2A5F1170BB51FC675318FB0A3EDA668
Requests: 3 HTTP requests in this frame

Frame: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 090C7FBB52C36E77AB11088AA3E98106
Requests: 22 HTTP requests in this frame

Frame: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 45F7A6156A611229509BF34FECC0CC97
Requests: 33 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCFwFsYhO7gnAEwAQ&v=APEucNVtQhBcQKHVMxxjQY3QqwXiBuEJnA03hhUjLhIFun7EXvbPLMJpF7cWME1pm7MZEgNJZJfbqyUIdWldylnRgKfcbDjWLw
Frame ID: 19D6AEB8D18B87B7965E88FC70075381
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/9331698/472251111716293/SP21_CKU_FEM_HTML5_160x600-W-1/index.html
Frame ID: 17DAAC6558F45245A3C50823A21AC933
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 04300569627757E48EA2D3A1573CC252
Requests: 8 HTTP requests in this frame

Frame: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: DC94F3E523B88288182D3D37698CE166
Requests: 29 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7ED2264AF7028FA4199DA8751DB16DC2
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2
Frame ID: 4D3D9EC27E6A43105A95CA909E4DDFAC
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6WVRDvjt8BGN6H_JcBMAE&v=APEucNUqWu9YI1cG7-wY1bsvCBB23wVRKJouWkd-_L_GlXJeNI_VFeoDKinxCO8Rll8e-VSMCZhkmUtPKbpLx0yseMP_Qd9bEw
Frame ID: 812108D252DF3A4227463262A850ADE2
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CAE2A17DCCDAF27961A8F3DB4C9AE282
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DC9A38DA14196C22D24504F9C532C2A6
Requests: 9 HTTP requests in this frame

Frame: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: C4661122D2B0312576B5EC2921FBCE4E
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 43A518A144F45FA146BF3CF803786114
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMY9oWTCzAB&v=APEucNXxUH96H-QuSL0RxFBr8tS6ibJ-O7CTpJF3i8CyYhJTKB6ZpAJNocT3VPIcX2J2VOZE6uBE9_do6QWk-7FuJHK8I9cKQQ
Frame ID: 9FA49109E236E834ECC29A1372AC4189
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61660420/20201218090239950/index.html?e=69&leftOffset=0&topOffset=0&c=7kVpP2nLkf&t=1&renderingType=2
Frame ID: 6569167A9DB1882E5A4921E8B2B73AA4
Requests: 8 HTTP requests in this frame

Frame: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 48BE0AC861EC98A3AE8502D91BB798E2
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3AA89FAAEFF3D8D62CCFBE4FBEE3ABB1
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 15B33D8C34E7ABB68AD2C93D65A1748F
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQx7uPARiO-d2WATAB&v=APEucNW9DoWC4mns-o8nJSkc3z18v4jYixTQCRAnkX3WmdPUwLxtdw7e4BGPtYfRvIytVGH4FS4vRP8gPg4xcz80T0MyJX8Gsw
Frame ID: 2E0DFBC493BB5F8BDC7F76CF6E83F2CB
Requests: 4 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.1.js
Frame ID: 61BF12023F1CBB23C6F5482C3B976388
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C5DF433FA30686BB877982ECABDA8E53
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 57FD31DB8FFC89F67CB92D9DA5F46D3C
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 27BA07ECF0C520AB50B8E48C2F3AA26A
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2EFEAC4A10B749C7D30A4D2EFF9562BD
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js
Frame ID: ED98AD4C3208123B0701DF32362BF91F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: C96A3C15291715606488FAE690BB966E
Requests: 23 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=3293944949779761977
Frame ID: 598FB5AB3C3A24B41146B7A2996571B0
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: A64C94B3B35A50D717B2C1A809A095F0
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir
Frame ID: 0A3050406365AF18F8512802B2665381
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6941809590163601555
Frame ID: D3C039DC063ECFC7A8807BD3AAF81586
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: F1431093AD005384640EFA5EEE422346
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.subject.com.ua/ HTTP 301
https://subject.com.ua/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

507
Requests

98 %
HTTPS

33 %
IPv6

84
Domains

122
Subdomains

79
IPs

14
Countries

11208 kB
Transfer

18553 kB
Size

6
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://lifelib.info/
Title: Бібліотека життя

Search URL Search Domain Scan URL

URL: https://vdo.ai/?utm_medium=video&utm_term=subject.com.ua&utm_source=vdoai_logo

Search URL Search Domain Scan URL

URL: https://ua.jooble.org/%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%B0-%D0%B4%D0%BB%D1%8F-%D1%81%D1%82%D1%83%D0%B4%D0%B5%D0%BD%D1%82%D0%BE%D0%B2-%D0%B8-%D1%88%D0%BA%D0%BE%D0%BB%D1%8C%D0%BD%D0%B8%D0%BA%D0%BE%D0%B2
Title: Робота

Search URL Search Domain Scan URL

URL: http://www.zarlit.com/author/index.html
Title: Зарубіжна література

Search URL Search Domain Scan URL

URL: https://www.ukrlit.net/
Title: Українська література

Search URL Search Domain Scan URL

URL: https://mypaperwriter.com/samples/
Title: приклади есе англійською мовою

Search URL Search Domain Scan URL

URL: https://assignmentgeek.com/do-my-homework.html
Title: допомога з домашньою роботою

Search URL Search Domain Scan URL

URL: https://nuschool.com.ua/index.html
Title: Відвідайте наш новий сайт - Матеріали для Нової української школи - планування, розробки уроків, дидактичні та методичні матеріали, підручники та зошити

Search URL Search Domain Scan URL

URL: https://creativecommons.org/licenses/by-sa/4.0/deed.uk
Title: Із Зазначенням Авторства — Поширення На Тих Самих Умовах 4.0 Міжнародна (CC BY-SA 4.0)

Search URL Search Domain Scan URL

URL: https://www.gnu.org/licenses/fdl-1.3.html
Title: GNU Free Documentation License (GFDL)

Search URL Search Domain Scan URL

URL: https://website-designer-2149.business.site/
Title: С.Є.А.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.subject.com.ua/ HTTP 301
https://subject.com.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 92

https://cm.mgid.com/m?cdsp=363190&adu=https://a4p.adpartner.pro/ssp/match?dsp_id=10&user_id=cdbc2668-de42-4bae-991f-98220decdcad HTTP 301
https://a4p.adpartner.pro/ssp/match?dsp_id=10

Request Chain 93

https://cm.mgid.com/m?cdsp=363190&adu=https://a4p.adpartner.pro/ssp/match?dsp_id=9&user_id=cdbc2668-de42-4bae-991f-98220decdcad HTTP 301
https://a4p.adpartner.pro/ssp/match?dsp_id=9

Request Chain 97

https://px.adhigh.net/p/cm/adpdigital HTTP 302
https://px.adhigh.net/p/cm/adpdigital?bounced=1

Request Chain 98

https://inv-nets.admixer.net/adxcm.aspx?ssp=A7282016-03BE-4B43-9ECF-81872F01C61C&id=cdbc2668-de42-4bae-991f-98220decdcad HTTP 302
https://m.trafmag.com/images/1px-matching-go2net.gif?id=68a05200741946fc98cb19b849a3b75b

Request Chain 111

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 135

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1Vtue7FoHc_s4ig0urZD0&google_cver=1

Request Chain 136

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1

Request Chain 141

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1Vtue7FoHc_s4ig0urZD0&google_cver=1

Request Chain 142

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1

Request Chain 148

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECP-42kTsV2SWkKqd0YyXvo&google_cver=1&google_push=AQvitULALhXUUZocrptrWbVyaiRLqUdWMft0TnFsVqP2vHjOJTgPkRz2TqPl6yY1bn5eN2zzUFhjiagUadF2s5rMDwqXIQsspfks HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECP-42kTsV2SWkKqd0YyXvo&google_cver=1&google_push=AQvitULALhXUUZocrptrWbVyaiRLqUdWMft0TnFsVqP2vHjOJTgPkRz2TqPl6yY1bn5eN2zzUFhjiagUadF2s5rMDwqXIQsspfks HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cW0xcU1OWlExTG5HQ201&google_gid=CAESECP-42kTsV2SWkKqd0YyXvo&google_cver=1&google_push=AQvitULALhXUUZocrptrWbVyaiRLqUdWMft0TnFsVqP2vHjOJTgPkRz2TqPl6yY1bn5eN2zzUFhjiagUadF2s5rMDwqXIQsspfks

Request Chain 149

https://px.adhigh.net/p/gm/rub?google_gid=CAESEAV4cM6ZDbbhF9jw0Hn9cmE&google_cver=1&google_push=AQvitULvc2G0S6yODUmRCixRqQ_qPfLkYBH7tQ7e4QUjb0zUEWycEOjDV06RwjZfXExovzF2v_3oUoYw6N71BRxtEd__kasLkhVU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitULvc2G0S6yODUmRCixRqQ_qPfLkYBH7tQ7e4QUjb0zUEWycEOjDV06RwjZfXExovzF2v_3oUoYw6N71BRxtEd__kasLkhVU&google_hm=YSaTCuDg8xoAAikABlF4UPXiGg%3D%3D

Request Chain 150

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEOajlbXR782FIXwHlIZB6jI&google_cver=1&google_push=AQvitUJ_p0EROtvc9nhRShup_495yLpAjhLiSYMqpxyKPK1G37NKcAyDUQfYw1A537Ld-Wm9v0aYEP3_fnFjsd3XkRsFQd7y0QSt HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEOajlbXR782FIXwHlIZB6jI&google_cver=1&google_push=AQvitUJ_p0EROtvc9nhRShup_495yLpAjhLiSYMqpxyKPK1G37NKcAyDUQfYw1A537Ld-Wm9v0aYEP3_fnFjsd3XkRsFQd7y0QSt HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUJ_p0EROtvc9nhRShup_495yLpAjhLiSYMqpxyKPK1G37NKcAyDUQfYw1A537Ld-Wm9v0aYEP3_fnFjsd3XkRsFQd7y0QSt&google_hm=yZQh-f8QSA-KjCNMSAa4cQ==

Request Chain 151

https://rtb.openx.net/sync/dds?google_gid=CAESEIk7ip3JfG3nH4WXpcO5dBA&google_cver=1&google_push=AQvitUJ8OciETz5s_hJJlf63W-yCEX7AuQ_Xr8qCROBtDVqol4BfBP8SbzEpmEQJH_1T3W8cq4vS0dq1KgXdeiTFy2hFTQQKe6ur HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEIk7ip3JfG3nH4WXpcO5dBA&google_cver=1&google_push=AQvitUJ8OciETz5s_hJJlf63W-yCEX7AuQ_Xr8qCROBtDVqol4BfBP8SbzEpmEQJH_1T3W8cq4vS0dq1KgXdeiTFy2hFTQQKe6ur&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ8OciETz5s_hJJlf63W-yCEX7AuQ_Xr8qCROBtDVqol4BfBP8SbzEpmEQJH_1T3W8cq4vS0dq1KgXdeiTFy2hFTQQKe6ur&google_hm=exx5qS2wyzUV-JvMi_hgiQ==

Request Chain 152

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAQvitUJbIYahfRDvsyFkiwVE9n4BDBVWTZ1aORK9Sml45BvGxkO4cmX5ZkcD_CdkqW9ESf9SV6FLLAWEvbYp_rfckYDwC1ncB4p-%26google_hm%3D%5BUID%5D&google_gid=CAESEBJA_ZgK6RIECl6EzDtYHik&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUJbIYahfRDvsyFkiwVE9n4BDBVWTZ1aORK9Sml45BvGxkO4cmX5ZkcD_CdkqW9ESf9SV6FLLAWEvbYp_rfckYDwC1ncB4p-&google_hm=5a2cc297-c910-4849-a013-bf537a3591c2

Request Chain 153

https://tg.socdm.com/rtb/sync_before?proto=google_ebda&google_gid=CAESENiG4tPH-j3h1jKAxsgJVTU&google_cver=1&google_push=AQvitUIRGRcGmWwpeZjXKMpSncDoa8OmnGAJ4BPCeOzGxTaQIy1cfaKIIbbA87ZWSUmn6sUE4G0ewX8OJdglWaVH8MBdPsQ11V0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AQvitUIRGRcGmWwpeZjXKMpSncDoa8OmnGAJ4BPCeOzGxTaQIy1cfaKIIbbA87ZWSUmn6sUE4G0ewX8OJdglWaVH8MBdPsQ11V0&google_hm=WUZaREM4Q284WXNBQUVrTFFxb0FBQUFB

Request Chain 154

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEJHxR3k1wnHvQXyIkgkjuE0&google_cver=1&google_push=AQvitUJgeSYTl8Q3_KVW_UU2DfIX0E2kyhmF_ArJcp_JkI42S7-kaIW6rZvOBxtECYE-LO4rY58MnBWMdL86Uslj0-qPxfY3sx4Csw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AQvitUJgeSYTl8Q3_KVW_UU2DfIX0E2kyhmF_ArJcp_JkI42S7-kaIW6rZvOBxtECYE-LO4rY58MnBWMdL86Uslj0-qPxfY3sx4Csw&google_hm=NjM1MTc0ODAyNzQ4NTQ5OTIxOA==

Request Chain 170

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEMElWPCzpy5bfKTbgf6DvZo&google_cver=1&google_push=AQvitULKbXsQ5_gr51dOaBGZqFY3I-NjOBpY0X-T1vsa3M8_VVRrGI2x6XRZAL_HFrezrPiBGGnuJJ_kwrXZrlAFdlNcUzsOnd-O HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk0MTgwOTU5MDE2MzYwMTU1NQ%3D%3D&google_push=AQvitULKbXsQ5_gr51dOaBGZqFY3I-NjOBpY0X-T1vsa3M8_VVRrGI2x6XRZAL_HFrezrPiBGGnuJJ_kwrXZrlAFdlNcUzsOnd-O

Request Chain 172

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEIDvk3aAzj6Vk3vSdgIQiPY&google_cver=1&google_push=AQvitUJB0OzdAjwBs4YrDhtR77OayWsTlBcMLowxjArGJucuQBmg75kpdIyhLdI0F4k48jrh-y-4fHnx6HllRYbXFg2mI95vUpp8 HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEIDvk3aAzj6Vk3vSdgIQiPY&google_cver=1&google_push=AQvitUJB0OzdAjwBs4YrDhtR77OayWsTlBcMLowxjArGJucuQBmg75kpdIyhLdI0F4k48jrh-y-4fHnx6HllRYbXFg2mI95vUpp8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODM1NDEyODM1MTgxMDc5NDEzMA&google_push=AQvitUJB0OzdAjwBs4YrDhtR77OayWsTlBcMLowxjArGJucuQBmg75kpdIyhLdI0F4k48jrh-y-4fHnx6HllRYbXFg2mI95vUpp8

Request Chain 173

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEGc4DIX-2ErHD2Lfkf8QKSI&google_cver=1&google_push=AQvitUI-TMIE4g_UbgYRCAocHBs6BJATKPDe4f3H1Ft0AqHEs6fv7uXe-4o8zdAWWsO2W_uj1M0JymQ2_sNgp311JLILOXtEDIsj HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-57259296-7f71-433f-8361-73c5ae6ee27e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUI-TMIE4g_UbgYRCAocHBs6BJATKPDe4f3H1Ft0AqHEs6fv7uXe-4o8zdAWWsO2W_uj1M0JymQ2_sNgp311JLILOXtEDIsj%26google_hm%3DA1clkpZ_cUM_g2Fzxa5u4n4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUI-TMIE4g_UbgYRCAocHBs6BJATKPDe4f3H1Ft0AqHEs6fv7uXe-4o8zdAWWsO2W_uj1M0JymQ2_sNgp311JLILOXtEDIsj&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4

Request Chain 174

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEKvGzq-gqnyDCQxxY_Asvc4&google_cver=1&google_push=AQvitUIWEo4Nv6wbzkDTytRDmTF34mIWal19hx4s-d0Q1F1Pqw6A4p6A3-cxFW48sBnik_zojmrxIFSaSloPkaoqgrej_sctWZnL HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AQvitUIWEo4Nv6wbzkDTytRDmTF34mIWal19hx4s-d0Q1F1Pqw6A4p6A3-cxFW48sBnik_zojmrxIFSaSloPkaoqgrej_sctWZnL&google_gid=CAESEKvGzq-gqnyDCQxxY_Asvc4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjI2NzI5MDIwMTgyNjMwNzY1Nw%3D%3D&google_push=AQvitUIWEo4Nv6wbzkDTytRDmTF34mIWal19hx4s-d0Q1F1Pqw6A4p6A3-cxFW48sBnik_zojmrxIFSaSloPkaoqgrej_sctWZnL

Request Chain 182

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1

Request Chain 183

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1

Request Chain 219

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELhaG-KJRgx2Q5PS5UVv5cc&google_cver=1

Request Chain 220

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELhaG-KJRgx2Q5PS5UVv5cc&google_cver=1

Request Chain 233

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUJadwVh8jDsQeMSERsckcxqUGu7I5G4bbnSqZ8PZtKWIO4lfTTu79UknIOLSz5Hh0tEpDChaRD1DtEVseV__heO_YfgFOTg&google_gid=CAESEEFr_6-kCrSSbkSv4jqYwXU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUZaREN3QUFCSzhhV2hudw&google_push=AQvitUJadwVh8jDsQeMSERsckcxqUGu7I5G4bbnSqZ8PZtKWIO4lfTTu79UknIOLSz5Hh0tEpDChaRD1DtEVseV__heO_YfgFOTg

Request Chain 234

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEPP-jRj5zA4o1gefVeSVe2g&google_cver=1&google_push=AQvitUKdgAO4Ar4g4dqrqkRg_zErNj8KM8pLqdgeJwREYuiTK9ejEhZPKtAPNEd9Rc2-IIH_xMn-JPB5L1HeDE-bgGpErUa6IJ75 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AQvitUKdgAO4Ar4g4dqrqkRg_zErNj8KM8pLqdgeJwREYuiTK9ejEhZPKtAPNEd9Rc2-IIH_xMn-JPB5L1HeDE-bgGpErUa6IJ75

Request Chain 235

https://a.c.appier.net/gcm?google_gid=CAESENrVas2bbyksDbCGD1xaxRI&google_cver=1&google_push=AQvitUL8Q5u8HCIj221TnEettHXLbVKSRU7Jh7NyhavXdrJewoc94EJ1qOOUbacjS3x8duulF6IrZJaTEFGfEh5xu4uHQBxtvZC5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=a0c5bTZ1UG1CVmlFbmtGVkRFTldZQQ%3D%3D&google_push=AQvitUL8Q5u8HCIj221TnEettHXLbVKSRU7Jh7NyhavXdrJewoc94EJ1qOOUbacjS3x8duulF6IrZJaTEFGfEh5xu4uHQBxtvZC5

Request Chain 236

https://sync3.sniperlog.ru/?src=ggl_nga&google_gid=CAESENNDiEMvKXdbcv_fz3cQZmA&google_cver=1&google_push=AQvitULurmJc0lIPCGLTtbeY1dklkLzoaw7ivxMO2z0jc9GvD0akfPX_6gjnjS67KIUCFPDnz0MPf953eMffyUAwsLZANdWRUHSX HTTP 301
https://sync.bumlam.com/?src=ggl_nga&google_gid=CAESENNDiEMvKXdbcv_fz3cQZmA&google_cver=1&google_push=AQvitULurmJc0lIPCGLTtbeY1dklkLzoaw7ivxMO2z0jc9GvD0akfPX_6gjnjS67KIUCFPDnz0MPf953eMffyUAwsLZANdWRUHSX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AQvitULurmJc0lIPCGLTtbeY1dklkLzoaw7ivxMO2z0jc9GvD0akfPX_6gjnjS67KIUCFPDnz0MPf953eMffyUAwsLZANdWRUHSX

Request Chain 237

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEK84cuLqM5jqwhZSnar8FW8&google_cver=1&google_push=AQvitUJBQ5maxmkytJcCYfpjvCcnnSAZMzCSbXv6NnzZgmmo9RuH7QN81s7k7YFIU8375ur5kFJZQDEBwf2CzwK4kh5fcqEppI1l HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-57259296-7f71-433f-8361-73c5ae6ee27e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUJBQ5maxmkytJcCYfpjvCcnnSAZMzCSbXv6NnzZgmmo9RuH7QN81s7k7YFIU8375ur5kFJZQDEBwf2CzwK4kh5fcqEppI1l%26google_hm%3DA1clkpZ_cUM_g2Fzxa5u4n4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUJBQ5maxmkytJcCYfpjvCcnnSAZMzCSbXv6NnzZgmmo9RuH7QN81s7k7YFIU8375ur5kFJZQDEBwf2CzwK4kh5fcqEppI1l&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4

Request Chain 238

https://google.ops.beeline.ru/p?ssp=gl&google_gid=CAESEAJWktxM4U6THZRXyl7dBcE&google_cver=1&google_push=AQvitUImY5w6INPjwtvWeCtPa93L69bjfXGW5H2zF1qvX0vECQnpsEFqFIGNLBIM-oElKiSOVXyD8Rm3-baYGusGOQlDnJ-QQYcwFQ HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=Y2EyODg0OWItZmQxNi00Zjc3LTg1OTctYTgxY2NjODU3NDU5&google_push=AQvitUImY5w6INPjwtvWeCtPa93L69bjfXGW5H2zF1qvX0vECQnpsEFqFIGNLBIM-oElKiSOVXyD8Rm3-baYGusGOQlDnJ-QQYcwFQ

Request Chain 270

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDtCk6zXnp5XnSsXT62extI&google_cver=1

Request Chain 271

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1

Request Chain 291

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKXS36OzYQPwwIs9Tk1ENLQ&google_cver=1&google_push=AQvitUKPeLoNRAWhlBESQ4EkIJP3XKTryOP6f7DuNrZ6PkrHGSjxr-6HkWPXPtjPB1anj9nY0f8bNiVc2H34LugmwdPD2TpuOQ-4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFZDCiR1UnH4_BHqPlI_UwAABGwAAAIB&google_push=AQvitUKPeLoNRAWhlBESQ4EkIJP3XKTryOP6f7DuNrZ6PkrHGSjxr-6HkWPXPtjPB1anj9nY0f8bNiVc2H34LugmwdPD2TpuOQ-4&google_cver=1&google_gid=CAESEKXS36OzYQPwwIs9Tk1ENLQ

Request Chain 292

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEFY1XaYAnINz1lb4JcUp5uY&google_cver=1&google_push=AQvitULC92R0c60NOE3zI3kEsrSnVoM3fHO9xIxAfsnkw2gPiwu4Igfb28RKwImELR_YK3gK3h8asBdKZMfni0Kp3LLcnbtSBpsp HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=79c471335c24696c7554&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AQvitULC92R0c60NOE3zI3kEsrSnVoM3fHO9xIxAfsnkw2gPiwu4Igfb28RKwImELR_YK3gK3h8asBdKZMfni0Kp3LLcnbtSBpsp

Request Chain 293

https://match.360yield.com/match/ebda?google_gid=CAESEPoDX1f7tnu8DHmVPo5AjKQ&google_cver=1&google_push=AQvitUJhVNGtv9fq06H32rEVDXS7k-AV96IuCSf7Bi_zv1weRZFoMrmdFzGgVh0xdScvWnG5a4WHnMS8kfTwnn7t0eScDsfyKfVj HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEPoDX1f7tnu8DHmVPo5AjKQ&google_cver=1&google_push=AQvitUJhVNGtv9fq06H32rEVDXS7k-AV96IuCSf7Bi_zv1weRZFoMrmdFzGgVh0xdScvWnG5a4WHnMS8kfTwnn7t0eScDsfyKfVj HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=TGERbEdTRECE9aizJNvxEw&google_push=AQvitUJhVNGtv9fq06H32rEVDXS7k-AV96IuCSf7Bi_zv1weRZFoMrmdFzGgVh0xdScvWnG5a4WHnMS8kfTwnn7t0eScDsfyKfVj

Request Chain 294

https://cs.media.net/cksync?type=g&google_gid=CAESEALhzRHdUPsltApIinqfBE4&google_cver=1&google_push=AQvitUL0Xy0w7tTiQgIyqkWNO8mtGjFqFiFW5YAXa-nzRaw6CI4MIgKwTld59OY65bwvz_pQwX3-h1QRZi34TulST4UphNBL7etN HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjU5MjY3NTk2NTM1NjMwNzAwMFYxMA%3d%3d&mn_hm=MjU5MjY3NTk2NTM1NjMwNzAwMFYxMA%3d%3d&google_sc=1&google_push=AQvitUL0Xy0w7tTiQgIyqkWNO8mtGjFqFiFW5YAXa-nzRaw6CI4MIgKwTld59OY65bwvz_pQwX3-h1QRZi34TulST4UphNBL7etN

Request Chain 295

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEP8jjuXueMRzcRDJPUI95tA&google_cver=1&google_push=AQvitUI6IW0_iq2UqfOcmQnnekfmwyS_G0meWMvfb9zvOHiOcqDGwQG91hlxN_NJ8TQ0jovBvXzEnB4I3dISRtS_pzP73lL2W6ds HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEP8jjuXueMRzcRDJPUI95tA&google_cver=1&google_push=AQvitUI6IW0_iq2UqfOcmQnnekfmwyS_G0meWMvfb9zvOHiOcqDGwQG91hlxN_NJ8TQ0jovBvXzEnB4I3dISRtS_pzP73lL2W6ds&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS00SjRYV2Y5RTJ1SDFVWGdNRHdEdHpfTk5rVDVFek52WH5B&google_push=AQvitUI6IW0_iq2UqfOcmQnnekfmwyS_G0meWMvfb9zvOHiOcqDGwQG91hlxN_NJ8TQ0jovBvXzEnB4I3dISRtS_pzP73lL2W6ds

Request Chain 298

https://a.c.appier.net/gcm?google_gid=CAESEEKqUmQPWBXwcrFNQgc_j7k&google_cver=1&google_push=AQvitUIIb5svAEdbEl6raV9nKs-B-XDDyKQpWirit7hnR0buxgqc2fjPQolzog8ztEXHvDn0G9uBvNXniVh4EE_rvBnrR8PgL9SV HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Q2lBczdHZW1CREtDdk9sTURFTldZQQ%3D%3D&google_push=AQvitUIIb5svAEdbEl6raV9nKs-B-XDDyKQpWirit7hnR0buxgqc2fjPQolzog8ztEXHvDn0G9uBvNXniVh4EE_rvBnrR8PgL9SV

Request Chain 300

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESENety-rNC_4kN9ha5faszLA&google_cver=1&google_push=AQvitUL_-AlbOpy7dVw41bwJyq_R04WH7Jyey2l9EspYH853xRm_RnFF5TrAPB3zzxCvFN17gE-f3H6HS9oqwXB4a_8HLmdQxT3U HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUL_-AlbOpy7dVw41bwJyq_R04WH7Jyey2l9EspYH853xRm_RnFF5TrAPB3zzxCvFN17gE-f3H6HS9oqwXB4a_8HLmdQxT3U&google_hm=NzM5OTAzNjY5MDA1NzE3NTEwOQ%3D%3D

Request Chain 302

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEE41RIwiuQI7bVX2nHHrZgs&google_cver=1&google_push=AQvitULtM6XxoZQRyzU3yOXz2hspk-6r6piv9R6AGKAh9Ntd3i4ZQ334JyS4ZBwdp8NABty8TtER2w05Hva_oci5bNa1mNTGgfg2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjI2NzI5MDIwMTgyNjMwNzY1Nw%3D%3D&google_push=AQvitULtM6XxoZQRyzU3yOXz2hspk-6r6piv9R6AGKAh9Ntd3i4ZQ334JyS4ZBwdp8NABty8TtER2w05Hva_oci5bNa1mNTGgfg2

Request Chain 303

https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEPUg8z_HvJT_pp7mjOE-eak&google_cver=1&google_push=AQvitULkgaHYP2s3bMu5ppiC7Gb_RYP5SWbBdme7fYD2f1RvLzcAFpri1XYlYGY7RoHd_J1-JEjBvDjkXsrFtNq0wssfFYwSVPMY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=TGJMQ1JBNEw2Vw== HTTP 302
https://cs.chocolateplatform.com/pub?pid=ebda

Request Chain 321

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1

Request Chain 322

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1

Request Chain 354

https://a.c.appier.net/gcm?google_gid=CAESEIHhr1L9OTH0aNvRVkA4VX8&google_cver=1&google_push=AQvitUL1ibsEcmNrriJZCSRXSd3AzOkYrL8n3TP5hfJJVeHhB5kvcyx1FwwpT8uLyejffKaLswpKw8ePnap87rTIfhqSqyWe-R8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=REpEVk9BT1VBUkc1OXVpcURFTldZQQ%3D%3D&google_push=AQvitUL1ibsEcmNrriJZCSRXSd3AzOkYrL8n3TP5hfJJVeHhB5kvcyx1FwwpT8uLyejffKaLswpKw8ePnap87rTIfhqSqyWe-R8

Request Chain 356

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMaUlQaLdkQE6uV1pWVAO08&google_cver=1&google_push=AQvitULWhU34De4Bh4g1V8l8yqXKdDgJI8rv0zDa-mxnrGgotkPtkWGQ4CyjXhpqanlZgQMPkn3neTggCxthSWEQzdO_0-f_1jg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULWhU34De4Bh4g1V8l8yqXKdDgJI8rv0zDa-mxnrGgotkPtkWGQ4CyjXhpqanlZgQMPkn3neTggCxthSWEQzdO_0-f_1jg&google_hm=NzM5OTAzNjY5MDA1NzE3NTEwOQ%3D%3D

Request Chain 357

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPY41TThutSN8hOXXLk9nJM&google_cver=1&google_push=AQvitUJTKYwrUeyjNwqqV2o1zbIvtS1f-cPUz3NWNNSQvM2DpP58bCbI_2dMXyBeTNgmkUto6O2Cd5jKyFbnA_kGpWqesEkG9hU HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPY41TThutSN8hOXXLk9nJM&google_cver=1&google_push=AQvitUJTKYwrUeyjNwqqV2o1zbIvtS1f-cPUz3NWNNSQvM2DpP58bCbI_2dMXyBeTNgmkUto6O2Cd5jKyFbnA_kGpWqesEkG9hU&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=7OvZBoIVTPuGnWe2PLopqg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJTKYwrUeyjNwqqV2o1zbIvtS1f-cPUz3NWNNSQvM2DpP58bCbI_2dMXyBeTNgmkUto6O2Cd5jKyFbnA_kGpWqesEkG9hU

Request Chain 358

https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEKISelvT7Qq6RA4PMHOB-Vw&google_cver=1&google_push=AQvitUJmzBBmv99ERnIweKqx1cAXP8aJK2bFh9IrewM0MaqZlUICd6VbA9ZkBOr1EgLdCschPpwCnppogfqfrTlyh6Oe2oJuUlg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=RzZUaHMwRFUxcQ== HTTP 302
https://cs.chocolateplatform.com/pub?pid=ebda

Request Chain 359

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE_JdtZ5CG66D_Ud-UnRKhA&google_cver=1&google_push=AQvitUKDT6AmLF5-MlFtW_Jqz2i9TDwTP0QSL_fqBqv1keiEZpJlaRAUMEyj71sLpVT0Yens3wZ8LVuJQO7ujqQIafz_QO-NaRbb HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE_JdtZ5CG66D_Ud-UnRKhA&google_cver=1&google_push=AQvitUKDT6AmLF5-MlFtW_Jqz2i9TDwTP0QSL_fqBqv1keiEZpJlaRAUMEyj71sLpVT0Yens3wZ8LVuJQO7ujqQIafz_QO-NaRbb&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE_JdtZ5CG66D_Ud-UnRKhA&google_cver=1&google_push=AQvitUKDT6AmLF5-MlFtW_Jqz2i9TDwTP0QSL_fqBqv1keiEZpJlaRAUMEyj71sLpVT0Yens3wZ8LVuJQO7ujqQIafz_QO-NaRbb&apid=UP995b272a-89ac-11eb-a06f-02c2e7177074 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA5OTViMjcyYS04OWFjLTExZWItYTA2Zi0wMmMyZTcxNzcwNzQ%3D&google_push=AQvitUKDT6AmLF5-MlFtW_Jqz2i9TDwTP0QSL_fqBqv1keiEZpJlaRAUMEyj71sLpVT0Yens3wZ8LVuJQO7ujqQIafz_QO-NaRbb

Request Chain 360

https://google.ops.beeline.ru/p?ssp=gl&google_gid=CAESELDYP7bim8v0NS44P1VGQoY&google_cver=1&google_push=AQvitUJ2OJ5NfIZp-V-VPmsswcLtrrgkqbYfubW72a3QMSbY-93W0dCSVlHOluUyE_2cAzDFhZvj35IJpvn1q91PZkCOWRCUYT0 HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=Y2EyODg0OWItZmQxNi00Zjc3LTg1OTctYTgxY2NjODU3NDU5&google_push=AQvitUJ2OJ5NfIZp-V-VPmsswcLtrrgkqbYfubW72a3QMSbY-93W0dCSVlHOluUyE_2cAzDFhZvj35IJpvn1q91PZkCOWRCUYT0

Request Chain 367

https://gcdn.2mdn.net/videoplayback/id/58437fe2e062ef93/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3752758121/sparams/id,itag,source,ratebypass,mime,acao,ip,ipbits,expire/signature/53A8D04BF30AC8F6DD07A6AB5A35468450E3976F.639F5A431A97963EAB25762A3FAE3B3246A0A12B/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-4g5e6nle.c.2mdn.net/videoplayback/id/58437fe2e062ef93/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3752758121/sparams/acao,expire,id,ip,ipbits,itag,mh,mime,mip,mm,mn,ms,mv,mvi,pl,ratebypass,source/signature/63EC50458C7458C449F4AF0889045D71A60DB805.679223396E78689FF5780C06970DC16297F1B00F/key/cms1/cms_redirect/yes/mh/nc/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nle/ms/onc/mt/1616265630/mv/m/mvi/2/pl/47/file/file.mp4

Request Chain 370

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1

Request Chain 371

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1

Request Chain 390

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEL8Wk3DgixNxhENeKms2FHI&google_cver=1&google_push=AQvitUJkoKfTKlVLkeTWzlHYEk6CYnQA-qVxZ09so95TjOGdKz1Msza0UzKpyOd-HTra5QdeAiz3GuGuxpXg4jbz8EQ53-hyvs97 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEL8Wk3DgixNxhENeKms2FHI&google_push=AQvitUJkoKfTKlVLkeTWzlHYEk6CYnQA-qVxZ09so95TjOGdKz1Msza0UzKpyOd-HTra5QdeAiz3GuGuxpXg4jbz8EQ53-hyvs97

Request Chain 391

https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEFF3MJZobYfD6-Mwq0PUE9Y&google_cver=1&google_push=AQvitULVfbrBB0FBgLI8pAeEPkW8_Qg_pLiEOUsYE6V9tbOMRT2NUOgDo5l9gru_OcGTKdUm7VUp4e_yfb44PkUYzk6qHDLdF2I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AQvitULVfbrBB0FBgLI8pAeEPkW8_Qg_pLiEOUsYE6V9tbOMRT2NUOgDo5l9gru_OcGTKdUm7VUp4e_yfb44PkUYzk6qHDLdF2I&google_hm=QXd3THlzNXc3S1VnTXEwWG92em9wRmc=

Request Chain 392

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEAnFVp6-HVxuK4zDBb-EQN0&google_cver=1&google_push=AQvitULVvppCUOYyVVzBvcjYd-mQehAaQr3Vrt5Hko8hziixV72AbivvauEwvIGMLP4LLS7zDGC-xN-sP-omyL9EOsEKbjY6COYI HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEAnFVp6-HVxuK4zDBb-EQN0&google_push=AQvitULVvppCUOYyVVzBvcjYd-mQehAaQr3Vrt5Hko8hziixV72AbivvauEwvIGMLP4LLS7zDGC-xN-sP-omyL9EOsEKbjY6COYI&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitULVvppCUOYyVVzBvcjYd-mQehAaQr3Vrt5Hko8hziixV72AbivvauEwvIGMLP4LLS7zDGC-xN-sP-omyL9EOsEKbjY6COYI&google_hm=aW1SamVEUV93NFhPR1Z4OTZoZ1c= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitULVvppCUOYyVVzBvcjYd-mQehAaQr3Vrt5Hko8hziixV72AbivvauEwvIGMLP4LLS7zDGC-xN-sP-omyL9EOsEKbjY6COYI&google_hm=aW1SamVEUV93NFhPR1Z4OTZoZ1c=&google_tc=

Request Chain 393

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDv4M73XOkgrAViwcgbX0o4&google_cver=1&google_push=AQvitULsKJikeH9bX08dovB5QK5QjwcE-nkKgOf9lxpBAyMpRWYrZEGBb7kr20Gd-03ktSKg5IIG7NYhTArRTWqSLwJCJcdUf9rK HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01JMzFNWTQtMjgtMlEwUA==&google_push=AQvitULsKJikeH9bX08dovB5QK5QjwcE-nkKgOf9lxpBAyMpRWYrZEGBb7kr20Gd-03ktSKg5IIG7NYhTArRTWqSLwJCJcdUf9rK

Request Chain 394

https://google-sync.rutarget.ru/sync?google_gid=CAESEGKYIDNXqMl2i_q-vXs6bk0&google_cver=1&google_push=AQvitUJb7kzPjjP2tygfw7qEqThGoh1d_POeyDuajhqp64_cXn2d40n8tsHgPiAN0WwmIxLekMjYVou2JRmt-vUBvNnc6OZfgok HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=ZWh6WlhQMjJqRTBH&google_ula=2046794&google_push=AQvitUJb7kzPjjP2tygfw7qEqThGoh1d_POeyDuajhqp64_cXn2d40n8tsHgPiAN0WwmIxLekMjYVou2JRmt-vUBvNnc6OZfgok

Request Chain 395

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEDOWpE8NZWNYLdSdH7PwkBI&google_cver=1&google_push=AQvitUKzhk_t7QHMttukhq2uGuVxr3YbmIOn14QQWR8OUabdGQBAlrN0k81niIx29GHNftt_BsI6jjddRJovV18JEbcWblvt6p_n HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-57259296-7f71-433f-8361-73c5ae6ee27e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUKzhk_t7QHMttukhq2uGuVxr3YbmIOn14QQWR8OUabdGQBAlrN0k81niIx29GHNftt_BsI6jjddRJovV18JEbcWblvt6p_n%26google_hm%3DA1clkpZ_cUM_g2Fzxa5u4n4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKzhk_t7QHMttukhq2uGuVxr3YbmIOn14QQWR8OUabdGQBAlrN0k81niIx29GHNftt_BsI6jjddRJovV18JEbcWblvt6p_n&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4

Request Chain 414

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESECcKXoEN6z9R-7Xsm5g-F3w&google_cver=1&google_push=AQvitUIS6MnFpWTkkR68P77T--ThD6WlHSxrtIjA8DOKG6PYtCXjvOiY0ZqLs2ubsDmSOCc9-_7vttCy0YcfpLId2MvySy2huao HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WUZaRERBQUFBR0R1Y1N6cg==&google_gid=CAESECcKXoEN6z9R-7Xsm5g-F3w&google_cver=1&google_push=AQvitUIS6MnFpWTkkR68P77T--ThD6WlHSxrtIjA8DOKG6PYtCXjvOiY0ZqLs2ubsDmSOCc9-_7vttCy0YcfpLId2MvySy2huao

Request Chain 415

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESENBDIWdgooFNzryl9_CyF68&google_cver=1&google_push=AQvitUKBSTBcT3Rv1d4NIbCUDwNMtM1AE3BcIri6XVSvdI8DUDqMqHTGSKh0kwd_BoqTLxpuLx7PNVG1o0cwN2xSpoSg-PTo4IA HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESENBDIWdgooFNzryl9_CyF68&google_cver=1&google_push=AQvitUKBSTBcT3Rv1d4NIbCUDwNMtM1AE3BcIri6XVSvdI8DUDqMqHTGSKh0kwd_BoqTLxpuLx7PNVG1o0cwN2xSpoSg-PTo4IA HTTP 302
https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUKBSTBcT3Rv1d4NIbCUDwNMtM1AE3BcIri6XVSvdI8DUDqMqHTGSKh0kwd_BoqTLxpuLx7PNVG1o0cwN2xSpoSg-PTo4IA&google_sc&google_hm=8AL-Sh6nRPSIf6qzCaKJimBWQxA

Request Chain 416

https://d5p.de17a.com/cookies/google?google_gid=CAESEIBnQZpP6xjMFGfmHoKfPzE&google_cver=1&google_push=AQvitUKHmkOMumI9rZrdxCJEbeEwEvRWs0RPGHBcVBGwQwUBYkLvfQRBcmSMSTrmiyoPC6naN6bbEdALvf-PIl50jWlD0fYN-Pw HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEIBnQZpP6xjMFGfmHoKfPzE&google_cver=1&google_push=AQvitUKHmkOMumI9rZrdxCJEbeEwEvRWs0RPGHBcVBGwQwUBYkLvfQRBcmSMSTrmiyoPC6naN6bbEdALvf-PIl50jWlD0fYN-Pw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUKHmkOMumI9rZrdxCJEbeEwEvRWs0RPGHBcVBGwQwUBYkLvfQRBcmSMSTrmiyoPC6naN6bbEdALvf-PIl50jWlD0fYN-Pw

Request Chain 417

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBW8CeNnqPKCWwXaX9SnlZ4&google_cver=1&google_push=AQvitUJRopolhPszh6wLdd5s8xOTpaUemz8BdW-P-epnT_vPzoTiYUAETPcRUjTg6AGM0juWGEL9dtwGD4RecAWvBMhT72W5itI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFZDCiR1UnH4_BHqPlI_UwAABGwAAAIB&google_cver=1&google_gid=CAESEBW8CeNnqPKCWwXaX9SnlZ4&google_push=AQvitUJRopolhPszh6wLdd5s8xOTpaUemz8BdW-P-epnT_vPzoTiYUAETPcRUjTg6AGM0juWGEL9dtwGD4RecAWvBMhT72W5itI

Request Chain 418

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAQvitUL1z0zPSUH6aT7wULZcSA8isKR2tfHIdeckBaZ7lLw3ERvWXQPMYJAGDiHPLblUEc1IpkkqrkcZFKoHLo9jLUazqCItVoM%26google_hm%3D%5BUID%5D&google_gid=CAESED7Zu4C8jli4sdiGRjkwPd8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUL1z0zPSUH6aT7wULZcSA8isKR2tfHIdeckBaZ7lLw3ERvWXQPMYJAGDiHPLblUEc1IpkkqrkcZFKoHLo9jLUazqCItVoM&google_hm=5a2cc297-c910-4849-a013-bf537a3591c2

Request Chain 419

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEMnLUd36frsa5yVlOBIlM40&google_cver=1&google_push=AQvitUKGa8UJNJ_5bHtH5wRqhS6qdyakbuWToouqvvVvk6s4OoFzK_W6qabTmMAJMneiEk3XzTrpXbAG5TmCL8xzwF7F9QC9s1M HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-57259296-7f71-433f-8361-73c5ae6ee27e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUKGa8UJNJ_5bHtH5wRqhS6qdyakbuWToouqvvVvk6s4OoFzK_W6qabTmMAJMneiEk3XzTrpXbAG5TmCL8xzwF7F9QC9s1M%26google_hm%3DA1clkpZ_cUM_g2Fzxa5u4n4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKGa8UJNJ_5bHtH5wRqhS6qdyakbuWToouqvvVvk6s4OoFzK_W6qabTmMAJMneiEk3XzTrpXbAG5TmCL8xzwF7F9QC9s1M&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4

Request Chain 440

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=3293944949779761977

Request Chain 442

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFc3RFN0FySVlBQUJFMm90NUJyZw&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAEstE7ArIYAABE2ot5Brg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAEstE7ArIYAABE2ot5Brg&pid=558502&do=add HTTP 303
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAEstE7ArIYAABE2ot5Brg&pid=558502&do=add&_bee_ppp=1 HTTP 303
https://rtb-csync.smartadserver.com/redir

Request Chain 443

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6941809590163601555

Request Chain 444

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=7OvZBoIVTPuGnWe2PLopqg%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 447

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=ECEBD906-8215-4CFB-869D-67B63CBA29AA&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=ECEBD906-8215-4CFB-869D-67B63CBA29AA&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=ECEBD906-8215-4CFB-869D-67B63CBA29AA&addseg=31

Request Chain 448

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RUNFQkQ5MDYtODIxNS00Q0ZCLTg2OUQtNjdCNjNDQkEyOUFB&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 449

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGmu_QXJ1RPQYt-w37JPQGY&google_cver=1

Request Chain 451

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3d4b2d13-cf48-4650-abb1-5b0f4c341355

Request Chain 452

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8354128351810794130

Request Chain 453

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:7df66056-430f-4d00-9d6c-ef044a03773a&gdpr=0&gdpr_consent=

Request Chain 454

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3449719069706468319&gdpr=0&gdpr_consent=

Request Chain 455

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=c99421f9-ff10-480f-8a8c-234c4806b871&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy= HTTP 302
https://x.bidswitch.net/sync?dsp_id=283&user_id=06de93c5-6307-4dd9-a45d-2f32544e152b&expires=1&user_group=5&ssp=pubmatic&bsw_param=c99421f9-ff10-480f-8a8c-234c4806b871 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=c99421f9-ff10-480f-8a8c-234c4806b871&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 457

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=ECEBD906-8215-4CFB-869D-67B63CBA29AA&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-2cFhFbVE2uX_RbS5Tgz.rRjmMH0FoEA-~A&gdpr=0&gdpr_consent=

Request Chain 458

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=HdrZFB_Z3EMGj95BSdrBGhLYiBIG3ohHSt2jhs3V

Request Chain 459

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YFZDDAAAAGDucSzr&gdpr=0&gdpr_consent=

Request Chain 460

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2357273015292893564&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 461

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:f2625ba0-b9ce-4c29-8323-60b36412529f&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 462

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=f002fe4a-1ea7-44f4-887f-aab309a2898a-60564310-4348&gdpr=0&gdpr_consent=

507 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
subject.com.ua/
Redirect Chain

https://www.subject.com.ua/
https://subject.com.ua/

13 KB
5 KB

125ms
44ms

Document
text/html

31.131.26.2
VPS-UA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.131.26.2 , Ukraine, ASN56851 (VPS-UA-AS, UA),
Reverse DNS: valerym.sv
Software: Apache /
Resource Hash: 93b476b61ed9b0b866913cccd04be15062df0b9d442121eae7d953899ef3f1ce

Request headers

Host: subject.com.ua
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:45:56 GMT
Server: Apache
X-Mod-Pagespeed: 1.13.35.2-0
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=0, no-cache, s-maxage=10
Content-Length: 4589
Connection: close
Content-Type: text/html; charset=utf-8

Redirect headers

Date: Sat, 20 Mar 2021 18:45:55 GMT
Server: Apache
Location: https://subject.com.ua/
Content-Length: 231
Connection: close
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK A.style.min.css.pagespeed.cf.cjWLHbLatD.css
subject.com.ua/css/ 4 KB
2 KB 121ms
42ms Stylesheet
text/css 31.131.26.2
VPS-UA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://subject.com.ua/css/A.style.min.css.pagespeed.cf.cjWLHbLatD.css
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.131.26.2 , Ukraine, ASN56851 (VPS-UA-AS, UA),
Reverse DNS: valerym.sv
Software: Apache /
Resource Hash: e6e58dd3cf161523cb31413f954117c2989c2c8fdc745679a99542d3835d501d

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:45:56 GMT
Content-Encoding: gzip
X-Original-Content-Length: 5426
Server: Apache
Etag: W/"0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=31536000
Last-Modified: Sat, 20 Mar 2021 18:08:52 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 1184
Expires: Sun, 20 Mar 2022 18:08:52 GMT

GET
H2 200 97672d69-12a2-43ea-9222-362234514ff0.min.js Show response
cmp.optad360.io/items/ 258 KB
73 KB 131ms
74ms Script
application/javascript 2600:9000:2182:3600:6:b871:4f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.optad360.io/items/97672d69-12a2-43ea-9222-362234514ff0.min.js
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:3600:6:b871:4f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: da9da6cc08f4fae96cb11b10e093fc4d19f871c3d4b46a2a48ee7f26637b92e5

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: gzip
last-modified: Fri, 15 Jan 2021 12:06:03 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
etag: W/"c7b5c09d2b1684bb417714719df59bd9"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-id: gWaCEoGr6eBOw_pcpGPx5e9K8ktJWkfN-s_9Kh2YeblR_9B41GGxdA==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
49 KB 43ms
22ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

839b41dd475d143b31c479aa6e666b8deb648b293ee93e67071222960f2b75cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49857
x-xss-protection: 0
server: cafe
etag: 11991498641368206346
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 20 Mar 2021 18:46:33 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 58 KB
20 KB 104ms
35ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

afa1b770c54cf834507e362b2162b004fe61c4a03e740252972d685796c600b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "818 / 310 of 1000 / last-modified: 1616192151"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19834
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:33 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
38 KB 22ms
20ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-1099121-7

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a5eee3bc786c48e46f522801a6c5d1a38334cdd2b9b210e131187812b7d262dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39095
x-xss-protection: 0
last-modified: Sat, 20 Mar 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 20 Mar 2021 18:46:33 GMT

GET
H2 200 cse.js Show response
cse.google.com/ 10 KB
4 KB 63ms
41ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=010607684231973573011:mknhdkp5vrc

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

93535a0c2d051421743f4592adb85b6b0ed3174145e757e78529e5615a596a6e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3468
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:33 GMT

GET
H2 200 plugin.min.js Show response
get.optad360.io/sf/e630b43e-4175-11e8-9881-06048607e8f8/ 270 KB
72 KB 54ms
7ms Script
application/javascript 2600:9000:206f:b200:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/e630b43e-4175-11e8-9881-06048607e8f8/plugin.min.js
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:b200:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fd3cb11771177acf987bcc199bb392d7672aa8deeb11d6fcbfab9dbf61042798

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:40:27 GMT
content-encoding: gzip
last-modified: Wed, 02 Dec 2020 14:18:08 GMT
server: AmazonS3
age: 367
etag: W/"c929038998a89a1dc6f9685aeae1c915"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3dd91613764eafe7ad199013ce202443.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: jftHFbnGsSi5MRPe0a8XX1GIzWLZbFvw2Eus0jp-R-GfM6LL7AuPPQ==

GET
H2 200 vdo.banner.min.js Show response
a.vdo.ai/core/dependencies_banner/ 631 KB
195 KB 75ms
50ms Script
application/javascript 2606:4700:3033::ac43:de92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vdo.ai/core/dependencies_banner/vdo.banner.min.js
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:de92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dacb8aa2d55232ccc0cbd513672502af5b7dad9c35a32e105b9a3440d04e9023

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 971
cf-ray: 63311a9abcbed6d5-FRA
x-cache: HIT
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08f28ef4b10000d6d542867000000001
last-modified: Wed, 17 Mar 2021 20:51:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2gDQSLOQTpTaIoV6KYT%2B0kK1EuVjQaJ2xcIRyh8rxUKWrrYsnHpzqZPaKiMMoqCfctOCem6RVc7x1%2FCEEQ2KIwV2zr%2FzsHIDuxbW2uNZ4ITWKdvbFg%3D%3D"}]}
x-varnish: 20544274 1015820
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=1800
access-control-allow-credentials: true
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 loader2.js Show response
cdn.admixer.net/scripts3/ 86 KB
29 KB 28ms
8ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/loader2.js
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: d55f81e52c653aaafd762224540775c8b75a83896c37566c1e0a09236552e5bb

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc14
date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: gzip
last-modified: Fri, 19 Mar 2021 13:54:28 GMT
server: nginx
etag: W/"6054ad14-156c2"
x-cached-since: 2021-03-20T18:45:25+00:00
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
cache: HIT
x-vhost-ver: 8641365102716749310
expires: Fri, 19 Mar 2021 14:09:20 GMT

GET
H/1.1 200
OK Roboto.woff2
subject.com.ua/fonts/ 27 KB
28 KB 116ms
39ms Font
font/woff2 31.131.26.2
VPS-UA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://subject.com.ua/fonts/Roboto.woff2
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/css/A.style.min.css.pagespeed.cf.cjWLHbLatD.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.131.26.2 , Ukraine, ASN56851 (VPS-UA-AS, UA),
Reverse DNS: valerym.sv
Software: Apache /
Resource Hash: 57d4944ce0cbe8e3daba4cb5fcd014b2bf5d4e1d06a2bc6c24bab30eabf3109e

Request headers

Origin: https://subject.com.ua
Referer: https://subject.com.ua/css/A.style.min.css.pagespeed.cf.cjWLHbLatD.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:45:56 GMT
Last-Modified: Wed, 04 Dec 2019 15:02:31 GMT
Server: Apache
ETag: "6d84-598e21a197121"
Content-Type: font/woff2
Connection: close
Accept-Ranges: bytes
Content-Length: 28036

GET
H2 200 jsunit Show response
a4p.adpartner.pro/ 8 KB
2 KB 134ms
51ms Script
application/javascript 91.134.109.141
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/jsunit?id=809&0.7490532310947053
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.134.109.141 , France, ASN16276 (OVH, FR),
Reverse DNS: app-08.adpartner.pro
Software: nginx /
Resource Hash: 4bc3a51dd74e029ae2a82fc6d8bf27a5313c78f06fa0a132ac1148025ef8808c

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
cache-control: no-store no-transform
server: nginx
content-encoding: br
content-type: application/javascript; charset=utf-8

GET
H2 200 vdo.ai.js Show response
a.vdo.ai/core/subject/ 10 KB
3 KB 211ms
203ms Script
text/javascript 2606:4700:3033::ac43:de92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vdo.ai/core/subject/vdo.ai.js
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:de92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.2.30
Resource Hash: 854ff9bb733361322ca75f1e26337f75db2a1939c51801bad2c9decc923a5741

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
via: 1.1 varnish-v4
cf-cache-status: EXPIRED
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: PHP/7.2.30
x-cache: HIT
vdo-server: Tag3
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08f28ef4b10000d6d5ef84d000000001
x-varnish: 26673677 1736779
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JETZZUX9yqIEJDpa6K3SoTkcCInBmhRrcpXk%2BjBml6TPH%2BoYfLFU2MSFHCm9S6p2xjiOLFaTOY01UD7DRtKTELI1SewOUX40o4jeMn8dAHT10HWYrA%3D%3D"}]}
content-type: text/javascript;charset=UTF-8
cache-control: public, max-age=1800
cf-ray: 63311a9abcbfd6d5-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1099121-7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 2638
date: Sat, 20 Mar 2021 18:02:35 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Sat, 20 Mar 2021 20:02:35 GMT

GET
H2 200 c.html Show response
cdn.admixer.net/scripts3/ Frame 1507 637 B
512 B 7ms
7ms Document
text/html 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/c.html
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 594ca5002b9cdd63b301365c4dd76f3a08e23049f6aee1f62258d20da8ef1345

Request headers

:method: GET
:authority: cdn.admixer.net
:scheme: https
:path: /scripts3/c.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

server: nginx
date: Sat, 20 Mar 2021 18:46:33 GMT
content-type: text/html
last-modified: Fri, 19 Mar 2021 13:54:23 GMT
vary: Accept-Encoding
etag: W/"6054ad0f-27d"
expires: Sun, 20 Mar 2022 13:59:25 GMT
cache-control: max-age=31622400
access-control-allow-origin: https://nayrouz.com
access-control-allow-credentials: true
cache: HIT
x-cached-since: 2021-03-19T13:59:25+00:00
x-id: fr5-up-gc14
x-vhost-ver: 8641365102716749310
content-encoding: gzip

GET
H2 200 af0bee68301ea81d4ecb.b.js Show response
cdn.admixer.net/scripts3/ 82 KB
22 KB 11ms
10ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/af0bee68301ea81d4ecb.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: acb8d9c7e9ffc6b6873755e1a15d74e39339218515d82dbda78d252a1c7f0f55

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc14
date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: gzip
last-modified: Fri, 19 Mar 2021 13:54:21 GMT
server: nginx
etag: W/"6054ad0d-14693"
vary: Accept-Encoding
x-cached-since: 2021-03-19T13:59:25+00:00
content-type: application/javascript
access-control-allow-origin: https://nayrouz.com
cache-control: max-age=31622400
access-control-allow-credentials: true
x-vhost-ver: 8641365102716749310
cache: HIT
expires: Sun, 20 Mar 2022 13:59:25 GMT

GET
H2 200 eea2a65c501c927510a8.b.js Show response
cdn.admixer.net/scripts3/ 91 KB
25 KB 15ms
15ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/eea2a65c501c927510a8.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: d288f94c0356f27b754ec69817e8578ea0bc9491cc9456331cc9c6de9640130b

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-id: fr5-up-gc14
date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: gzip
last-modified: Fri, 19 Mar 2021 13:54:27 GMT
server: nginx
etag: W/"6054ad13-16d53"
vary: Accept-Encoding
x-cached-since: 2021-03-19T13:59:25+00:00
content-type: application/javascript
access-control-allow-origin: https://nayrouz.com
cache-control: max-age=31622400
access-control-allow-credentials: true
x-vhost-ver: 8641365102716749310
cache: HIT
expires: Sun, 20 Mar 2022 13:59:25 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
387 B 45ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=396961267&t=pageview&_s=1&dl=https%3A%2F%2Fsubject.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%92%D1%81%D1%96%20%D0%BF%D1%80%D0%B5%D0%B4%D0%BC%D0%B5%D1%82%D0%B8%20-%20%D0%92%D0%B5%D0%BB%D0%B8%D0%BA%D0%B8%D0%B9%20%D0%B4%D0%BE%D0%B2%D1%96%D0%B4%D0%BD%D0%B8%D0%BA%20%D1%88%D0%BA%D0%BE%D0%BB%D1%8F%D1%80%D0%B0&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=1062824181&gjid=793380367&cid=820006831.1616265993&tid=UA-1099121-7&_gid=1579695637.1616265993&_r=1&gtm=2ou3a0&z=1495971424

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://subject.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20190131/ 226 KB
85 KB 66ms
53ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2062463022593482&plah=subject.com.ua&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

76de05ef38c3493027e88617f808b48e1683e54a4e2989862d1afc85933f01eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 86501
x-xss-protection: 0
server: cafe
etag: 16342648926818324530
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 20 Mar 2021 18:46:33 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210316/r20190131/ Frame 0276 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210316/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c44ef8885a1386dad99986e4de63457883d50b1a966d27b502f37d691d7bd770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210316/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 20 Mar 2021 04:26:34 GMT
expires: Sat, 03 Apr 2021 04:26:34 GMT
content-type: text/html; charset=UTF-8
etag: 14488317231655078900
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4661
x-xss-protection: 0
age: 51599
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cse_element__uk.js Show response
www.google.com/cse/static/element/323d4b81541ddb5b/ 277 KB
91 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/323d4b81541ddb5b/cse_element__uk.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=010607684231973573011:mknhdkp5vrc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53fc4c50b44a3973352290acaf5a3422fcc237afd5944647abd0045c9c09e333

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 21:42:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 19:23:46 GMT
server: sffe
age: 248640
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92751
x-xss-protection: 0
expires: Thu, 17 Mar 2022 21:42:33 GMT

GET
H2 200 default+uk.css
www.google.com/cse/static/element/323d4b81541ddb5b/ 41 KB
9 KB 17ms
16ms Stylesheet
text/css 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/323d4b81541ddb5b/default+uk.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=010607684231973573011:mknhdkp5vrc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 06:34:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 19:23:46 GMT
server: sffe
age: 130314
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9032
x-xss-protection: 0
expires: Sat, 19 Mar 2022 06:34:39 GMT

GET
H2 200 espresso.css
www.google.com/cse/static/style/look/v4/ 5 KB
2 KB 18ms
18ms Stylesheet
text/css 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/espresso.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=010607684231973573011:mknhdkp5vrc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79079035ef85018e365005353caff57c4797c437cb07f6460e77bf6477cd3805

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:01:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 2690
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1538
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:51:43 GMT

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 43ms
29ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-113932176-30

Requested by

Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_banner/vdo.banner.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c984ccae94d0490c76f10c2ad47e3d3a3ea88c11f775f149def9bae0db94bcb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39086
x-xss-protection: 0
last-modified: Sat, 20 Mar 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 20 Mar 2021 18:46:33 GMT

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
38 KB 44ms
31ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-113932176-30&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1099121-7

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2e479f2480894f8cc08fda446bba038147f43a4c6f6a0873934acefd1cda944a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39099
x-xss-protection: 0
last-modified: Sat, 20 Mar 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 20 Mar 2021 18:46:33 GMT

GET
H2 200 allowed_url.php Show response
targeting.vdo.ai/ 99 B
974 B 34ms
17ms XHR
application/json 2606:4700:3033::6815:2384
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://targeting.vdo.ai/allowed_url.php?type=json&unit_type=banner&version=ff5d886&url=subject.com.ua%2F
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_banner/vdo.banner.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2384 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75ace966726add1583567ab2520409b8f0518c16bda739e5e736450a02c1458d

Request headers

Accept: application/json, text/plain, */*
Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TBdEz2R9i5bDE1qDEVWGNduQlPE7twgyUKhIZnZoH%2FORnySuhHNI%2Fjq0N1BdpmTS4cWOXZRWCrSNm3IPj%2FxDNuh%2Fs52%2FiozxyS0isOz2BRcJRUJZ0EJnqwqTUB0t"}],"group":"cf-nel","max_age":604800}
cf-ray: 63311a9cad14d6b9-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08f28ef5ed0000d6b9f59d6000000001

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
87 B 13ms
13ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j88&tid=UA-1099121-7&cid=820006831.1616265993&jid=1062824181&gjid=793380367&_gid=1579695637.1616265993&_u=IEBAAUAAAAAAAC~&z=439454228

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 20 Mar 2021 18:46:33 GMT
content-type: text/plain
access-control-allow-origin: https://subject.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 750B 119 KB
31 KB 146ms
60ms Script
application/javascript 13.226.158.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.158.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-204.dus51.r.cloudfront.net
Software: Server /
Resource Hash: 86cef609c85d2c2ce6a507af54e77a9c150e2fa408043e1454082614c4b0ce2b

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:41:25 GMT
content-encoding: gzip
server: Server
age: 307
etag: d2bbe61d6c9cfd2f9d26c66417c4fb1e
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f6bd96409cae11d77ed75457d756ef80.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: qpGbqo5n5ftYm2ZsSSwwmAxZeGfbwfiX
x-amz-cf-id: f5x8yBILYxcjW4fAT6XoGNBwTkr_kNnNxAVzjSFSND1RXSDZ_BX3uQ==

GET
H/1.1 200
OK / Show response
stat.optad360.mgr.consensu.org/ 20 B
286 B 107ms
30ms XHR
text/html 18.196.233.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://stat.optad360.mgr.consensu.org/
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/e630b43e-4175-11e8-9881-06048607e8f8/plugin.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.196.233.38 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-233-38.eu-central-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 1df95b226ba28a770a8d3aae9105878511a0b8eb6cdc9a4d15d4d89d26ffda0b

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 20 Mar 2021 18:46:33 GMT
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 prebid4.15.0.js Show response
get.optad360.io/sf/ 401 KB
402 KB 6ms
6ms Script
application/javascript 2600:9000:206f:b200:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/prebid4.15.0.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/e630b43e-4175-11e8-9881-06048607e8f8/plugin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:b200:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 080c618e121a4005b2e1c1cb9171d9c3855f5e57638110c7cbc2adb2f124e7a6

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 23:48:02 GMT
via: 1.1 3dd91613764eafe7ad199013ce202443.cloudfront.net (CloudFront)
last-modified: Mon, 09 Nov 2020 10:05:07 GMT
server: AmazonS3
age: 9658712
etag: "02a3519810a609b01c46f219622d8b26"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=360000000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-length: 411000
x-amz-cf-id: nXHKIssRkQ_tvfjaDaxnSYnhQYuo3R59rSipWkpDYhAthWve5hzuqA==

GET
H3-Q050 200 pubads_impl_2021031701.js Show response
securepubads.g.doubleclick.net/gpt/ 285 KB
100 KB 93ms
52ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

cbbda5fac6618da4be9f03098dc394e81f435c51622e306605849c2ac2942fd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Mar 2021 08:39:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102424
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:33 GMT

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
274 B 62ms
47ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-1099121-7&cid=820006831.1616265993&jid=1062824181&_u=IEBAAUAAAAAAAC~&z=54549612

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
30ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-1099121-7&cid=820006831.1616265993&jid=1062824181&_u=IEBAAUAAAAAAAC~&z=54549612

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
242 B 375ms
122ms XHR
text/html 144.217.66.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_banner/vdo.banner.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.66.206 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns535844.ip-144-217-66.net
Software: nginx/1.19.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 20 Mar 2021 18:46:34 GMT
Server: nginx/1.19.2
Connection: keep-alive
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html

GET
H/1.1 200
OK pixel.gif
track.vdo.ai/ 43 B
236 B 356ms
119ms Image
image/gif 51.79.79.82
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.vdo.ai/pixel.gif?domainName=subject.com.ua&tagName=&event=blocked_url&uid=a7e47fc0-a2f5-41de-93cd-c880643fc32c&1616265993761
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.79.82 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns568735.ip-51-79-79.net
Software: nginx/1.12.2 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:34 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 ls Show response
a4p.adpartner.pro/jsunit/ Frame BF84 6 KB
2 KB 39ms
39ms Document
text/html 91.134.109.141
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/jsunit/ls?jsunit=809&unit_id=1273&session_pageview=1&session_id=af3a287e-28cb-4e2e-a993-fdda898b190c&site_visited=1&apuid=cdbc2668-de42-4bae-991f-98220decdcad&width=245&screen_width=1600&ref=&location=https%3A%2F%2Fsubject.com.ua%2F
Requested by: Host: a4p.adpartner.pro
URL: https://a4p.adpartner.pro/jsunit?id=809&0.7490532310947053
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.134.109.141 , France, ASN16276 (OVH, FR),
Reverse DNS: app-08.adpartner.pro
Software: nginx /
Resource Hash: 7f0aa0f36d325ab6ac0af838521a36e663575298e0780f6a3aad348921aa876c

Request headers

:method: GET
:authority: a4p.adpartner.pro
:scheme: https
:path: /jsunit/ls?jsunit=809&unit_id=1273&session_pageview=1&session_id=af3a287e-28cb-4e2e-a993-fdda898b190c&site_visited=1&apuid=cdbc2668-de42-4bae-991f-98220decdcad&width=245&screen_width=1600&ref=&location=https%3A%2F%2Fsubject.com.ua%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

server: nginx
date: Sat, 20 Mar 2021 18:46:33 GMT
content-type: text/html; charset=utf-8
set-cookie: subject.com.ua_ref=; Path=/; Expires=Sat, 20 Mar 2021 19:46:33 GMT; Secure; SameSite=None
cache-control: no-store no-transform
content-encoding: br

GET
H2 200 vdo.min.js Show response
a.vdo.ai/core/dependencies_hbv4/ 339 KB
104 KB 37ms
36ms Script
application/javascript 2606:4700:3033::ac43:de92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/subject/vdo.ai.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:de92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 135a22903d9e8a464b1787c54af4d4fe5d8710466373cf6537ea667e3e17fa7b

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 974
cf-ray: 63311a9d1f6bd6d5-FRA
x-cache: HIT
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08f28ef62e0000d6d50703d000000001
last-modified: Sat, 20 Mar 2021 06:26:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BMyExTkX2uSvgwxRPB4I7mjKy3Csad%2FZYZbvbsR%2BVFSNZanDDAOHYOs6RgWEIJjSTmY7oYWT68vXQVjGnsPG%2BRV9FnwkzBEZulS2wCZd0lDk5nRRcw%3D%3D"}]}
x-varnish: 153651593 1409033
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=1800
access-control-allow-credentials: true
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 330 KB
114 KB 61ms
41ms Script
text/javascript 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: a.vdo.ai
URL: https://a.vdo.ai/core/subject/vdo.ai.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ab8d4672e4e6dddaffe2961db019619fddee5fdad48793107e3ef3065239f68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116759
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:33 GMT

GET
H3-Q050 200 async-ads.js Show response
cse.google.com/adsense/search/ 181 KB
63 KB 44ms
30ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/323d4b81541ddb5b/cse_element__uk.js?usqp=CAI%3D

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0fd77125e5ce9384877a2aeea1419b5c3aa2fcad3fd02a42a484caad21ad3302

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "5962595264063328276"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:33 GMT

GET
H3-Q050 200 clear.png
www.google.com/cse/static/css/v2/ 1018 B
1 KB 9ms
8ms Image
image/png 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/css/v2/clear.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/323d4b81541ddb5b/default+uk.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/cse/static/element/323d4b81541ddb5b/default+uk.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 08:54:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 121930
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1018
x-xss-protection: 0
expires: Sat, 19 Mar 2022 08:54:23 GMT

GET
H2 204 generate_204
www.googleapis.com/ 0
39 B 7ms
5ms Image
text/plain 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googleapis.com/generate_204
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 204 generate_204
clients1.google.com/ 0
182 B 28ms
6ms Image
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 204 B
440 B 64ms
62ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=subject.com.ua&callback=_gfp_s_&client=ca-pub-2062463022593482

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210316/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2062463022593482&plah=subject.com.ua&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

496708a0acd5edcc896114b89bb8334e0712289af5e27cef897603e3284b7dab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 193
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 35ms
13ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=subject.com.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 37ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=subject.com.ua

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A870 54 B
596 B 90ms
76ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2062463022593482&output=html&adk=1812271804&adf=3025194257&lmt=1616265993&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsubject.com.ua%2F&ea=0&flash=0&pra=5&wgl=1&dt=1616265993476&bpp=15&bdt=237&idt=345&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7773717486641&frm=20&pv=2&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068083%2C44739387&oid=3&pvsid=282971650721183&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=1&uci=a!1&fsb=1&dtd=372

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-2062463022593482&output=html&adk=1812271804&adf=3025194257&lmt=1616265993&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsubject.com.ua%2F&ea=0&flash=0&pra=5&wgl=1&dt=1616265993476&bpp=15&bdt=237&idt=345&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7773717486641&frm=20&pv=2&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068083%2C44739387&oid=3&pvsid=282971650721183&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=1&uci=a!1&fsb=1&dtd=372
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 20 Mar 2021 18:46:33 GMT
server: cafe
content-length: 34
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 20-Mar-2021 19:01:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 20 Mar 2021 18:46:33 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980824644616"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28204
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:33 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D625 62 KB
22 KB 241ms
240ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2062463022593482&output=html&h=600&slotname=2231225757&adk=3129635753&adf=941345768&pi=t.ma~as.2231225757&w=252&fwrn=4&fwrnh=100&lmt=1616265993&rafmt=1&psa=0&format=252x600&url=https%3A%2F%2Fsubject.com.ua%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&dt=1616265993491&bpp=4&bdt=253&idt=374&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7773717486641&frm=20&pv=1&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=8&ady=914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068083%2C44739387&oid=3&pvsid=282971650721183&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=0Ozj5GEeIh&p=https%3A//subject.com.ua&dtd=382

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aae79d8532095eb287564ce736a57beae32e2753469ebfc72f433919eeb73d5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-2062463022593482&output=html&h=600&slotname=2231225757&adk=3129635753&adf=941345768&pi=t.ma~as.2231225757&w=252&fwrn=4&fwrnh=100&lmt=1616265993&rafmt=1&psa=0&format=252x600&url=https%3A%2F%2Fsubject.com.ua%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&dt=1616265993491&bpp=4&bdt=253&idt=374&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7773717486641&frm=20&pv=1&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=8&ady=914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068083%2C44739387&oid=3&pvsid=282971650721183&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=0Ozj5GEeIh&p=https%3A//subject.com.ua&dtd=382
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 20 Mar 2021 18:46:34 GMT
server: cafe
content-length: 22660
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 20-Mar-2021 19:01:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 20 Mar 2021 18:46:34 GMT
cache-control: private

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 1 KB
904 B 7ms
6ms XHR
application/json 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20210320

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid4.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ae9ae3dfd2efbb210fb9ebb54bcafead289c060ed4d30fb85b1a81276ce5733e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 27813
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 753
etag: W/"540-ZaS91eJ0HUS+kx4hWrT6uaEArO8"
x-served-by: cache-fra19154-FRA, cache-hhn4071-HHN
date: Sat, 20 Mar 2021 18:46:33 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
26 B 14ms
14ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=396961267&t=pageview&_s=1&dl=https%3A%2F%2Fsubject.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%92%D1%81%D1%96%20%D0%BF%D1%80%D0%B5%D0%B4%D0%BC%D0%B5%D1%82%D0%B8%20-%20%D0%92%D0%B5%D0%BB%D0%B8%D0%BA%D0%B8%D0%B9%20%D0%B4%D0%BE%D0%B2%D1%96%D0%B4%D0%BD%D0%B8%D0%BA%20%D1%88%D0%BA%D0%BE%D0%BB%D1%8F%D1%80%D0%B0&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KEDAAUABAAAAAC~&jid=501369025&gjid=1628972766&cid=820006831.1616265993&tid=UA-113932176-30&_gid=1579695637.1616265993&_r=1&gtm=2ou3a0&z=1157527200

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://subject.com.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
122 B 7ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=396961267&t=event&_s=2&dl=https%3A%2F%2Fsubject.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%92%D1%81%D1%96%20%D0%BF%D1%80%D0%B5%D0%B4%D0%BC%D0%B5%D1%82%D0%B8%20-%20%D0%92%D0%B5%D0%BB%D0%B8%D0%BA%D0%B8%D0%B9%20%D0%B4%D0%BE%D0%B2%D1%96%D0%B4%D0%BD%D0%B8%D0%BA%20%D1%88%D0%BA%D0%BE%D0%BB%D1%8F%D1%80%D0%B0&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=banner&ea=blocked_url&el=&_u=KEDAAUABAAAAAC~&jid=&gjid=&cid=820006831.1616265993&tid=UA-113932176-30&_gid=1579695637.1616265993&gtm=2ou3a0&z=1231946132

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 20:46:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79178
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 7ms
7ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=396961267&t=event&_s=3&dl=https%3A%2F%2Fsubject.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%92%D1%81%D1%96%20%D0%BF%D1%80%D0%B5%D0%B4%D0%BC%D0%B5%D1%82%D0%B8%20-%20%D0%92%D0%B5%D0%BB%D0%B8%D0%BA%D0%B8%D0%B9%20%D0%B4%D0%BE%D0%B2%D1%96%D0%B4%D0%BD%D0%B8%D0%BA%20%D1%88%D0%BA%D0%BE%D0%BB%D1%8F%D1%80%D0%B0&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=vdoaijs&ea=loaded&ev=1&_u=KEDAAUABAAAAAC~&jid=&gjid=&cid=820006831.1616265993&tid=UA-113932176-30&_gid=1579695637.1616265993&gtm=2ou3a0&z=253574530

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 13:55:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 17487
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
9 KB 389ms
389ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=282971650721183&correlator=1822176745013442&output=ldjh&impl=fif&eid=31060473%2C31060521%2C31060367%2C44739387&vrg=2021031701&ptt=17&sc=1&sfv=1-0-37&ecs=20210320&iu_parts=112081842%2Csubject.com.ua_300x600&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&eri=4&cookie_enabled=1&cdm=subject.com.ua&bc=31&abxe=1&dt=1616265994015&dlt=1616265993239&idt=745&frm=20&biw=1600&bih=1200&oid=3&adxs=1292&adys=116&adks=3789431497&ucis=1&ifi=3&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsubject.com.ua&loc=https%3A%2F%2Fsubject.com.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x1957&msz=300x600&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

023a0d7601633df31d5959541bdcab2280917459fb130f1f0bf7246eecb96f36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8996
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://subject.com.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 65ms
19ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 30ms
7ms Other
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 276 KB
44 KB 830ms
829ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=282971650721183&correlator=1822176745013442&output=ldjh&impl=fif&eid=31060473%2C31060521%2C31060367%2C44739387&vrg=2021031701&ptt=17&sc=1&sfv=1-0-37&ecs=20210320&iu_parts=112081842%2Csubject.com.ua_multiplex&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50&fluid=height&eri=4&cookie_enabled=1&cdm=subject.com.ua&bc=31&abxe=1&dt=1616265994020&dlt=1616265993239&idt=745&frm=20&biw=1600&bih=1200&oid=3&adxs=8&adys=2013&adks=1252796772&ucis=2&ifi=4&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsubject.com.ua&loc=https%3A%2F%2Fsubject.com.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1584x2471&msz=1584x0&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=false&fws=0&ohw=0&btvi=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

7a94f90d68ffa240fad7c8b4e0dc96cca88ec2202f9a17ba4b1dc0e693a4bc5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45174
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://subject.com.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 48 KB
23 KB 327ms
326ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=282971650721183&correlator=1822176745013442&output=ldjh&impl=fif&eid=31060473%2C31060521%2C31060367%2C44739387&vrg=2021031701&ptt=17&sc=1&sfv=1-0-37&ecs=20210320&iu_parts=121764058%2Csubject.com.ua_adi_ATF&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90%7C970x250%7C970x300%7C1200x300%7C1000x250%7C1000x300%7C1000x100%7C580x400&eri=4&cookie_enabled=1&cdm=subject.com.ua&bc=31&abxe=1&dt=1616265994022&dlt=1616265993239&idt=745&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=15&adks=4014636662&ucis=3&ifi=5&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsubject.com.ua&loc=https%3A%2F%2Fsubject.com.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=970x90&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=false&fws=128&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

bd7e28880598818b5cd041f55d88a357a983a8973a99e4248eab6d92faa61ab8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22760
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://subject.com.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 12 KB
7 KB 1613ms
1612ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=282971650721183&correlator=1822176745013442&output=ldjh&impl=fif&eid=31060473%2C31060521%2C31060367%2C44739387&vrg=2021031701&ptt=17&sc=1&sfv=1-0-37&ecs=20210320&iu_parts=121764058%2Csubject.com.ua_am_co_S1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250%7C750x100%7C728x90%7C750x200%7C750x300%7C580x400%7C360x300&eri=4&cookie_enabled=1&cdm=subject.com.ua&bc=31&abxe=1&dt=1616265994025&dlt=1616265993239&idt=745&frm=20&biw=1600&bih=1200&oid=3&adxs=608&adys=387&adks=2506017926&ucis=4&ifi=6&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsubject.com.ua&loc=https%3A%2F%2Fsubject.com.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=336x280&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=false&fws=128&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a7aae9294071d9da0ab02dde685259d7e8c92002862da4c8882891f62e50b944

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7367
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://subject.com.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
9 KB 1352ms
1351ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=282971650721183&correlator=1822176745013442&output=ldjh&impl=fif&eid=31060473%2C31060521%2C31060367%2C44739387&vrg=2021031701&ptt=17&sc=1&sfv=1-0-37&ecs=20210320&iu_parts=121764058%2Csubject.com.ua_adi_BTF&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90%7C970x250%7C970x300%7C1000x250%7C1000x300%7C1000x100%7C580x400&eri=4&cookie_enabled=1&cdm=subject.com.ua&bc=31&abxe=1&dt=1616265994029&dlt=1616265993239&idt=745&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=2028&adks=1769152980&ucis=5&ifi=7&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsubject.com.ua&loc=https%3A%2F%2Fsubject.com.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=970x90&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=false&fws=128&ohw=0&btvi=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

b043c25610227fed20ef0056a9e4330edc9a20029877f8e2d63992383778c75f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8976
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://subject.com.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 16 KB
9 KB 1089ms
1088ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=282971650721183&correlator=1822176745013442&output=ldjh&impl=fif&eid=31060473%2C31060521%2C31060367%2C44739387&vrg=2021031701&ptt=17&sc=1&sfv=1-0-37&ecs=20210320&iu_parts=121764058%2Csubject.com.ua_am_co_S2&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250%7C750x100%7C728x90%7C750x200%7C750x300%7C580x400%7C360x300&eri=4&cookie_enabled=1&cdm=subject.com.ua&bc=31&abxe=1&dt=1616265994033&dlt=1616265993239&idt=745&frm=20&biw=1600&bih=1200&oid=3&adxs=608&adys=1372&adks=364879880&ucis=6&ifi=8&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsubject.com.ua&loc=https%3A%2F%2Fsubject.com.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=336x280&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=false&fws=128&ohw=0&btvi=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

da7ce664f02a483d72bd4163d6347de279cd8d3be6a3bd4ed57cc8c5bef50710

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9106
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://subject.com.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
9 KB 657ms
656ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=282971650721183&correlator=1822176745013442&output=ldjh&impl=fif&eid=31060473%2C31060521%2C31060367%2C44739387&vrg=2021031701&ptt=17&sc=1&sfv=1-0-37&ecs=20210320&iu_parts=121764058%2Csubject.com.ua_adi_W1&enc_prev_ius=%2F0%2F1&prev_iu_szs=240x400%7C240x600%7C160x600&eri=4&cookie_enabled=1&cdm=subject.com.ua&bc=31&abxe=1&dt=1616265994037&dlt=1616265993239&idt=745&frm=20&biw=1600&bih=1200&oid=3&adxs=1295&adys=717&adks=4243019390&ucis=7&ifi=9&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsubject.com.ua&loc=https%3A%2F%2Fsubject.com.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=240x-1&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=false&fws=128&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e9caa7e830398c214d058b03f4ab2ee8e869968aec207eaf330165cf1a4db222

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8841
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://subject.com.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
9 KB 842ms
841ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=282971650721183&correlator=1822176745013442&output=ldjh&impl=fif&eid=31060473%2C31060521%2C31060367%2C44739387&vrg=2021031701&ptt=17&sc=1&sfv=1-0-37&ecs=20210320&iu_parts=121764058%2Csubject.com.ua_adi_W2&enc_prev_ius=%2F0%2F1&prev_iu_szs=240x400%7C240x600%7C160x600&eri=4&cookie_enabled=1&cdm=subject.com.ua&bc=31&abxe=1&dt=1616265994039&dlt=1616265993239&idt=745&frm=20&biw=1600&bih=1200&oid=3&adxs=14&adys=1529&adks=3803618108&ucis=8&ifi=10&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsubject.com.ua&loc=https%3A%2F%2Fsubject.com.ua%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=240x400&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=false&fws=128&ohw=0&btvi=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

2e6234f8c13a0fa6e3473b05ee9e5160387cfb76147ac3a73835f07eba430353

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8844
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://subject.com.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 allowed_url.php Show response
targeting.vdo.ai/ 99 B
682 B 16ms
15ms XHR
application/json 2606:4700:3033::6815:2384
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://targeting.vdo.ai/allowed_url.php?type=json&url=subject.com.ua%2F&tag=subject&domain=subject.com.ua
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2384 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75ace966726add1583567ab2520409b8f0518c16bda739e5e736450a02c1458d

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0WT6Zi6uUdgiCPzqIVH02etajoOgQ2SXcqZ0O8L7YcYn2e3pda06Txi5mmjoSNMFoAhok1qfLd7JXP7FHxWnF23USRa7gwsmN%2Fw4gzvMzoEae78wGEwddjyy5JrH"}],"group":"cf-nel","max_age":604800}
cf-ray: 63311a9eef84d6b9-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08f28ef7510000d6b9a51f7000000001

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ Frame BF84 46 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: a4p.adpartner.pro
URL: https://a4p.adpartner.pro/jsunit/ls?jsunit=809&unit_id=1273&session_pageview=1&session_id=af3a287e-28cb-4e2e-a993-fdda898b190c&site_visited=1&apuid=cdbc2668-de42-4bae-991f-98220decdcad&width=245&screen_width=1600&ref=&location=https%3A%2F%2Fsubject.com.ua%2F

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://a4p.adpartner.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 2639
date: Sat, 20 Mar 2021 18:02:35 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Sat, 20 Mar 2021 20:02:35 GMT

POST
H2 200 jsunit Show response
a4p.adpartner.pro/ Frame BF84 5 KB
2 KB 253ms
253ms XHR
application/javascript 91.134.109.141
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/jsunit?id=809&ref=&session_id=af3a287e-28cb-4e2e-a993-fdda898b190c&session_pageview=1&site_visited=1&unit_id=1273
Requested by: Host: a4p.adpartner.pro
URL: https://a4p.adpartner.pro/jsunit/ls?jsunit=809&unit_id=1273&session_pageview=1&session_id=af3a287e-28cb-4e2e-a993-fdda898b190c&site_visited=1&apuid=cdbc2668-de42-4bae-991f-98220decdcad&width=245&screen_width=1600&ref=&location=https%3A%2F%2Fsubject.com.ua%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.134.109.141 , France, ASN16276 (OVH, FR),
Reverse DNS: app-08.adpartner.pro
Software: nginx /
Resource Hash: d5e97065cb8923a04ddee6e762bdcc2da292de8869ea8ce44ae7cb86853b4ab9

Request headers

Referer: https://a4p.adpartner.pro/jsunit/ls?jsunit=809&unit_id=1273&session_pageview=1&session_id=af3a287e-28cb-4e2e-a993-fdda898b190c&site_visited=1&apuid=cdbc2668-de42-4bae-991f-98220decdcad&width=245&screen_width=1600&ref=&location=https%3A%2F%2Fsubject.com.ua%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

access-control-allow-origin: https://a4p.adpartner.pro
date: Sat, 20 Mar 2021 18:46:34 GMT
cache-control: no-store no-transform
access-control-allow-credentials: true
server: nginx
content-encoding: br
content-type: application/javascript; charset=utf-8

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 750B 6 KB
3 KB 104ms
36ms XHR
application/javascript 13.226.158.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.158.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-204.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Z_m26sDjicOoQtCCmuJEtOsMPnFQWWIm
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 51168
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Sat, 06 Mar 2021 01:32:40 GMT
server: AmazonS3
date: Sat, 20 Mar 2021 04:33:47 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 3b811cf25a4fdc818f7cfcb16b38d622.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: CwoV4zGV88tnl4nKGg3N_STPvYojIIxTX5XIi0UGEHgGz1jRCETY2Q==

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
242 B 121ms
121ms XHR
text/html 144.217.66.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.66.206 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns535844.ip-144-217-66.net
Software: nginx/1.19.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 20 Mar 2021 18:46:34 GMT
Server: nginx/1.19.2
Connection: keep-alive
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
242 B 254ms
134ms XHR
text/html 144.217.66.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.66.206 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns535844.ip-144-217-66.net
Software: nginx/1.19.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 20 Mar 2021 18:46:34 GMT
Server: nginx/1.19.2
Connection: keep-alive
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html

GET
H2 200 vdo.player.js Show response
a.vdo.ai/core/assets/ 575 KB
144 KB 43ms
43ms Script
application/javascript 2606:4700:3033::ac43:de92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vdo.ai/core/assets/vdo.player.js
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:de92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d3d3d99ec2d1da823e792b3024b24ae723c89a29d46d9cffe4b1d4ba935c0da

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 973
cf-ray: 63311a9f8a33d6d5-FRA
x-cache: HIT
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08f28ef7b20000d6d53584f000000001
last-modified: Mon, 14 Sep 2020 22:24:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=C3DzE33vUKHRbm%2F8ZzAH8P6zQ2kXmRMoFgnAfaxtLj1p3m2Z19Fx25gsi6q6T6Fsa6ldnaMyZejk1q00Epnr1l30Mj%2F3Vb%2BCpvCaeNXw1JE0Tkx42Q%3D%3D"}]}
x-varnish: 137041509 32785
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=1800
access-control-allow-credentials: true
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 rtb.js Show response
a.vdo.ai/core/assets/ 383 KB
106 KB 38ms
38ms Script
application/javascript 2606:4700:3033::ac43:de92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vdo.ai/core/assets/rtb.js
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:de92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb9895bb7479d7bd4058bfd781fbf1d27d768a4cba2fbfa0be881b9a78c423d4

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 973
cf-ray: 63311a9f8a34d6d5-FRA
x-cache: HIT
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08f28ef7b20000d6d55d3b4000000001
last-modified: Thu, 18 Mar 2021 06:17:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XFQ9aW7%2FOcwhUZxTexghnQMjk%2FQJBZ7qfXabA3IrtmGO4UCgvzVUB3ayAcFs%2FhY9Kjtu6Oo23hkPLrFbG48r4UgQH%2FSX2DQ3A1OjRgGjQjDk6h59GQ%3D%3D"}]}
x-varnish: 157548626 30
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=1800
access-control-allow-credentials: true
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H/1.1 200
OK pixel.gif
track.vdo.ai/ 43 B
236 B 122ms
122ms Image
image/gif 51.79.79.82
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.vdo.ai/pixel.gif?domainName=subject.com.ua&tagName=subject&event=blocked_url&uid=d8c0c145-4206-4bd5-8628-b23c81aba7c4&t=1616265994152
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.79.82 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns568735.ip-51-79-79.net
Software: nginx/1.12.2 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:34 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK pixel.gif
track.vdo.ai/ 43 B
236 B 250ms
127ms Image
image/gif 51.79.79.82
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.vdo.ai/pixel.gif?domainName=subject.com.ua&tagName=subject&event=initVdo&uid=d8c0c145-4206-4bd5-8628-b23c81aba7c4&t=1616265994154
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.79.82 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns568735.ip-51-79-79.net
Software: nginx/1.12.2 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:34 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 7ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=396961267&t=event&_s=4&dl=https%3A%2F%2Fsubject.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%92%D1%81%D1%96%20%D0%BF%D1%80%D0%B5%D0%B4%D0%BC%D0%B5%D1%82%D0%B8%20-%20%D0%92%D0%B5%D0%BB%D0%B8%D0%BA%D0%B8%D0%B9%20%D0%B4%D0%BE%D0%B2%D1%96%D0%B4%D0%BD%D0%B8%D0%BA%20%D1%88%D0%BA%D0%BE%D0%BB%D1%8F%D1%80%D0%B0&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=video&ea=initVdo&el=subject&_u=KEDAAUABAAAAAC~&jid=&gjid=&cid=820006831.1616265993&tid=UA-113932176-30&_gid=1579695637.1616265993&gtm=2ou3a0&z=247924517

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 23:19:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 70050
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 14280742090462375405
tpc.googlesyndication.com/simgad/ Frame D625 140 KB
140 KB 37ms
23ms Image
image/gif 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14280742090462375405

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2062463022593482&output=html&h=600&slotname=2231225757&adk=3129635753&adf=941345768&pi=t.ma~as.2231225757&w=252&fwrn=4&fwrnh=100&lmt=1616265993&rafmt=1&psa=0&format=252x600&url=https%3A%2F%2Fsubject.com.ua%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&dt=1616265993491&bpp=4&bdt=253&idt=374&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7773717486641&frm=20&pv=1&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=8&ady=914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068083%2C44739387&oid=3&pvsid=282971650721183&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=0Ozj5GEeIh&p=https%3A//subject.com.ua&dtd=382

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0054cc67fc45bc1a30ce0969a266de7a890934a36ef74ba4df6f43098faad292

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 12:28:35 GMT
x-content-type-options: nosniff
age: 368279
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143392
x-xss-protection: 0
last-modified: Tue, 16 Mar 2021 10:31:38 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Mar 2022 12:28:35 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame D625 17 KB
7 KB 39ms
24ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:42:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:42:51 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame D625 2 KB
1 KB 38ms
26ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:45:18 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D625 117 KB
36 KB 45ms
30ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:34 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame D625 13 KB
6 KB 34ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:41:57 GMT

GET
H3-Q050 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame D625 25 KB
11 KB 38ms
27ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

329059d559fdef07b7854e9550433cf721a2301c3279b96d5c04f32477fbb63b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 10:35:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10816
x-xss-protection: 0
server: cafe
etag: 5325187549321947876
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 10:35:27 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame D625 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CnvqsCUNWYLKAN5yFwuIPq_q6wAmIhsXtYci_hOWkDdzZHhABILCesgNglYq4gsgHoAG5_77sA8gBA6kCeSP9aQ75sz6oAwHIA8kEqgTDAU_Q3WFez3jWnElbY1_J1dY9ahHRdRCZs7S9wyT1E83-Q04yvgtDsqgKwqHKZW5MJdPNXN2wMm_Be2g4nvAwPprDNcUsHQyGAvCJ7igc9wT2dMLE_63Q8p74ppMcqk17VzF9cO0rnzAH43sWeWa1Q5Cw751PMqbnigmO7rHH0XwrGir8ePYxP42dLMAIvEWTpWvRPxnXK8_F_52twKS4oNobVPc4W_hOrRizxdvbFdF-D10dEIFYCMZHIkKh-xyRnGvDEsAE6YnOsLUDkgUECAQYAZIFBAgFGASgBgOAB_qyhxaoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQ_7IH0ggJCIDhgBAQARgfgAoByAsB2BMK0BUBgBcBshcaChgIABIUcHViLTIwNjI0NjMwMjI1OTM0ODI&sigh=gJ7ue3ao60w&tpd=AGWhJmuzTOUl8H8OJoMsxzTIE6tOsvSJMtitZzwMFBf7byrLGw

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2062463022593482&output=html&h=600&slotname=2231225757&adk=3129635753&adf=941345768&pi=t.ma~as.2231225757&w=252&fwrn=4&fwrnh=100&lmt=1616265993&rafmt=1&psa=0&format=252x600&url=https%3A%2F%2Fsubject.com.ua%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&dt=1616265993491&bpp=4&bdt=253&idt=374&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7773717486641&frm=20&pv=1&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=8&ady=914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068083%2C44739387&oid=3&pvsid=282971650721183&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=0Ozj5GEeIh&p=https%3A//subject.com.ua&dtd=382
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 20 Mar 2021 18:46:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:34 GMT

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D3B0 143 B
220 B 6ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2062463022593482&output=html&h=600&slotname=2231225757&adk=3129635753&adf=941345768&pi=t.ma~as.2231225757&w=252&fwrn=4&fwrnh=100&lmt=1616265993&rafmt=1&psa=0&format=252x600&url=https%3A%2F%2Fsubject.com.ua%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&dt=1616265993491&bpp=4&bdt=253&idt=374&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7773717486641&frm=20&pv=1&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=8&ady=914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068083%2C44739387&oid=3&pvsid=282971650721183&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=0Ozj5GEeIh&p=https%3A//subject.com.ua&dtd=382
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkcRPM6meoFC7g-CaDqs2CR9FmRjKT4ir_UevxeSjEbyS0kuMSJmOCmF55jWuc
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2062463022593482&output=html&h=600&slotname=2231225757&adk=3129635753&adf=941345768&pi=t.ma~as.2231225757&w=252&fwrn=4&fwrnh=100&lmt=1616265993&rafmt=1&psa=0&format=252x600&url=https%3A%2F%2Fsubject.com.ua%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&dt=1616265993491&bpp=4&bdt=253&idt=374&shv=r20210316&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7773717486641&frm=20&pv=1&ga_vid=820006831.1616265993&ga_sid=1616265994&ga_hid=396961267&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=8&ady=914&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068083%2C44739387&oid=3&pvsid=282971650721183&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=0Ozj5GEeIh&p=https%3A//subject.com.ua&dtd=382

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 20 Mar 2021 18:41:26 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 308
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D625 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2e6ff9954394ade84d269e2e8c19055946008465a6061cb78f59670af72f52bb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 200
OK 6b8039c8-dd91-4cb9-bd85-d4fc58562ea7
https://subject.com.ua/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://subject.com.ua/6b8039c8-dd91-4cb9-bd85-d4fc58562ea7
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

OPTIONS
H/1.1 204
No Content news2.m3u8
h.vdo.ai/videos/categories/ Frame 0
0 364ms
123ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.m3u8
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:34 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 200
OK news2.m3u8 Show response
h.vdo.ai/videos/categories/ 36 KB
36 KB 235ms
235ms XHR
application/vnd.apple.mpegurl 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.m3u8
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: d417a744e6a944755dc8458b6592c542e2408ab6d847338a6cc2c731d4b36476

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
vdoai: true

Response headers

Date: Sat, 20 Mar 2021 18:46:34 GMT
Last-Modified: Tue, 04 Aug 2020 05:54:55 GMT
Server: nginx/1.16.1
ETag: "5f28f82f-8e3e"
Content-Type: application/vnd.apple.mpegurl
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 36414

GET
H3-Q050 200 container.html Show response
3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame ABC7 6 KB
3 KB 34ms
21ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Sat, 20 Mar 2021 18:46:34 GMT
expires: Sun, 20 Mar 2022 18:46:34 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
BLOB 200
OK 595d4aa2-8ffb-4b7a-b846-0afa43082535
https://subject.com.ua/ 5 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://subject.com.ua/595d4aa2-8ffb-4b7a-b846-0afa43082535
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0d2bb46c68e084f258f3728375c0351cb47075647142ba7df6f0059ae0b2581

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 5409
Content-Type: application/javascript

GET
H3-Q050 200 bridge3.447.1_en.html Show response
imasdk.googleapis.com/js/core/ Frame 92D3 576 KB
188 KB 35ms
22ms Document
text/html 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.447.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

559004a545a13667b7f7b0abdec7892df86ae2d2b36536c76ca37cbbf1b5bccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.447.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192496
date: Sun, 14 Mar 2021 13:29:38 GMT
expires: Mon, 14 Mar 2022 13:29:38 GMT
last-modified: Sun, 14 Mar 2021 13:23:56 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 537416
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
17 KB 60ms
41ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:34 GMT

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
242 B 121ms
121ms XHR
text/html 144.217.66.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.66.206 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns535844.ip-144-217-66.net
Software: nginx/1.19.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 20 Mar 2021 18:46:34 GMT
Server: nginx/1.19.2
Connection: keep-alive
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html

GET
H2 200 logo.svg
a.vdo.ai/core/assets/img/ 1 KB
1 KB 16ms
15ms Image
image/svg+xml 2606:4700:3033::ac43:de92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.vdo.ai/core/assets/img/logo.svg
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:de92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9adf28f17b88f7835611736a9461d0452433a4e12f3ebaafae1689394aeb8d7b

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 974
cf-ray: 63311aa13c28d6d5-FRA
x-cache: HIT
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08f28ef8c20000d6d51a210000000001
last-modified: Mon, 02 Mar 2020 08:12:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dYkB%2BYmfUBUTu4pYYgoMYJSncfbzYPJP1g5f9Teoj4UHJ2O3ZwQPtUfGFya8IMJ1a%2BNc6uAMElGAD0F3TmkcTFwKhYhZ%2FaXmMbDFJKWI4o%2BefbqoaA%3D%3D"}]}
x-varnish: 20043628 1605643
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=1800
access-control-allow-credentials: true
content-type: image/svg+xml
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H/1.1 200
OK pixel.gif
track.vdo.ai/ 43 B
236 B 115ms
114ms Image
image/gif 51.79.79.82
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.vdo.ai/pixel.gif?domainName=subject.com.ua&tagName=subject&event=forceplay&uid=d8c0c145-4206-4bd5-8628-b23c81aba7c4&t=1616265994428
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.79.82 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns568735.ip-51-79-79.net
Software: nginx/1.12.2 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:34 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 1px-matching-adpartner.gif
t.trafmag.com/images/ 35 B
232 B 151ms
43ms Image
image/gif 193.200.65.5
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.trafmag.com/images/1px-matching-adpartner.gif?id=cdbc2668-de42-4bae-991f-98220decdcad
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.200.65.5 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: t.trafmag.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
server: nginx
content-type: image/gif
content-length: 35
p3p: CP="NON DSP COR CURa TIA"

GET
H2

200

match
a4p.adpartner.pro/ssp/
Redirect Chain

https://cm.mgid.com/m?cdsp=363190&adu=https://a4p.adpartner.pro/ssp/match?dsp_id=10&user_id=cdbc2668-de42-4bae-991f-98220decdcad
https://a4p.adpartner.pro/ssp/match?dsp_id=10

43 B
360 B

60ms
59ms

Image
image/gif

91.134.109.141
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a4p.adpartner.pro/ssp/match?dsp_id=10
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.134.109.141 , France, ASN16276 (OVH, FR),
Reverse DNS: app-08.adpartner.pro
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
last-modified: Sat, 20 Mar 2021 18:46:34 GMT
server: nginx
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-store no-transform
content-length: 43
expires: Wed, 11 Nov 1998 11:11:11 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
cf-cache-status: DYNAMIC
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-mg-request-uuid: 3839b34a-e0a9-407c-8dc2-9812675a9d9a
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
location: https://a4p.adpartner.pro/ssp/match?dsp_id=10
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 63311aa1ce2dcc56-ZRH
content-type: image/gif
cf-request-id: 08f28ef9200000cc567090e000000001
server: cloudflare

GET
H2

200

match
a4p.adpartner.pro/ssp/
Redirect Chain

https://cm.mgid.com/m?cdsp=363190&adu=https://a4p.adpartner.pro/ssp/match?dsp_id=9&user_id=cdbc2668-de42-4bae-991f-98220decdcad
https://a4p.adpartner.pro/ssp/match?dsp_id=9

43 B
360 B

115ms
115ms

Image
image/gif

91.134.109.141
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a4p.adpartner.pro/ssp/match?dsp_id=9
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.134.109.141 , France, ASN16276 (OVH, FR),
Reverse DNS: app-08.adpartner.pro
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
last-modified: Sat, 20 Mar 2021 18:46:34 GMT
server: nginx
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-store no-transform
content-length: 43
expires: Wed, 11 Nov 1998 11:11:11 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
cf-cache-status: DYNAMIC
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-mg-request-uuid: 25496180-9b91-4e06-847e-230be1914ac7
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
location: https://a4p.adpartner.pro/ssp/match?dsp_id=9
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 63311aa1ce30cc56-ZRH
content-type: image/gif
cf-request-id: 08f28ef9210000cc56892c0000000001
server: cloudflare

GET
H2 200 cdbc2668-de42-4bae-991f-98220decdcad
s.uuidksinc.net/match/272/ 0
268 B 134ms
44ms Image
application/json 31.220.27.134
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.uuidksinc.net/match/272/cdbc2668-de42-4bae-991f-98220decdcad
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 31.220.27.134 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.19.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 20 Mar 2021 18:46:34 GMT
server: nginx/1.19.0
access-control-allow-headers: Content-Type
content-length: 0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8

GET
H2 200 cdbc2668-de42-4bae-991f-98220decdcad
recreativ.ru/mtch/31/ 43 B
112 B 164ms
46ms Image
image/gif 136.243.84.75
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://recreativ.ru/mtch/31/cdbc2668-de42-4bae-991f-98220decdcad
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.84.75 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.75.84.243.136.clients.your-server.de
Software: nginx /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

hn: b18
date: Sat, 20 Mar 2021 18:46:34 GMT
server: nginx
content-type: image/gif

GET
H2 200 pix
dsp-trk.eskimi.com/ 43 B
133 B 112ms
46ms Image
image/gif 34.120.139.69
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp-trk.eskimi.com/pix?e=24&exuid=cdbc2668-de42-4bae-991f-98220decdcad
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.139.69 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 69.139.120.34.bc.googleusercontent.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
via: 1.1 google
alt-svc: clear
content-length: 43
content-type: image/gif

GET
H2

200

adpdigital
px.adhigh.net/p/cm/
Redirect Chain

https://px.adhigh.net/p/cm/adpdigital
https://px.adhigh.net/p/cm/adpdigital?bounced=1

49 B
423 B

100ms
100ms

Image
image/gif

193.232.148.144
UMA-TECH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.adhigh.net/p/cm/adpdigital?bounced=1
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.232.148.144 , Russian Federation, ASN48061 (UMA-TECH-AS, RU),
Reverse DNS: hosting.adhigh.net
Software: nginx /
Resource Hash: d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
server: nginx
x-backend-id: f5-ru
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-type: image/gif
content-length: 49
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
server: nginx
access-control-allow-origin: *
x-backend-id: f5-ru
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://px.adhigh.net/p/cm/adpdigital?bounced=1
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

1px-matching-go2net.gif
m.trafmag.com/images/
Redirect Chain

https://inv-nets.admixer.net/adxcm.aspx?ssp=A7282016-03BE-4B43-9ECF-81872F01C61C&id=cdbc2668-de42-4bae-991f-98220decdcad
https://m.trafmag.com/images/1px-matching-go2net.gif?id=68a05200741946fc98cb19b849a3b75b

35 B
351 B

172ms
58ms

Image
image/gif

193.200.65.6
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.trafmag.com/images/1px-matching-go2net.gif?id=68a05200741946fc98cb19b849a3b75b
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.200.65.6 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: adforce.team
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:34 GMT
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
P3P: CP="NON DSP COR CURa TIA"

Redirect headers

Date: Sat, 20 Mar 2021 18:46:34 GMT
Server: nginx
Access-Control-Allow-Origin: *
P3p: CP="NID DSP ALL COR"
Location: https://m.trafmag.com/images/1px-matching-go2net.gif?id=68a05200741946fc98cb19b849a3b75b
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=25
Content-Length: 0
X-Xss-Protection: 0

GET
H2 204 match
dm.hybrid.ai/ 0
332 B 225ms
79ms Image
text/plain 37.18.16.22
HYBRID-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dm.hybrid.ai/match?id=177&vid=cdbc2668-de42-4bae-991f-98220decdcad

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.18.16.22 , Netherlands, ASN205675 (HYBRID-AS, RU),

Reverse DNS

Software

Hybrid Web Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
server: Hybrid Web Server
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
access-control-allow-origin: *
cache-control: no-cache, no-store
x-mode: 123
x-xss-protection: 1; mode=block
expires: -1

GET
H3-Q050 200 container.html Show response
3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame EED0 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Sat, 20 Mar 2021 18:46:34 GMT
expires: Sun, 20 Mar 2022 18:46:34 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 if Show response
a4p.adpartner.pro/tracker/ Frame DFC5 0
139 B 111ms
111ms Document
image/gif 91.134.109.141
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/tracker/if?data=%7B%22apuid%22%3A%22cdbc2668-de42-4bae-991f-98220decdcad%22%2C%22event%22%3A%22dry_real_show%22%2C%22ad_id%22%3A%5B%7B%22ad_id%22%3A0%2C%22rule_id%22%3A0%7D%5D%2C%22unit_id%22%3A1273%2C%22region_id%22%3A124%2C%22sub_region_id%22%3A0%2C%22city_id%22%3A0%2C%22apsid%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fsubject.com.ua%2F%22%7D
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.134.109.141 , France, ASN16276 (OVH, FR),
Reverse DNS: app-08.adpartner.pro
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: a4p.adpartner.pro
:scheme: https
:path: /tracker/if?data=%7B%22apuid%22%3A%22cdbc2668-de42-4bae-991f-98220decdcad%22%2C%22event%22%3A%22dry_real_show%22%2C%22ad_id%22%3A%5B%7B%22ad_id%22%3A0%2C%22rule_id%22%3A0%7D%5D%2C%22unit_id%22%3A1273%2C%22region_id%22%3A124%2C%22sub_region_id%22%3A0%2C%22city_id%22%3A0%2C%22apsid%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fsubject.com.ua%2F%22%7D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: subject.com.ua_ref=; apuid=cdbc2668-de42-4bae-991f-98220decdcad; apudmg=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Sat, 20 Mar 2021 18:46:34 GMT
content-type: image/gif
content-length: 0
cache-control: no-cache, no-store, must-revalidate no-store no-transform
expires: 0
pragma: no-cache

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
242 B 127ms
127ms XHR
text/html 144.217.66.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.66.206 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns535844.ip-144-217-66.net
Software: nginx/1.19.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 20 Mar 2021 18:46:34 GMT
Server: nginx/1.19.2
Connection: keep-alive
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
242 B 189ms
127ms XHR
text/html 144.217.66.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.66.206 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns535844.ip-144-217-66.net
Software: nginx/1.19.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 20 Mar 2021 18:46:34 GMT
Server: nginx/1.19.2
Connection: keep-alive
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
242 B 245ms
122ms XHR
text/html 144.217.66.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.66.206 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns535844.ip-144-217-66.net
Software: nginx/1.19.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 20 Mar 2021 18:46:34 GMT
Server: nginx/1.19.2
Connection: keep-alive
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html

GET
H/1.1 200
OK pixel.gif
track.vdo.ai/ 43 B
236 B 132ms
131ms Image
image/gif 51.79.79.82
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.vdo.ai/pixel.gif?domainName=subject.com.ua&tagName=subject&event=pageview&uid=d8c0c145-4206-4bd5-8628-b23c81aba7c4&t=1616265994489
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.79.82 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns568735.ip-51-79-79.net
Software: nginx/1.12.2 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:34 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 8ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=396961267&t=event&_s=5&dl=https%3A%2F%2Fsubject.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%92%D1%81%D1%96%20%D0%BF%D1%80%D0%B5%D0%B4%D0%BC%D0%B5%D1%82%D0%B8%20-%20%D0%92%D0%B5%D0%BB%D0%B8%D0%BA%D0%B8%D0%B9%20%D0%B4%D0%BE%D0%B2%D1%96%D0%B4%D0%BD%D0%B8%D0%BA%20%D1%88%D0%BA%D0%BE%D0%BB%D1%8F%D1%80%D0%B0&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=video&ea=pageview&el=subject&_u=KEDAAUABAAAAAC~&jid=&gjid=&cid=820006831.1616265993&tid=UA-113932176-30&_gid=1579695637.1616265993&gtm=2ou3a0&z=1718142365

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 10:33:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 29588
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pixel.gif
track.vdo.ai/ 43 B
236 B 168ms
117ms Image
image/gif 51.79.79.82
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.vdo.ai/pixel.gif?domainName=subject.com.ua&tagName=subject&event=website_pageview&uid=d8c0c145-4206-4bd5-8628-b23c81aba7c4&t=1616265994491
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.79.82 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns568735.ip-51-79-79.net
Software: nginx/1.12.2 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:34 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 8ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=396961267&t=event&_s=6&dl=https%3A%2F%2Fsubject.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%92%D1%81%D1%96%20%D0%BF%D1%80%D0%B5%D0%B4%D0%BC%D0%B5%D1%82%D0%B8%20-%20%D0%92%D0%B5%D0%BB%D0%B8%D0%BA%D0%B8%D0%B9%20%D0%B4%D0%BE%D0%B2%D1%96%D0%B4%D0%BD%D0%B8%D0%BA%20%D1%88%D0%BA%D0%BE%D0%BB%D1%8F%D1%80%D0%B0&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=video&ea=website_pageview&el=subject&_u=KEDAAUABAAAAAC~&jid=&gjid=&cid=820006831.1616265993&tid=UA-113932176-30&_gid=1579695637.1616265993&gtm=2ou3a0&z=926615291

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 19:41:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 83109
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 9ms
7ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=396961267&t=event&_s=7&dl=https%3A%2F%2Fsubject.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%92%D1%81%D1%96%20%D0%BF%D1%80%D0%B5%D0%B4%D0%BC%D0%B5%D1%82%D0%B8%20-%20%D0%92%D0%B5%D0%BB%D0%B8%D0%BA%D0%B8%D0%B9%20%D0%B4%D0%BE%D0%B2%D1%96%D0%B4%D0%BD%D0%B8%D0%BA%20%D1%88%D0%BA%D0%BE%D0%BB%D1%8F%D1%80%D0%B0&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=video&ea=began_atf&el=subject&_u=KEDAAUABAAAAAC~&jid=&gjid=&cid=820006831.1616265993&tid=UA-113932176-30&_gid=1579695637.1616265993&gtm=2ou3a0&z=1673072067

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 Mar 2021 18:55:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 85869
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 15F2 36 KB
12 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 1384
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Sat, 20 Mar 2021 19:23:30 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D3B0
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
110 B

38ms
38ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUk9uny4YnGVogtYZgztArLr4DhT_8x9lmiiZ4SOGpS0SeGyWNQHbD5O5S4DVKw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 20 Mar 2021 18:46:34 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 20-Mar-2021 19:46:34 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 20 Mar 2021 18:46:34 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 20 Mar 2021 18:46:34 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8E99 478 B
255 B 17ms
17ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPL6BhCr7HQY3cXsngEwAQ&v=APEucNWOIbUvODHtj-tgzONfZZ6zprWKV5zUUzGoW7r6Bh8iCijHbhHTukklCsD-CxMXtdTCDQ8FsTkH2xgGnytnDG3NbKkReA

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPL6BhCr7HQY3cXsngEwAQ&v=APEucNWOIbUvODHtj-tgzONfZZ6zprWKV5zUUzGoW7r6Bh8iCijHbhHTukklCsD-CxMXtdTCDQ8FsTkH2xgGnytnDG3NbKkReA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUk9uny4YnGVogtYZgztArLr4DhT_8x9lmiiZ4SOGpS0SeGyWNQHbD5O5S4DVKw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 20 Mar 2021 18:46:34 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame ABC7 17 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:28:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1073
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:28:41 GMT

GET
H3-Q050 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/ Frame ABC7 6 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0dc4093b6b9286ebfc6c728ddd3a70812a726d79d6f41d60a506fd5b93c4929c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:15:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1848
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2661
x-xss-protection: 0
server: cafe
etag: 7752240862628680351
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:15:46 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame ABC7 0
575 B 147ms
75ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvdqb0IiT9BBVgw6MAq-gBNV5-a01iGmAnY0q0kulOZdAf-ILxq3_aHO9ZQb8Cpcxa0F8rHOHhD85aHDUpJlU8dTYPTiRZGTwghMMrF8AqBqGqaD7D9s_eYZf9hKJbOUDvXO370B8WxDRsVn_puMky9a7XT6kUmLQ9yoIgI1YqTwyX51j9j1y144V16B4AZgpDTF8V5Eot8l9gPi6zWBOL2UfBkjqfmZ4MCDgiItxdnQeEAG74oS62IQEeBGl5RN3yNWDDk-ODXoLecaATUx9qLfKdE3te8Y5DMbx_8p8JonGHFYzT5Nx-luJVxxISGojgMjihNzvU4xPEjIYtyG0QkgJdTGpB1O0h6nlfSxPdtFLz_5bROfHplvL3mJaLNzEndvz_CYRcymo2Ke5g02zUur2w3qv1uWXup6-LyTW5__YMNis2c9LY9546XGblWlyvjEdSLBlTdRmNBSmllYXm_TALzeEUIi4frWkgcUbiSmuKBNSwxNMfywbpvLIFXhkJW_5o6YtmXBnNcKl7cRFNJncdqszH2I_7p5Yy6JcoZjKXVqHyu-9GX2EurIh7cfyKw_PcEa5g0m7inXsM006doTY4ucMsvssB-4AcRrquW0hh82edV4LvO0mCQI4k1gKKwqO9XwCqu65MXF-8WFTV2W-cAiLpge144mS7OMmRtW88cBLNtwchd6MNqdOVOzyC9sD43NhenYhxpZ1tXnRmdZvVHh07nf5Huw9Gx2ir4IR1eXU-Tl_tEsEtaB_-vh6JUx5QtPzUhKYuL81WsPcnOYdD5_X68Gmqq08eBz2rY9KTfWquW2MjgTSSvzd1romcP4PcqtR3UHmgQX6pHaQTC_9GjRClwJDHQcRTUIBU0Xkl_-UyrA-V1atWwkgjpZ1FR_xTMeSgjcDTtVrtFUL_Aboi57lXAHRKLilCUh50ECE6kLW85yuloCUak1R9nk0KVg9bohKpDfa9PPdyPUq-9sVuavYZwx-lqir319ungY-7sba1xk1E-6Lz6m-hDwxyLkTlLSR5Ne9Kwfj-E6aTBoAdbBeE4ZW5oi94afcPLg6XQksfkjFLEABnGMXm5raCOMNIUOsqOwLxW4pTubSLX7YoCsDoyN-XnN971Z6vqRKGPTSQInXTmxflA59vgJeumdv2zrQulsSftnyFs1I9Jo7D5h-xWi7_oG96uyA8CdNLt&sai=AMfl-YTRf---aekh8FpYYnZd7C2gXeGneSCafKMUysns1wTgUay1SLDM_b9Mn3jYx731sAT19XQNla5rfOLOeyubF0xAJb130Ec7Q7so3uz2HH2IzeLXLa0M14Iuhj9ELnaHfvOtaf4qy5PAkCUhru6QRbg-snPuX2_K6h-ggSi3upIE8UAfDF9g7oGSaKvrW6fxUllJs-BZMtuVqxbzgG_NRE0oE0hYFzFO1n7uZ5-96U7wBimwRooXQkgajJiwFWr60X9FRXzfYY_sM3uNWAUy2om2vmHbVUs&sig=Cg0ArKJSzOXQnYSoA58_EAE&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210316.81614&adurl=

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 20 Mar 2021 18:46:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame ABC7 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:43:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115375
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 10:43:39 GMT

GET
H3-Q050 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame ABC7 42 B
154 B 40ms
39ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BvHjKzpoEQGEECzNWi6x6OStpmoASYkPtQ745_l-kQaNaHJsPGtdJksdDo-zcVQQLb8bg3XFjqgvk4gzhTJZh-ZAbSDpTY3pEQgGV3Lk_dUJe4YRQ

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame ABC7 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:45:18 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame ABC7 117 KB
36 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:34 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame ABC7 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:41:57 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame ABC7 0
0 16ms
14ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTg-OtThFjsa1iel6FuSTOXANjJya09qA1OkIBad-96FSYimHw2u9J-nj2lPUGkWZntbvVe_JVhJbccCwDeThjcMS6olQ
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 18371461718272656792
s0.2mdn.net/simgad/ Frame ABC7 164 KB
164 KB 36ms
22ms Image
image/gif 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/18371461718272656792

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

844d7dd2580c6b39f0bb1593a46fad4479de1d5136aec2e12ddebbab6108d8bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 08:09:23 GMT
x-content-type-options: nosniff
age: 211031
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 167814
x-xss-protection: 0
last-modified: Mon, 01 Mar 2021 16:40:57 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Mar 2022 08:09:23 GMT

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame B738 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 13:05:00 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 106894
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 13:05:00 GMT

GET
H3-Q050 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C19E 478 B
252 B 16ms
16ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQpK2PAhjngfeeATAB&v=APEucNUZWUtMdSGm45rGw6mY_TufQnarwSAKFslG0ygTlk6nwZNO6uohMeRHGy83JZvpyXDg9Wr_1hXvInx_9Qb1KuHKmmxAAg

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPTQ7wEQpK2PAhjngfeeATAB&v=APEucNUZWUtMdSGm45rGw6mY_TufQnarwSAKFslG0ygTlk6nwZNO6uohMeRHGy83JZvpyXDg9Wr_1hXvInx_9Qb1KuHKmmxAAg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUk9uny4YnGVogtYZgztArLr4DhT_8x9lmiiZ4SOGpS0SeGyWNQHbD5O5S4DVKw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 20 Mar 2021 18:46:34 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame EED0 54 KB
22 KB 43ms
40ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B8EG0JKA-0yQLSdwjL-vF_M8e2sRdZuM1pWF5lDcFXkS4eFHMtAxa-jzXmzaRrLME8fwjF1jlqokCZqRLdkKz8itO_VmXf5Oj6fwU2_iNA1q5FpsgiXDGm4ooi_4kgRlgYfODORi_EDEF30rSRNzKrqjz7JQ&dbm_d=AKAmf-BuOXxHm3lfeORLOBtlgSabUWlqZ5vTWUItuEnULaBZhOgYwgQvOXAJXfxjckG2r-AEPDFLAkrzv5NDrzMTFuujFlg6_ZjKRGBs5G1YxAlWRn96AU9rPCjEVnyNSBdsjd4e_qyhp-VWJjEN-WTXwj-oH1-BCBJTxIZySmFgEP4unBrDAYiUQ0npV8gtPfAhL7-oADxlsgjOrnP17uWVDe2eB_JbL32X9L80a9bSWqImxgZ5i9iNZBVP0V__cAWCCODAvTh_Q2ErOlzX-c3iCkDNCHMTWy6vzBKgUcaa1VHDggJb2O1LwdGlD4vXzp_HjjONEp0ziBNYoBuNCzTN2Kl2pIsDNh19x2fpVhfkmes_CDnRe-hUyGCkdRvcHmXB44wZKlQda9cG2Qhx-rtzFoT0uMAY6Vxx10nwGpgKQHbRpFV57wGzknStuheD5PFxiu6X-cFfAhfZ7ZNs-DhVbyZvD3lfGMXPBY8k3LG06l2DLy2u_hRV5F35rr6fv8QJ8gdzvGlERVywh90E5ftysX5LT1j9VI9Qp_wTysU-Gb3r8wUT6Ht76vMYuFq1LRc-3OMSZ7gBb34jSaUHya07fXxyWZa9PNEKNaPNfm3VjEH64qY6j3hmT7lxSfWYZiNIYp0H_4iUrl0-eF4noBvcvYuT6GUPDOVX1H6TgEwKvs-f1IQJpeXRD1fM0Q7zOFregBuQq_SL6AYOMV7dlj5N83YJ_hIIqreTT2WzTjwTXOs9z0VtW-4uJ6oROa4MG69CmR99cQLYjVTkxJbkGxOfOeRf1sPc9W6PyNvUYESqPjnqOLZXVGF5GqYAvEiHKJ5XW4QUPxX9KXT9PbAXi7erdESsbW73_P3aq0HeUccnbY2iCWvt-vZyspYVrdVbhXGit8V0aRb6dd8FHGc2qPT6P-efAcZZip6ar_HyjrbWq6ZztDbMp-anwibLCadgOUq3c9IwnA0YgKbgJCT0ET4xDuEuLujgVywp2x94pSmrU_d6MJhFOPciZna0MoH6xy_iSgsQRj4dz2QemkgjtXfS3ydEWobhSwN4sWJuaOxHHvxBL3bHrJO_IPFvd6FgDIXKmQfyzuW_fF-vBoYBnJCRmbENmny_pb0sBvKZK7szXKKOTIKeVz_nRbftwnMHQ7sg3eNZ1VPEVHpKGGykUv5-yUBUHE59sdQkHJgihqNs6cfoSZHc3p-uIvC3uWS0_VTUfg-TnhyqDvioBzB0i9dmJNRyspl8nyUVfl0X-e93ietEQDDVIkU1c9RGrxxqkUQ_dGkuwg3vI7X2LiwgBRALml42tllriyDesNQQcZuqC78VsQxUdgJArWSZVsf2AaGL86Nczos1h_IAIICgGuyQsm1CLZoMKTu5z1RAFErmNWRYu22Sx-8V-sS3zYnw9Xmn7ENhiTwJi9zJlv_iE8KYR9QqCrG3SCr7gtV8I_HYgmvHvd6LW74CIdEtyCnHo-8MeguoebqYAALYzyZmLcWFEzr8Bl4njo66kNtf9rv1L5mon_8HZKtzm-q17b-V90H9QpY3sC3HQeJ-sHqwMa1sia3NTFMv82ipKHBunj_piuHJp_QFifbuoy6O-coPNT4A-7q6ZCprMVLP2IGVZ4HOpAE0vesFs-5SeOenjvyB6RwwB7Q39j3fEu9Eses59YhKyRVn2lPhORy3LDXEunL-ZqbcVSyiSO7auxak0livudsCdZVGNy7vxvIdg3ZbvMH1IC-fjh3w0NIBexnve0Ba8huDC85R54NBOAm0BmsnPtg3MX2H5RSkRzp2UWb7VRMn6mhisMiLoCdSaJD3Mx_WzmFguXVd2hevu8iRrNTnSnJSEpY2hLPTWPRrn4ywN2aSDkiz0N-Groedx-mQi3qL3du5UUvo1aNtHlS7vajo0sM13TxmV5UKl4KlW2feBpCxwNmhfrHNNxS25dNdlm_cClZug6yLAJ9ZZvA-1eUblVay5hmQ4fB61UnEgQ6GikhEYog6cJxOWfqbwNYNJ3H1wu28P9jmXHq5aNzCKUa3vqMYvgnXX3EDjnS0AtCEwhVqqadM7K6TxFBSYPIU5AfKHeN1s7OL-qQek3nz_SGas2ld3wD177iKHWQxqLeOElQkxqZKUFlf95QG5VVO48kpnihftXJ2Ay_Bc6c6uzZebObpAEJmRadX_g52ZnlN5bWMTbmqbIy2gTCIENfxwmdm0oIE2C_n94e6ROaB5fKfZAnkHulLc_zouXANvWWeOcjxCc7t0i83fiE7nG7Jqc2BOuPVesYkRAvfckkq8ONVj9CZ8SNLdyUg6fPOcCFkti6CdFReLN4wT1JNhk6as3VRRjwoiRO-ex7aTvmdG1xLr0FSIGVeqEYLkWZ6LWqTlkCNFKiooESXL82_rxxH8vtz0Xs51WqlniR1ASxcQuiPsuYOTlXyjSf3elVIjOIUjrxoXpAizunK1FJk90bacPXoNQWwHKaizQGu5Q_HT9bTH1j3cPo6LeS57opdJFmd3hrrVwZTdmEOjOUHsyUe7v_4kU2Lv2LnzIhYLi7esirv9aQwqRRyHQrdbtjSIwJPzoNcQdAIIHqT68uKb5G8PWq9G_R8EANFuTtAMZcfIeDLAT5RUIFuyI-qOIn_Q5iYOPwt5ABdeZOV1WcZNY98p4VGRhB8oys2VYATBA7Mtf2vU1-4vW5eRWkMS5DQR1di7IbEuPh0VAHoKfLlMtRZyvjxwGZXpfe0DdtyTjsWRzJpjb6xhktY5IUPf5s68WShBDmuhC7Mb-osSYgeRgMrPUpYlmN9B8MaNPr-HXJ-an2hFVJ-qEZX780NI1_rGn9CUZPyAzbNGkqd42NJ_3BYVIEVKsokfRnChZbuHnUxcQEdlpqWurTZhOz4Ds735Me9sa3uFlifUYrSfGzL7FNiA52-g31kJkhT_XrgiPU3FzmArloeuRY71F2jD-EIx7eq4fiOQcG-CFmIghxAIbl8Jf5BP34ijitT6KlXzHN15a7NH2ZjydAgaNIKEudnSLueV24SN-i34ArKO8IdO_UYgUYjMeW0l6oi4ViXUgxRtCyn7pTpfoeDrGRLW9IL_jLx7D66Gs6hBntO8bHH_iRerZ9UoWr0YUMglVA53iQc_j1ltQoGiLFTbOyfOwysbPIUIXYnvxIgdTfT3eZYNx4ZN9USCOAGNrWJWMoJtz6KExkkvQruoG5l8UmLyq_bkgmdlVMy83VXA208&cid=CAASEuRomdZTvRMCN-OSLgnFCfBNKw&rfl=1%2Chttps%253A%252F%252Fsubject.com.ua%252F%240

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e48477bb9b7edfe30d7016ff0ccfb7c21573d1559b1719b10341819273f7ad8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22291
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EED0 42 B
65 B 45ms
41ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Dxy7mmU0DA6SV3xQiEu7JuQzq5yAe5ixFLaeiJF_rZPeXGPI2jy6xjPUa3NHlWutv479VPtGdcbre8DKpNiJV_viwfKPuAPn6EYPH_rGIOF4pS6ps

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame EED0 2 KB
1 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:45:18 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EED0 117 KB
36 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:34 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame EED0 13 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:41:57 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame EED0 0
0 18ms
15ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTxgEfGWbVB0l_YionRMdsab11F_iGSuCQGW4-9GkTiqNnzRygCRKc4XXU3MW-vpHPODjuDkIqXbBHhrsxYQR5y3H_vSA
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5323 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 19 Mar 2021 10:43:39 GMT
expires: Sat, 19 Mar 2022 10:43:39 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 115375
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0AC2 1 KB
853 B 7ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 20 Mar 2021 16:59:40 GMT
expires: Sun, 21 Mar 2021 16:59:40 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 6414
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame ABC7 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 75e948b29f67bbe975ea4b721535792a8f164739045681f24d0c53f941e0eda9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 8E99 170 B
506 B 149ms
48ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPL6BhCr7HQY3cXsngEwAQ&v=APEucNWOIbUvODHtj-tgzONfZZ6zprWKV5zUUzGoW7r6Bh8iCijHbhHTukklCsD-CxMXtdTCDQ8FsTkH2xgGnytnDG3NbKkReA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8E99
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1Vtue7FoHc_s4ig0urZD0&google_cver=1

43 B
1014 B

98ms
43ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1Vtue7FoHc_s4ig0urZD0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPL6BhCr7HQY3cXsngEwAQ&v=APEucNWOIbUvODHtj-tgzONfZZ6zprWKV5zUUzGoW7r6Bh8iCijHbhHTukklCsD-CxMXtdTCDQ8FsTkH2xgGnytnDG3NbKkReA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:34 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1Vtue7FoHc_s4ig0urZD0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8E99
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1

43 B
1014 B

51ms
51ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPL6BhCr7HQY3cXsngEwAQ&v=APEucNWOIbUvODHtj-tgzONfZZ6zprWKV5zUUzGoW7r6Bh8iCijHbhHTukklCsD-CxMXtdTCDQ8FsTkH2xgGnytnDG3NbKkReA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:35 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame EED0 111 KB
39 KB 32ms
19ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:58:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74899
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Mar 2021 21:58:15 GMT

GET
H3-Q050 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/ Frame EED0 8 KB
3 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B8EG0JKA-0yQLSdwjL-vF_M8e2sRdZuM1pWF5lDcFXkS4eFHMtAxa-jzXmzaRrLME8fwjF1jlqokCZqRLdkKz8itO_VmXf5Oj6fwU2_iNA1q5FpsgiXDGm4ooi_4kgRlgYfODORi_EDEF30rSRNzKrqjz7JQ&dbm_d=AKAmf-BuOXxHm3lfeORLOBtlgSabUWlqZ5vTWUItuEnULaBZhOgYwgQvOXAJXfxjckG2r-AEPDFLAkrzv5NDrzMTFuujFlg6_ZjKRGBs5G1YxAlWRn96AU9rPCjEVnyNSBdsjd4e_qyhp-VWJjEN-WTXwj-oH1-BCBJTxIZySmFgEP4unBrDAYiUQ0npV8gtPfAhL7-oADxlsgjOrnP17uWVDe2eB_JbL32X9L80a9bSWqImxgZ5i9iNZBVP0V__cAWCCODAvTh_Q2ErOlzX-c3iCkDNCHMTWy6vzBKgUcaa1VHDggJb2O1LwdGlD4vXzp_HjjONEp0ziBNYoBuNCzTN2Kl2pIsDNh19x2fpVhfkmes_CDnRe-hUyGCkdRvcHmXB44wZKlQda9cG2Qhx-rtzFoT0uMAY6Vxx10nwGpgKQHbRpFV57wGzknStuheD5PFxiu6X-cFfAhfZ7ZNs-DhVbyZvD3lfGMXPBY8k3LG06l2DLy2u_hRV5F35rr6fv8QJ8gdzvGlERVywh90E5ftysX5LT1j9VI9Qp_wTysU-Gb3r8wUT6Ht76vMYuFq1LRc-3OMSZ7gBb34jSaUHya07fXxyWZa9PNEKNaPNfm3VjEH64qY6j3hmT7lxSfWYZiNIYp0H_4iUrl0-eF4noBvcvYuT6GUPDOVX1H6TgEwKvs-f1IQJpeXRD1fM0Q7zOFregBuQq_SL6AYOMV7dlj5N83YJ_hIIqreTT2WzTjwTXOs9z0VtW-4uJ6oROa4MG69CmR99cQLYjVTkxJbkGxOfOeRf1sPc9W6PyNvUYESqPjnqOLZXVGF5GqYAvEiHKJ5XW4QUPxX9KXT9PbAXi7erdESsbW73_P3aq0HeUccnbY2iCWvt-vZyspYVrdVbhXGit8V0aRb6dd8FHGc2qPT6P-efAcZZip6ar_HyjrbWq6ZztDbMp-anwibLCadgOUq3c9IwnA0YgKbgJCT0ET4xDuEuLujgVywp2x94pSmrU_d6MJhFOPciZna0MoH6xy_iSgsQRj4dz2QemkgjtXfS3ydEWobhSwN4sWJuaOxHHvxBL3bHrJO_IPFvd6FgDIXKmQfyzuW_fF-vBoYBnJCRmbENmny_pb0sBvKZK7szXKKOTIKeVz_nRbftwnMHQ7sg3eNZ1VPEVHpKGGykUv5-yUBUHE59sdQkHJgihqNs6cfoSZHc3p-uIvC3uWS0_VTUfg-TnhyqDvioBzB0i9dmJNRyspl8nyUVfl0X-e93ietEQDDVIkU1c9RGrxxqkUQ_dGkuwg3vI7X2LiwgBRALml42tllriyDesNQQcZuqC78VsQxUdgJArWSZVsf2AaGL86Nczos1h_IAIICgGuyQsm1CLZoMKTu5z1RAFErmNWRYu22Sx-8V-sS3zYnw9Xmn7ENhiTwJi9zJlv_iE8KYR9QqCrG3SCr7gtV8I_HYgmvHvd6LW74CIdEtyCnHo-8MeguoebqYAALYzyZmLcWFEzr8Bl4njo66kNtf9rv1L5mon_8HZKtzm-q17b-V90H9QpY3sC3HQeJ-sHqwMa1sia3NTFMv82ipKHBunj_piuHJp_QFifbuoy6O-coPNT4A-7q6ZCprMVLP2IGVZ4HOpAE0vesFs-5SeOenjvyB6RwwB7Q39j3fEu9Eses59YhKyRVn2lPhORy3LDXEunL-ZqbcVSyiSO7auxak0livudsCdZVGNy7vxvIdg3ZbvMH1IC-fjh3w0NIBexnve0Ba8huDC85R54NBOAm0BmsnPtg3MX2H5RSkRzp2UWb7VRMn6mhisMiLoCdSaJD3Mx_WzmFguXVd2hevu8iRrNTnSnJSEpY2hLPTWPRrn4ywN2aSDkiz0N-Groedx-mQi3qL3du5UUvo1aNtHlS7vajo0sM13TxmV5UKl4KlW2feBpCxwNmhfrHNNxS25dNdlm_cClZug6yLAJ9ZZvA-1eUblVay5hmQ4fB61UnEgQ6GikhEYog6cJxOWfqbwNYNJ3H1wu28P9jmXHq5aNzCKUa3vqMYvgnXX3EDjnS0AtCEwhVqqadM7K6TxFBSYPIU5AfKHeN1s7OL-qQek3nz_SGas2ld3wD177iKHWQxqLeOElQkxqZKUFlf95QG5VVO48kpnihftXJ2Ay_Bc6c6uzZebObpAEJmRadX_g52ZnlN5bWMTbmqbIy2gTCIENfxwmdm0oIE2C_n94e6ROaB5fKfZAnkHulLc_zouXANvWWeOcjxCc7t0i83fiE7nG7Jqc2BOuPVesYkRAvfckkq8ONVj9CZ8SNLdyUg6fPOcCFkti6CdFReLN4wT1JNhk6as3VRRjwoiRO-ex7aTvmdG1xLr0FSIGVeqEYLkWZ6LWqTlkCNFKiooESXL82_rxxH8vtz0Xs51WqlniR1ASxcQuiPsuYOTlXyjSf3elVIjOIUjrxoXpAizunK1FJk90bacPXoNQWwHKaizQGu5Q_HT9bTH1j3cPo6LeS57opdJFmd3hrrVwZTdmEOjOUHsyUe7v_4kU2Lv2LnzIhYLi7esirv9aQwqRRyHQrdbtjSIwJPzoNcQdAIIHqT68uKb5G8PWq9G_R8EANFuTtAMZcfIeDLAT5RUIFuyI-qOIn_Q5iYOPwt5ABdeZOV1WcZNY98p4VGRhB8oys2VYATBA7Mtf2vU1-4vW5eRWkMS5DQR1di7IbEuPh0VAHoKfLlMtRZyvjxwGZXpfe0DdtyTjsWRzJpjb6xhktY5IUPf5s68WShBDmuhC7Mb-osSYgeRgMrPUpYlmN9B8MaNPr-HXJ-an2hFVJ-qEZX780NI1_rGn9CUZPyAzbNGkqd42NJ_3BYVIEVKsokfRnChZbuHnUxcQEdlpqWurTZhOz4Ds735Me9sa3uFlifUYrSfGzL7FNiA52-g31kJkhT_XrgiPU3FzmArloeuRY71F2jD-EIx7eq4fiOQcG-CFmIghxAIbl8Jf5BP34ijitT6KlXzHN15a7NH2ZjydAgaNIKEudnSLueV24SN-i34ArKO8IdO_UYgUYjMeW0l6oi4ViXUgxRtCyn7pTpfoeDrGRLW9IL_jLx7D66Gs6hBntO8bHH_iRerZ9UoWr0YUMglVA53iQc_j1ltQoGiLFTbOyfOwysbPIUIXYnvxIgdTfT3eZYNx4ZN9USCOAGNrWJWMoJtz6KExkkvQruoG5l8UmLyq_bkgmdlVMy83VXA208&cid=CAASEuRomdZTvRMCN-OSLgnFCfBNKw&rfl=1%2Chttps%253A%252F%252Fsubject.com.ua%252F%240

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 212
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:43:02 GMT

GET
H3-Q050 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame EED0 21 KB
8 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70d82c6075989e0082b4917c6685f5f6bec1e673d0a80160eac61b3f1cdcb1a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8471
x-xss-protection: 0
server: cafe
etag: 753583566593306265
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:46:32 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame C19E 170 B
232 B 131ms
48ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQpK2PAhjngfeeATAB&v=APEucNUZWUtMdSGm45rGw6mY_TufQnarwSAKFslG0ygTlk6nwZNO6uohMeRHGy83JZvpyXDg9Wr_1hXvInx_9Qb1KuHKmmxAAg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C19E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1Vtue7FoHc_s4ig0urZD0&google_cver=1

43 B
1014 B

53ms
52ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1Vtue7FoHc_s4ig0urZD0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQpK2PAhjngfeeATAB&v=APEucNUZWUtMdSGm45rGw6mY_TufQnarwSAKFslG0ygTlk6nwZNO6uohMeRHGy83JZvpyXDg9Wr_1hXvInx_9Qb1KuHKmmxAAg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:34 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI1Vtue7FoHc_s4ig0urZD0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C19E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1

43 B
1014 B

42ms
42ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQpK2PAhjngfeeATAB&v=APEucNUZWUtMdSGm45rGw6mY_TufQnarwSAKFslG0ygTlk6nwZNO6uohMeRHGy83JZvpyXDg9Wr_1hXvInx_9Qb1KuHKmmxAAg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:35 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame ABC7 0
515 B 182ms
78ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050 200 container.html Show response
3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame FBBC 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Sat, 20 Mar 2021 18:46:34 GMT
expires: Sun, 20 Mar 2022 18:46:34 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame EED0 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:43:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115375
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 10:43:39 GMT

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D93C 1 KB
902 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 20 Mar 2021 16:59:40 GMT
expires: Sun, 21 Mar 2021 16:59:40 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 6414
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame EED0 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b7a0a870c967d7980a866cfb1f373e2f8dfd297222d5c8142568ee6b716a615

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0AC2
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECP-42kTsV2SWkKqd0YyXvo&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECP-42kTsV2SWkKqd0YyXvo&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cW0xcU1OWlExTG5HQ201&google_gid=CAESECP-42kTsV2SWkKqd0YyXvo&google_cver=1&google_push=AQvitULALhXUUZocrptrWbVyaiRLqUdWMft0TnFsVqP2vHj...

170 B
190 B

52ms
52ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cW0xcU1OWlExTG5HQ201&google_gid=CAESECP-42kTsV2SWkKqd0YyXvo&google_cver=1&google_push=AQvitULALhXUUZocrptrWbVyaiRLqUdWMft0TnFsVqP2vHjOJTgPkRz2TqPl6yY1bn5eN2zzUFhjiagUadF2s5rMDwqXIQsspfks

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:34 GMT
Server: PingMatch/v2.0.30-632-ga311aad#rel-ec2-master i-0ab29fc25246f26bf@eu-central-1b@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cW0xcU1OWlExTG5HQ201&google_gid=CAESECP-42kTsV2SWkKqd0YyXvo&google_cver=1&google_push=AQvitULALhXUUZocrptrWbVyaiRLqUdWMft0TnFsVqP2vHjOJTgPkRz2TqPl6yY1bn5eN2zzUFhjiagUadF2s5rMDwqXIQsspfks
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0AC2
Redirect Chain

https://px.adhigh.net/p/gm/rub?google_gid=CAESEAV4cM6ZDbbhF9jw0Hn9cmE&google_cver=1&google_push=AQvitULvc2G0S6yODUmRCixRqQ_qPfLkYBH7tQ7e4QUjb0zUEWycEOjDV06RwjZfXExovzF2v_3oUoYw6N71BRxtEd__kasLkhVU
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitULvc2G0S6yODUmRCixRqQ_qPfLkYBH7tQ7e4QUjb0zUEWycEOjDV06RwjZfXExovzF2v_3oUoYw6N71BRxtEd__kasLkhVU&google_hm=YSaTCuDg8xoAAikABlF4UPX...

170 B
190 B

65ms
65ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitULvc2G0S6yODUmRCixRqQ_qPfLkYBH7tQ7e4QUjb0zUEWycEOjDV06RwjZfXExovzF2v_3oUoYw6N71BRxtEd__kasLkhVU&google_hm=YSaTCuDg8xoAAikABlF4UPXiGg%3D%3D

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
server: nginx
access-control-allow-origin: *
x-backend-id: f5-ru
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitULvc2G0S6yODUmRCixRqQ_qPfLkYBH7tQ7e4QUjb0zUEWycEOjDV06RwjZfXExovzF2v_3oUoYw6N71BRxtEd__kasLkhVU&google_hm=YSaTCuDg8xoAAikABlF4UPXiGg%3D%3D
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0AC2
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEOajlbXR782FIXwHlIZB6jI&google_cver=1&google_push=AQvitUJ_p0EROtvc9nhRShup_495yLpAjhLiSYMqpxyKPK1G37NKcAyDUQfYw1A537Ld-Wm9v0aYEP3_fnFjsd3XkRsF...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEOajlbXR782FIXwHlIZB6jI&google_cver=1&google_push=AQvitUJ_p0EROtvc9nhRShup_495yLpAjhLiSYMqpxyKPK1G37NKcAyDUQfYw1A537Ld-Wm9v0aYEP3_fnFjsd...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUJ_p0EROtvc9nhRShup_495yLpAjhLiSYMqpxyKPK1G37NKcAyDUQfYw1A537Ld-Wm9v0aYEP3_fnFjsd3XkRsFQd7y0QSt&google_hm=yZQh-f8QSA-KjCNMSAa4cQ==

170 B
190 B

54ms
53ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUJ_p0EROtvc9nhRShup_495yLpAjhLiSYMqpxyKPK1G37NKcAyDUQfYw1A537Ld-Wm9v0aYEP3_fnFjsd3XkRsFQd7y0QSt&google_hm=yZQh-f8QSA-KjCNMSAa4cQ==

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUJ_p0EROtvc9nhRShup_495yLpAjhLiSYMqpxyKPK1G37NKcAyDUQfYw1A537Ld-Wm9v0aYEP3_fnFjsd3XkRsFQd7y0QSt&google_hm=yZQh-f8QSA-KjCNMSAa4cQ==
date: Sat, 20 Mar 2021 18:46:35 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0AC2
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEIk7ip3JfG3nH4WXpcO5dBA&google_cver=1&google_push=AQvitUJ8OciETz5s_hJJlf63W-yCEX7AuQ_Xr8qCROBtDVqol4BfBP8SbzEpmEQJH_1T3W8cq4vS0dq1KgXdeiTFy2hFTQQKe6ur
https://rtb.openx.net/sync/dds?google_gid=CAESEIk7ip3JfG3nH4WXpcO5dBA&google_cver=1&google_push=AQvitUJ8OciETz5s_hJJlf63W-yCEX7AuQ_Xr8qCROBtDVqol4BfBP8SbzEpmEQJH_1T3W8cq4vS0dq1KgXdeiTFy2hFTQQKe6ur&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ8OciETz5s_hJJlf63W-yCEX7AuQ_Xr8qCROBtDVqol4BfBP8SbzEpmEQJH_1T3W8cq4vS0dq1KgXdeiTFy2hFTQQKe6ur&google_hm=exx5qS2wyzUV-JvMi_hgiQ==

170 B
190 B

54ms
54ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ8OciETz5s_hJJlf63W-yCEX7AuQ_Xr8qCROBtDVqol4BfBP8SbzEpmEQJH_1T3W8cq4vS0dq1KgXdeiTFy2hFTQQKe6ur&google_hm=exx5qS2wyzUV-JvMi_hgiQ==

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ8OciETz5s_hJJlf63W-yCEX7AuQ_Xr8qCROBtDVqol4BfBP8SbzEpmEQJH_1T3W8cq4vS0dq1KgXdeiTFy2hFTQQKe6ur&google_hm=exx5qS2wyzUV-JvMi_hgiQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: iurhr46qbf1joh4fivr5qs0i9epk9rts

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0AC2
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAQvitUJbIYahfRDvsyFkiwVE9n4BDBVWTZ1aORK9Sml45BvGxkO4cmX5ZkcD_CdkqW9ESf9SV6FLLAWEvb...
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUJbIYahfRDvsyFkiwVE9n4BDBVWTZ1aORK9Sml45BvGxkO4cmX5ZkcD_CdkqW9ESf9SV6FLLAWEvbYp_rfckYDwC1ncB4p-&google_hm=5a2cc297-c910-4849-a0...

170 B
190 B

40ms
40ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUJbIYahfRDvsyFkiwVE9n4BDBVWTZ1aORK9Sml45BvGxkO4cmX5ZkcD_CdkqW9ESf9SV6FLLAWEvbYp_rfckYDwC1ncB4p-&google_hm=5a2cc297-c910-4849-a013-bf537a3591c2

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUJbIYahfRDvsyFkiwVE9n4BDBVWTZ1aORK9Sml45BvGxkO4cmX5ZkcD_CdkqW9ESf9SV6FLLAWEvbYp_rfckYDwC1ncB4p-&google_hm=5a2cc297-c910-4849-a013-bf537a3591c2
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0AC2
Redirect Chain

https://tg.socdm.com/rtb/sync_before?proto=google_ebda&google_gid=CAESENiG4tPH-j3h1jKAxsgJVTU&google_cver=1&google_push=AQvitUIRGRcGmWwpeZjXKMpSncDoa8OmnGAJ4BPCeOzGxTaQIy1cfaKIIbbA87ZWSUmn6sUE4G0ew...
https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AQvitUIRGRcGmWwpeZjXKMpSncDoa8OmnGAJ4BPCeOzGxTaQIy1cfaKIIbbA87ZWSUmn6sUE4G0ewX8OJdglWaVH8MBdPsQ11V0&google_hm=WUZaREM4Q284...

170 B
190 B

72ms
71ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AQvitUIRGRcGmWwpeZjXKMpSncDoa8OmnGAJ4BPCeOzGxTaQIy1cfaKIIbbA87ZWSUmn6sUE4G0ewX8OJdglWaVH8MBdPsQ11V0&google_hm=WUZaREM4Q284WXNBQUVrTFFxb0FBQUFB

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

X-SO-Cluster-ID: 23
Date: Sat, 20 Mar 2021 18:46:35 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/rtb\/sync_before?proto=google_ebda&google_gid=CAESENiG4tPH-j3h1jKAxsgJVTU&google_cver=1&google_push=AQvitUIRGRcGmWwpeZjXKMpSncDoa8OmnGAJ4BPCeOzGxTaQIy1cfaKIIbbA87ZWSUmn6sUE4G0ewX8OJdglWaVH8MBdPsQ11V0","cluster_id":23,"gdpr":false,"ipv4":"185.156.175.187","key":"YFZDC8Co8YsAAEkLQqoAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad215"}
X-SO-Ads-Time: 216
X-SO-Key: YFZDC8Co8YsAAEkLQqoAAAAA
Server: nginx
X-SO-Upstream-ID: m-ad215
P3P: CP="See also http://www.scaleout.jp/privacy/"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AQvitUIRGRcGmWwpeZjXKMpSncDoa8OmnGAJ4BPCeOzGxTaQIy1cfaKIIbbA87ZWSUmn6sUE4G0ewX8OJdglWaVH8MBdPsQ11V0&google_hm=WUZaREM4Q284WXNBQUVrTFFxb0FBQUFB
Cache-Control: private
X-SO-HostName: m-ad215.dc4p.scaleout.jp
Connection: keep-alive
Content-Length: 0
X-SO-LB-Hostname: m-tgng39.dc4p.scaleout.jp
X-SO-IP: 185.156.175.187

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0AC2
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEJHxR3k1wnHvQXyIkgkjuE0&google_cver=1&google_push=AQvitUJgeSYTl8Q3_KVW_UU2DfIX0E2kyhmF_ArJcp_JkI42S7-kaIW6rZvOBxtECYE-LO4rY58MnBWMdL86Uslj0-qPxfY...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AQvitUJgeSYTl8Q3_KVW_UU2DfIX0E2kyhmF_ArJcp_JkI42S7-kaIW6rZvOBxtECYE-LO4rY58MnBWMdL86Uslj0-qPxfY3sx4Csw&google_hm=NjM1MTc0O...

170 B
190 B

46ms
46ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AQvitUJgeSYTl8Q3_KVW_UU2DfIX0E2kyhmF_ArJcp_JkI42S7-kaIW6rZvOBxtECYE-LO4rY58MnBWMdL86Uslj0-qPxfY3sx4Csw&google_hm=NjM1MTc0ODAyNzQ4NTQ5OTIxOA==

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AQvitUJgeSYTl8Q3_KVW_UU2DfIX0E2kyhmF_ArJcp_JkI42S7-kaIW6rZvOBxtECYE-LO4rY58MnBWMdL86Uslj0-qPxfY3sx4Csw&google_hm=NjM1MTc0ODAyNzQ4NTQ5OTIxOA==
Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 0AC2 0
59 B 57ms
56ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JiE0c0DUPvrzKHHXaRxUjGEa4L8j4pigVRcQfW2pDgypWaXKVQoFst6-35eooYgKFjucnD0Q

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 qcWZRcRw4fq915xPB9DSJSeGn7Tspit4rZWzDhmsliY.js Show response
pagead2.googlesyndication.com/bg/ Frame 5323 14 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qcWZRcRw4fq915xPB9DSJSeGn7Tspit4rZWzDhmsliY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9c59945c470e1fabdd79c4f07d0d22527869fb4eca62b78ad95b30e19ac9626

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 08:01:09 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 38725
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5666
x-xss-protection: 0
expires: Sun, 20 Mar 2022 08:01:09 GMT

GET
H3-Q050 200 index.html Show response
s0.2mdn.net/9331698/472291887891528/SP21_CKU_FEM_HTML5_300x600-W-1/ Frame 74B5 73 KB
18 KB 7ms
6ms Document
text/html 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9331698/472291887891528/SP21_CKU_FEM_HTML5_300x600-W-1/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae5aebdb7092ff22db07635c693455667180828907ab6325e27d179171307a9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9331698/472291887891528/SP21_CKU_FEM_HTML5_300x600-W-1/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 18226
date: Sat, 20 Mar 2021 14:20:43 GMT
expires: Sun, 21 Mar 2021 14:20:43 GMT
last-modified: Tue, 02 Mar 2021 15:17:36 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=86400
age: 15951
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame EED0 0
74 B 89ms
88ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvDaXlgavTl0GtMxIjxDWiCZ1K0PhaJEN_A-X3GNYLZzVMnJHUBekpUL3HvFIQqtSgjsCzg4WbGIM8uBgckOwCSRUcfWca6kVNX8xrc2rt904nDvd7vKZ7GjFQqreyaYqIslrUdzrAGCiVXr-bOA-N4RyG2mGWu9ki-vXN06hXxqBqpmKPY-lVc-ljRBRS7cKFHHpr0KX0PDius7DgSLsP0dFhoiQYUC29GI3r8IDG0Sy1SGaq3FMIiOl3ugYcU400iPfMCrs6jOuqQ_AwoMMd_xUpjx--GP-4V7REcgp1jjfoLPqlIY7sOMl5BZUzcqnANn3nf6_0DdtLhaj1S0ZQrMQCrfGvpdoRnRWJSHxWihCe1UyYx1Q2G0SLAPyUDDSD8AkMdrOeAPclyB-eJwkysV9ub96ed_CdzmbaOLEib9_E43THuxDM9Ndec_isJcFWdc5voiU03OAcOt6AWzLKSXImAYvoiWQhCS50sCRBQTv5z4JNsQjf6JY1tTk6S-1zlF8vBGTRBLVla3ifZtYjOIG_TjjrOomZrWs9VppdoDr07MDYJt39cA7WkAjkmtdEQ8s3P139AM3wlKxQ7QjSt_FXGWcyorJbgjn_H0wtXwBi_Uo7SXgs6whjRtsmfgUVnUYiXK-ymWfYK89lvlgQBBk0fOgSmh50V1xkpvT5Gx4tyMDxvsOiQWSOP-SkfZmYOV-4brRzBnKt76ua6Jf3NbUREgLtZeLaG4M_XLR-oTAvv9rgiHLdosCJOhYZIhRwHgwPvlQmkuSSa7G1nP_G38q3QaXGOOAARjzC9nMZo-dzJrUIqg_EWH47bJ-erWoez9w-UUlMoqe623WaAJCmXarDYPnkQHBMG8q8azDq3WwKm4beo3yx0RTVciHyxFY0LvO7onheZgWXKo5g2cXetOkoKBS1F2cT5Px9AnzVNCkeuQAeEqQtbCNnzCQH8PYCxLzUSgyYUZ1Q2xlKq7foDfCNfX9WQ-8gs3VJjBfj6mbCN1n3wWJBJ1x2mCxYMEIbxozg-qFexmBbYUOAUPx7AumgvaxmArYOn3Ss9TbUDZbK4yUBgi_MQHnijjz8qfCoqK6QmU9Bei4f-rMLdCWR4K1_hbofZRB1ZkSqOWqoa1sjekBJPv0qfE8heIk0IPLUcmVrkluYZE4R3YfZQxzyyAXMu2dYG2radf-K6Bj4-j8OVKwI5LczcM9moEHslm_HNAXL_blrHa5YVu8MAiHE&sai=AMfl-YSRPV1PDP9fc1hOmKoLdEHjJPNKJMBDZHHLRCDCiz-WsIxDdcbNNCsPLx2U2SMHAtxfCDsovMZUy83w4r1hHCaci4ynBDVjG86f2pLF09klER_YspGVK5Uz41XzqIx_B2djHYBaYlqJRAccdO0AjBpwxfDWRg&sig=Cg0ArKJSzO1vqOFCMdRMEAE&urlfix=1&omid=0&rm=1&ctpt=148&cbvp=1&cstd=145&cisv=r20210316.11531&adurl=

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 20 Mar 2021 18:46:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0BE5 478 B
252 B 16ms
16ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQpK2PAhin-faeATAB&v=APEucNVO7Pz7wX3Dt6yn8aaEEKMzw8Tgq3AnQ4s--NVtrCighsOquvgJ05ewd1MiaNvGQuubwY71xQl5RwCC6pIlgnF76MV5oA

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPTQ7wEQpK2PAhin-faeATAB&v=APEucNVO7Pz7wX3Dt6yn8aaEEKMzw8Tgq3AnQ4s--NVtrCighsOquvgJ05ewd1MiaNvGQuubwY71xQl5RwCC6pIlgnF76MV5oA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmXppA2AHGFxjnaEG4LO7DytZY7-bVMc_kbR5rLMYKych36iUKnHIf8FQXhtN0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 20 Mar 2021 18:46:34 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FBBC 54 KB
22 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B80iDXUgDDZgUkzrE3b48aD6THQcCPx7E4Jgnp2zaRdFLP6CLlC3vP-Mo3ckU1XPVJBpvW85h2ClJmq9C7TyLkRgvHDULOeeHfYhYiFOkeYZlyb99GpHSwLyeKNAHEbLomNkVnsgCtrqe_ZY6DxMbmGq4CVw&dbm_d=AKAmf-CERa-Id2WvYduEYbo1ItRot8LPgZkeaSb8YBOFdIaws25PQdnEyUSe6deL6bFHNu7KC_sbnfpH5NxExpCDosyFlkHaTBEC6qpHveaYsjXyz_mkAVHuv5op2gu8NCYT2ENnrvwBkRceaTWE0lsj_oNxevaD4pvDXS7ZdtRHA4oZ9YTM51iMHI0oEbQtATQlOmmMNfPXz1hnyMMb-5rut1XcmIcd2rwBZgXGhpwR9xpB3wHtlBh6pVfo0XwCo4wLn78w0TxI2WoZFpmwG9YbktePhpgAZZvklqUVDb_g4MMucyw4OvJpOQKScPSmMhnt1Fi2VQxrXYS9VqVswb6hGQ8il0AbWL5hKW1l9mccPoZVTKGHqMwGIBbs-HlB_JK6YtTi7l0UQpABv6_xtW3OZplN-iYHo4LNzX2O9nJtvdTQqy5mk2ZVrfZH34zuVCXzE00eq84sVQQNRTxL95aaf5C4qVAlBkpkDh_HksaayPQ--w-RuJq7FpxJgeX7_qdT_PM9MJeFgMQx5j5UIyVWYYUxIElU9QoT_5mTOGGqtMzCe_MjZpbxrkFazOX5rynDUqYpw7-7te4_pJhLLTC_wbRDSN-mhy4--C7ReGa4fCW3Ae8B2QIb0tBS_Sf6u9rNgN-BlhIzGiod3UrGg4jcXVouElW_pmaH8vJSPl-e9MDX2NF3q5OSgfZJuR-rJMcvoacNUtYk-_-GLWbAUYJV4n8_4sAXHMBUGMIag5Z7YR4p6ElW_5oRHnYjaMYzdnFXtMSMjIMKKTAvQ3_uCv9Syl9yUJgTlPd5W8cis5EV7ACMqtuMTTJYT9Dqf3NKF5cAyd3AHgcR718Uqc2lRHdm3hWV0waEOHwZvZMiWEiSBt3eU-J1_RDOriG8HFCppjWhtjBTiwUuM2OQBd2p-wWvRYixGGZrqnf0mpqA2iWwk1AEhso4ZUVCQxAXPTTCb1dAi7mkvlGOcujOAeHqsRMP5tcbi9jkQreNXC8gnh-wX27qJEw2qTmz6p75cAuDUhLSoYpuDoKIKIm5rkWg5RYTLXZZW7MFURnQ2KZWUsN8c4_J2-XuM_GMOsJtPA449TRXUdZsjosoJ6X9zlR2p4FE-87x8vYEtDmJ2K_uj3xkDTiGPld38-AipUX-9rjG5fTkNCi_aLa2RZn-zsRtiH3MmZakJc6lBcShDIUnTDFxYhAmjN3nu-WkQgHRiLC8JnxldeN3Ecc5Pdo_zUIqgenwMSMGAg-3SRF3LRfa0m3IbN9vZsxBAPoyU8Lkq3RaKKwzRMf3E747F4jiEZFNF9gU5vpeuEnzHozont4YHEOCXDXuAnhN7kEGy3ITWntpzQblE8w95vlDCPpFhppO_m26vaxIJEyXhE5031vBZJEXpL_P6k4Uh6t9_PHC1tl01uqGiXahG9t2pFINwsZIVTgXSFU25JrzXGWlxGu3YoD3KRceWfX9wFAbirOA5b6Rea34F8fVv0BOjx-giMrpbbzxEam-TjsgkJAKXTllWmmNnhI4wrq5RBBdOEIC3mTFSzi9OqI8Pnnz-RJitJazWB7wAsC2suv5XGSBZMl0ys4hDKIe_XzPBslqYQ6ijRdIo_gzhEWlUv9sdIyYvl7893NEJWxoNuccZZO-NZcey-QqGxDsJkG5gIoVJLC8xAfaVZqNfa9Iy4HaWTfbeVsah1e1I6qE6r7Ahe4gJyCuS1EFjIKdKUOf8xN0iDEecbiLTxKm24Nw2SVIqGqt6c4HEeZxL9_w32L8taI-cf9xCOPdTD9cnhWtL1wuT9maS9NQFeWR_kucPsG-6Uz6esuZMUxzaB8YlgaLvn8Qa-Eaiz5pLTUJ-2YGmHdP3FoX5BPrVBNZ9N3U2Q0mTxVrBO1MnlMeIqZGquC2EzDFf2E6YLFq4bxQFrAVCbWnVkK-5myvE19kXBTMZ61eC5yg3Exl85CUXYlbSFctdUn2noY-Ehnl2X2AycAnn4pUuW86iLfk0yRXE9kwofMC5abkE8ZVXgPHsgDNZYvuTbWPI80sKHDoJrpy_XjkB_1uENv_q_ufLSbyMeqz24-c7FG-PPTRcV_fkcLK-Sza1B1E6NDDregJdc0k6DNEsFE9Ov9dXwtIZwF3hpyXC_Yp41lpFiIZwL5z0c_12SIpp_R-rn_TjiIgM7-isDoBdL-emZDsmbEaqj4q5JbIBGSCAmEcieTgwr2bhr5eexEOGLBdLzPnfuRgQh01pTxeWpw6gU-1fpUkboI833qxSVYDH5VMG9BhwAUEiHwtoiBUj7WL75AJ96qdIcQx8wB7xbvoKICeHb0Px8uU_MvYjMrkkBdjmIXgJO4T9fkyoH3vTBawq4PcNz4Xtxd2-O5ZrKH-KEBwtobZ6f2GhjMGhxZ_55XoMEkqHecm2m28wdE3ABIcTVleRlSaq8YroKKSaUsSVmT1Z5ERqITsscmJNSWo7KrWCkBSiFMp0MJJzUGN8hSdTVPD0TtrK9mubz_nRD1AjNqzgTITlvr92qzQLA2GJL5h4UMWu9I0t_55jB7pT4b4vrPwW0pBZ0NQoZfHdL6cqWT7-h50kUH2A2BxsZ9X5u68fRyqT0m2kZXbGtUtMtKd9zYpaEReFuyH11xFaYJS3nrBbOHxC_bLT98aQUAz0wtMdU8yUGyqvuKy34C94keUI7aMeiat08o9XUY3m4XPtWePlDIjbfb7yUJb9OzRaHsvYFaThMEm21jpgBU9sxQ3n82a3iyiYCoHaalFTNxUIOTt0oAKBeVEqz3nU8AkGwUwNkO-AfTw9NNrQ5ujmVzo39MQXL5vSdWvN-8rxOO5CgsoBR4eEJ_83DPuwOT9m-I-36fffkzlmej7yn5MI_0da9fAR8GLXjKW-nhlf6Q6E2AufGxHO32ZzLo8Epg7lrHI6AjHeiDI24XfuhIBxakETpYJoRBjhw0QZsqY6Ar_vpxikdzEN-HLqY_31dJfwTEMaeIy8bcHya40NJEyELBSomSAL3TMIMkwvpc6CZ3uWQ0G1vQ2pdSuhYSpfUf5ocG-aNG3W-Fksr_Eni0fJHZee0UfYxquGrSyf3HGgKwiY3LKllqBT38i5HTEAc9nuF9oHFPa_3015wUXk4dQAEgNJ9xfXivIEdgFP83kDwr6euAakypOq5BRwCZRgVA3Ezp7MzkwpvC-Wa3a3VglI5VTgFSE-GwAFaUeVVvRnZgM7Q4OiBPQBCwCFAgYlwsp&cid=CAASEuRoTiZKn3k3X2H8i2WQih0v_Q&rfl=1%2Chttps%253A%252F%252Fsubject.com.ua%252F%240

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

802409adf2716d0893e132ff729ee8d3d34f4a75750b353f9961f0e3970ed91d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22113
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FBBC 42 B
66 B 39ms
38ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DgpkH3pH3hb0aPtAKGS0gU86YblbaU7rUINylkuP2SNz0MHyinOmxDiFwQ7535VFKZNmE0D2q4y4yiOnE1DoATqMY9jgcq_R7kDUvFb6GqolAcyg8

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame FBBC 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:45:18 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FBBC 117 KB
36 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:34 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame FBBC 13 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:41:57 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame FBBC 0
0 15ms
14ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQXcNCy860sp7rS_bUV2_wv-HkUOqLLI0IVkh-13ztGIYoByrAIoXCGcb7lgGHQiPNPtQY5Stip5xqDyRJ0G5tzjknfAQ
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C2A5 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 19 Mar 2021 10:43:39 GMT
expires: Sat, 19 Mar 2022 10:43:39 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 115375
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 DcmEnabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 74B5 28 KB
10 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9331698/472291887891528/SP21_CKU_FEM_HTML5_300x600-W-1/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9331698/472291887891528/SP21_CKU_FEM_HTML5_300x600-W-1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 11:52:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24831
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10285
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Mar 2021 11:52:43 GMT

GET /
google2waycm.netmng.com/cm/ Frame D93C 0
0

GET
H2 200 dpixel
cms.quantserve.com/ Frame D93C 35 B
463 B 29ms
9ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKto4HHwEmMFwX-JmvoyPuA&google_cver=1&google_push=AQvitUIodMqfU4gRMtWRrSfgZOzsOA49efcriG9Qk-i-km9maiNEqIpu1GDuYWxQFjIcslk4JfvU9uxHyLb2BlavCRT3Tqb4rjg2

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:34 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame D93C
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEMElWPCzpy5bfKTbgf6DvZo&google_cver=1&google_push=AQvitULKbXsQ5_gr51dOaBGZqFY3I-NjOBpY0X-T1vsa3M8_VVRrGI2x6XRZAL_HFrezrPiBGGnuJJ_kwrXZrl...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk0MTgwOTU5MDE2MzYwMTU1NQ%3D%3D&google_push=AQvitULKbXsQ5_gr51dOaBGZqFY3I-NjOBpY0X-T1vsa3M8_VVRrGI2x6XRZAL_HFrezrPiBGGnuJJ_kwrXZrlAFdl...

170 B
190 B

47ms
46ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk0MTgwOTU5MDE2MzYwMTU1NQ%3D%3D&google_push=AQvitULKbXsQ5_gr51dOaBGZqFY3I-NjOBpY0X-T1vsa3M8_VVRrGI2x6XRZAL_HFrezrPiBGGnuJJ_kwrXZrlAFdlNcUzsOnd-O

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk0MTgwOTU5MDE2MzYwMTU1NQ%3D%3D&google_push=AQvitULKbXsQ5_gr51dOaBGZqFY3I-NjOBpY0X-T1vsa3M8_VVRrGI2x6XRZAL_HFrezrPiBGGnuJJ_kwrXZrlAFdlNcUzsOnd-O
Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H/1.1 200
OK us.php
c.eu1.dyntrk.com/adx/ga/ Frame D93C 0
215 B 167ms
66ms Image
text/plain 51.178.20.139
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEPDsYPnTJEZkY-7BwafjeUY&google_cver=1&google_push=AQvitUJX0ZxxL8qpqKW527wer3lsV7WPIUv2tRmxoJWy87w6Phb5RGA9gI2u1ye9iRnZYXKHhRUgghc0XRpqYEs93uT6JeublgGQ
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.20.139 , France, ASN16276 (OVH, FR),
Reverse DNS: proxy0393.eu3.dynfactory.com
Software: proxy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate, no-transform
x-rc: 10
server: proxy
content-length: 0
content-type: text/plain

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame D93C
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEIDvk3aAzj6Vk3vSdgIQiPY&google_cver=1&google_push=AQvitUJB0OzdAjwBs4YrDhtR77OayWsTlBcMLowxjArGJucuQBmg75kpdIyhLdI0F4k48jrh-y-4fHnx...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEIDvk3aAzj6Vk3vSdgIQiPY&google_cver=1&google_push=AQvitUJB0OzdAjwBs4YrDhtR77OayWsTlBcMLowxjArGJucuQBmg75kpdIyhLdI0F4k48jrh-y-...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODM1NDEyODM1MTgxMDc5NDEzMA&google_push=AQvitUJB0OzdAjwBs4YrDhtR77OayWsTlBcMLowxjArGJucuQBmg75kpdIyhLdI0F4k48jrh-y-4fH...

170 B
190 B

51ms
50ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODM1NDEyODM1MTgxMDc5NDEzMA&google_push=AQvitUJB0OzdAjwBs4YrDhtR77OayWsTlBcMLowxjArGJucuQBmg75kpdIyhLdI0F4k48jrh-y-4fHnx6HllRYbXFg2mI95vUpp8

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODM1NDEyODM1MTgxMDc5NDEzMA&google_push=AQvitUJB0OzdAjwBs4YrDhtR77OayWsTlBcMLowxjArGJucuQBmg75kpdIyhLdI0F4k48jrh-y-4fHnx6HllRYbXFg2mI95vUpp8
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame D93C
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEG...
https://sync.targeting.unrulymedia.com/csync/RX-57259296-7f71-433f-8361-73c5ae6ee27e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUI-TMIE4g_UbgYRCAocH...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUI-TMIE4g_UbgYRCAocHBs6BJATKPDe4f3H1Ft0AqHEs6fv7uXe-4o8zdAWWsO2W_uj1M0JymQ2_sNgp311JLILOXtEDIsj&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4

170 B
190 B

67ms
67ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUI-TMIE4g_UbgYRCAocHBs6BJATKPDe4f3H1Ft0AqHEs6fv7uXe-4o8zdAWWsO2W_uj1M0JymQ2_sNgp311JLILOXtEDIsj&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: Tengine
ETag: RX572592967f71433f836173c5ae6ee27e003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUI-TMIE4g_UbgYRCAocHBs6BJATKPDe4f3H1Ft0AqHEs6fv7uXe-4o8zdAWWsO2W_uj1M0JymQ2_sNgp311JLILOXtEDIsj&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4
Connection: keep-alive
Content-Type: text/html

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame D93C
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEKvGzq-gqnyDCQxxY_Asvc4&google_cver=1&google_push=AQvitUIWEo4Nv6wbzkDTytRDmTF34mIWal19hx4s-d0Q1F1Pqw6A4p6A3-cxFW48sBnik_zojmrxIFSaSloPkaoqgrej_sctWZnL
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AQvitUIWEo4Nv6wbzkDTytRDmTF34mIWal19hx4s-d0Q1F1Pqw6A4p6A3-cxFW48sBnik_zojmrxIFSaSloPkaoqgrej_sctWZnL&goog...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjI2NzI5MDIwMTgyNjMwNzY1Nw%3D%3D&google_push=AQvitUIWEo4Nv6wbzkDTytRDmTF34mIWal19hx4s-d0Q1F1Pqw6A4p6A3-cx...

170 B
190 B

48ms
47ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjI2NzI5MDIwMTgyNjMwNzY1Nw%3D%3D&google_push=AQvitUIWEo4Nv6wbzkDTytRDmTF34mIWal19hx4s-d0Q1F1Pqw6A4p6A3-cxFW48sBnik_zojmrxIFSaSloPkaoqgrej_sctWZnL

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjI2NzI5MDIwMTgyNjMwNzY1Nw%3D%3D&google_push=AQvitUIWEo4Nv6wbzkDTytRDmTF34mIWal19hx4s-d0Q1F1Pqw6A4p6A3-cxFW48sBnik_zojmrxIFSaSloPkaoqgrej_sctWZnL
date: Sat, 20 Mar 2021 18:46:35 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame D93C 0
223 B 109ms
63ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KPTgyPA68WmQ-LkqfIjclcjTjeesokRRRLjrfFPUnghDgnqCOK2t0Kr-pNISouN0WftlgC

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 container.html Show response
3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 090C 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Sat, 20 Mar 2021 18:46:34 GMT
expires: Sun, 20 Mar 2022 18:46:34 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 container.html Show response
3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 45F7 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Sat, 20 Mar 2021 18:46:34 GMT
expires: Sun, 20 Mar 2022 18:46:34 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame FBBC 111 KB
38 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 21:58:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74899
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Mar 2021 21:58:15 GMT

GET
H3-Q050 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/ Frame FBBC 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B80iDXUgDDZgUkzrE3b48aD6THQcCPx7E4Jgnp2zaRdFLP6CLlC3vP-Mo3ckU1XPVJBpvW85h2ClJmq9C7TyLkRgvHDULOeeHfYhYiFOkeYZlyb99GpHSwLyeKNAHEbLomNkVnsgCtrqe_ZY6DxMbmGq4CVw&dbm_d=AKAmf-CERa-Id2WvYduEYbo1ItRot8LPgZkeaSb8YBOFdIaws25PQdnEyUSe6deL6bFHNu7KC_sbnfpH5NxExpCDosyFlkHaTBEC6qpHveaYsjXyz_mkAVHuv5op2gu8NCYT2ENnrvwBkRceaTWE0lsj_oNxevaD4pvDXS7ZdtRHA4oZ9YTM51iMHI0oEbQtATQlOmmMNfPXz1hnyMMb-5rut1XcmIcd2rwBZgXGhpwR9xpB3wHtlBh6pVfo0XwCo4wLn78w0TxI2WoZFpmwG9YbktePhpgAZZvklqUVDb_g4MMucyw4OvJpOQKScPSmMhnt1Fi2VQxrXYS9VqVswb6hGQ8il0AbWL5hKW1l9mccPoZVTKGHqMwGIBbs-HlB_JK6YtTi7l0UQpABv6_xtW3OZplN-iYHo4LNzX2O9nJtvdTQqy5mk2ZVrfZH34zuVCXzE00eq84sVQQNRTxL95aaf5C4qVAlBkpkDh_HksaayPQ--w-RuJq7FpxJgeX7_qdT_PM9MJeFgMQx5j5UIyVWYYUxIElU9QoT_5mTOGGqtMzCe_MjZpbxrkFazOX5rynDUqYpw7-7te4_pJhLLTC_wbRDSN-mhy4--C7ReGa4fCW3Ae8B2QIb0tBS_Sf6u9rNgN-BlhIzGiod3UrGg4jcXVouElW_pmaH8vJSPl-e9MDX2NF3q5OSgfZJuR-rJMcvoacNUtYk-_-GLWbAUYJV4n8_4sAXHMBUGMIag5Z7YR4p6ElW_5oRHnYjaMYzdnFXtMSMjIMKKTAvQ3_uCv9Syl9yUJgTlPd5W8cis5EV7ACMqtuMTTJYT9Dqf3NKF5cAyd3AHgcR718Uqc2lRHdm3hWV0waEOHwZvZMiWEiSBt3eU-J1_RDOriG8HFCppjWhtjBTiwUuM2OQBd2p-wWvRYixGGZrqnf0mpqA2iWwk1AEhso4ZUVCQxAXPTTCb1dAi7mkvlGOcujOAeHqsRMP5tcbi9jkQreNXC8gnh-wX27qJEw2qTmz6p75cAuDUhLSoYpuDoKIKIm5rkWg5RYTLXZZW7MFURnQ2KZWUsN8c4_J2-XuM_GMOsJtPA449TRXUdZsjosoJ6X9zlR2p4FE-87x8vYEtDmJ2K_uj3xkDTiGPld38-AipUX-9rjG5fTkNCi_aLa2RZn-zsRtiH3MmZakJc6lBcShDIUnTDFxYhAmjN3nu-WkQgHRiLC8JnxldeN3Ecc5Pdo_zUIqgenwMSMGAg-3SRF3LRfa0m3IbN9vZsxBAPoyU8Lkq3RaKKwzRMf3E747F4jiEZFNF9gU5vpeuEnzHozont4YHEOCXDXuAnhN7kEGy3ITWntpzQblE8w95vlDCPpFhppO_m26vaxIJEyXhE5031vBZJEXpL_P6k4Uh6t9_PHC1tl01uqGiXahG9t2pFINwsZIVTgXSFU25JrzXGWlxGu3YoD3KRceWfX9wFAbirOA5b6Rea34F8fVv0BOjx-giMrpbbzxEam-TjsgkJAKXTllWmmNnhI4wrq5RBBdOEIC3mTFSzi9OqI8Pnnz-RJitJazWB7wAsC2suv5XGSBZMl0ys4hDKIe_XzPBslqYQ6ijRdIo_gzhEWlUv9sdIyYvl7893NEJWxoNuccZZO-NZcey-QqGxDsJkG5gIoVJLC8xAfaVZqNfa9Iy4HaWTfbeVsah1e1I6qE6r7Ahe4gJyCuS1EFjIKdKUOf8xN0iDEecbiLTxKm24Nw2SVIqGqt6c4HEeZxL9_w32L8taI-cf9xCOPdTD9cnhWtL1wuT9maS9NQFeWR_kucPsG-6Uz6esuZMUxzaB8YlgaLvn8Qa-Eaiz5pLTUJ-2YGmHdP3FoX5BPrVBNZ9N3U2Q0mTxVrBO1MnlMeIqZGquC2EzDFf2E6YLFq4bxQFrAVCbWnVkK-5myvE19kXBTMZ61eC5yg3Exl85CUXYlbSFctdUn2noY-Ehnl2X2AycAnn4pUuW86iLfk0yRXE9kwofMC5abkE8ZVXgPHsgDNZYvuTbWPI80sKHDoJrpy_XjkB_1uENv_q_ufLSbyMeqz24-c7FG-PPTRcV_fkcLK-Sza1B1E6NDDregJdc0k6DNEsFE9Ov9dXwtIZwF3hpyXC_Yp41lpFiIZwL5z0c_12SIpp_R-rn_TjiIgM7-isDoBdL-emZDsmbEaqj4q5JbIBGSCAmEcieTgwr2bhr5eexEOGLBdLzPnfuRgQh01pTxeWpw6gU-1fpUkboI833qxSVYDH5VMG9BhwAUEiHwtoiBUj7WL75AJ96qdIcQx8wB7xbvoKICeHb0Px8uU_MvYjMrkkBdjmIXgJO4T9fkyoH3vTBawq4PcNz4Xtxd2-O5ZrKH-KEBwtobZ6f2GhjMGhxZ_55XoMEkqHecm2m28wdE3ABIcTVleRlSaq8YroKKSaUsSVmT1Z5ERqITsscmJNSWo7KrWCkBSiFMp0MJJzUGN8hSdTVPD0TtrK9mubz_nRD1AjNqzgTITlvr92qzQLA2GJL5h4UMWu9I0t_55jB7pT4b4vrPwW0pBZ0NQoZfHdL6cqWT7-h50kUH2A2BxsZ9X5u68fRyqT0m2kZXbGtUtMtKd9zYpaEReFuyH11xFaYJS3nrBbOHxC_bLT98aQUAz0wtMdU8yUGyqvuKy34C94keUI7aMeiat08o9XUY3m4XPtWePlDIjbfb7yUJb9OzRaHsvYFaThMEm21jpgBU9sxQ3n82a3iyiYCoHaalFTNxUIOTt0oAKBeVEqz3nU8AkGwUwNkO-AfTw9NNrQ5ujmVzo39MQXL5vSdWvN-8rxOO5CgsoBR4eEJ_83DPuwOT9m-I-36fffkzlmej7yn5MI_0da9fAR8GLXjKW-nhlf6Q6E2AufGxHO32ZzLo8Epg7lrHI6AjHeiDI24XfuhIBxakETpYJoRBjhw0QZsqY6Ar_vpxikdzEN-HLqY_31dJfwTEMaeIy8bcHya40NJEyELBSomSAL3TMIMkwvpc6CZ3uWQ0G1vQ2pdSuhYSpfUf5ocG-aNG3W-Fksr_Eni0fJHZee0UfYxquGrSyf3HGgKwiY3LKllqBT38i5HTEAc9nuF9oHFPa_3015wUXk4dQAEgNJ9xfXivIEdgFP83kDwr6euAakypOq5BRwCZRgVA3Ezp7MzkwpvC-Wa3a3VglI5VTgFSE-GwAFaUeVVvRnZgM7Q4OiBPQBCwCFAgYlwsp&cid=CAASEuRoTiZKn3k3X2H8i2WQih0v_Q&rfl=1%2Chttps%253A%252F%252Fsubject.com.ua%252F%240

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 212
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:43:02 GMT

GET
H3-Q050 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame FBBC 21 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70d82c6075989e0082b4917c6685f5f6bec1e673d0a80160eac61b3f1cdcb1a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8471
x-xss-protection: 0
server: cafe
etag: 753583566593306265
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:46:32 GMT

GET
H3-Q050 200 pixel
cm.g.doubleclick.net/ Frame 0BE5 170 B
310 B 58ms
57ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQpK2PAhin-faeATAB&v=APEucNVO7Pz7wX3Dt6yn8aaEEKMzw8Tgq3AnQ4s--NVtrCighsOquvgJ05ewd1MiaNvGQuubwY71xQl5RwCC6pIlgnF76MV5oA

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0BE5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1

43 B
1014 B

50ms
50ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQpK2PAhin-faeATAB&v=APEucNVO7Pz7wX3Dt6yn8aaEEKMzw8Tgq3AnQ4s--NVtrCighsOquvgJ05ewd1MiaNvGQuubwY71xQl5RwCC6pIlgnF76MV5oA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:35 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0BE5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1

43 B
894 B

43ms
42ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPTQ7wEQpK2PAhin-faeATAB&v=APEucNVO7Pz7wX3Dt6yn8aaEEKMzw8Tgq3AnQ4s--NVtrCighsOquvgJ05ewd1MiaNvGQuubwY71xQl5RwCC6pIlgnF76MV5oA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:35 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG0AOwlrUCmLNf5oR7E9z1w&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame EED0 0
50 B 88ms
88ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
BLOB 200
OK b136f282-f3f4-45cf-acc2-3916b1e6e900
https://subject.com.ua/ 52 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://subject.com.ua/b136f282-f3f4-45cf-acc2-3916b1e6e900
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 27b6996a0f7ea420886fcb7b079d023a65391f41b283c92c38b60e8a157d6559

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 52893
Content-Type: application/javascript

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 127ms
126ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:35 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 336 KB
336 KB 135ms
134ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: 5f84ea91c7008513372b2254dbf9434ae540b8adfbbb3d8a420e1e706575d008

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-343851

Response headers

Date: Sat, 20 Mar 2021 18:46:35 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 0-343851/161125964
Connection: keep-alive
Content-Length: 343852

GET
H3-Q050 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 19D6 478 B
275 B 18ms
17ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCFwFsYhO7gnAEwAQ&v=APEucNVtQhBcQKHVMxxjQY3QqwXiBuEJnA03hhUjLhIFun7EXvbPLMJpF7cWME1pm7MZEgNJZJfbqyUIdWldylnRgKfcbDjWLw

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CKCQWhCFwFsYhO7gnAEwAQ&v=APEucNVtQhBcQKHVMxxjQY3QqwXiBuEJnA03hhUjLhIFun7EXvbPLMJpF7cWME1pm7MZEgNJZJfbqyUIdWldylnRgKfcbDjWLw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUm9AupS2tP1LCAg29ihMn7FumurcKJCNpdQ2zL4O6ZTiHvBg5yirbV0VBpAVD4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 20 Mar 2021 18:46:35 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 090C 60 KB
23 KB 63ms
62ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A6PWaPeuf3hZf0QiCS1VB7fwFk7zXn_ot3KuhFxyOynLWRkhMCjiNHaoZmjOL3AM8AIwAXlQNa-2G4V9--SV-KtK5Op5bdCNjqUdatnWLj_2FRnfpiW4d-4c6CXAFIiWhs3JIJYFKKzO1gvt9H5NVm2DGt1g&dbm_d=AKAmf-Dao5zVFaYySeVkzWnh-uMoIP_x1iIIPadHRqoIPrlMiQXTJEA8qOFsRsX0MXlxx2XKhQDJoIIW0TPm0jQlUWA-vFKg4Nc9ezgrJGk_VzLlOrNMOMm-l0o0aNJsY4iEzpmBU6e9N5XOYaZvLLzWR3KZQNcLcBxQgqdsotIsce26HdGm63bolABuUDH2J3LyLSVbetj_VP0RT5pT42sWkCxSz-sqmLLWaTAfF_MFW1cPSOrsAwZTK9cHYn7Gf1DgIEocdNEM-H1GRw0R1qCdoOCEcSASUhaqiTDyCeVI0BzXUHzmKK5QlBCcAy_ChJHpTj-5QxdXiOdE5yDJY1nTp4kaBUD-yZGrkbpd60LvkwkD_GqcMVfDIW4z68RIVdt8vf0Rvnt9CD9Y9aIsvsddJ3rJSCRbj-XFGhtrLbFKx3JHb7sX3XywLF4XjqgYKXMgwjSO4L_zLPfU9eWkj8SxbsdMw6RFt7KG0Sxuv77icMpt386s05F5wiNCaVj7vOokUKQoZRu3Mb-UVDvltlL8c9-F9krgZNFn8VvzLMjSMlNtr2NYiH1_5QE2HQ0JF4QCBLdaJGoqHXd0nbs5TAjb7PvrNigNhwJDFPGKdQjNSkRmNrHif1rZ6r8bB-NXE00JkTVomGt56ca00dzFfzOVi8b61bquXTpoLN2F_oTCIS6A5d94blDWQfZPluEa15PIRTx_kwCCVp2M4tyPGH7r0obdf8baTBHPBtkl9-vDpOfwcAeF6LmP7SIbOMdivqVR-BfIy-jEBB6y59oWHxfsUVF-nKzzWuI3E7iFCuY1D12AB3an8GoQwPlDfSH7aIw2bDAVVPInMtD5ETv8cuKlKJzFYbfNTRRqe9O1DmAevJl4zPrl44TZA4GP50WCzADNG-Sm4e6CmYp7wA4bJvfcsfXjuk0C-mVgraCTk8LZx1yfPXY3BfOwrYZNF2c77wbvGKYA7Rmb7owDmVK3lI8Q1Xg3VYXyexxf6lBGp8J0DmUI8t6THz6pXPzGE4aAePtxRYO0ZOYx-JCMb3FXtK1eCu4ptytKMGCpTABr4dIxdz78fikBk8gZ1ei839qf-LmqO5_6G9mRAXlBu5dHgXPaMrnKT47OFZcPsrBdhSw6-P59zd_-RRTwbB1sCcUD3ow_QrhrMnVfiAEtjdu0n_ocCUh6pCCAaCRQpPpt768M7NCAXh_eTN-rrUKPsqexF1CaXP3eXUy_tofVj7OMIhBq6NMqHjgCYgvHjh-cKU3Z53ST6fCtKEMQJ0GSodED3ewdiePV59Fd7PufYVL1PVhzQGENAvAjhoSaRoyw0UOJr_Z1rH6lJYppFFsWs6i1cMP8hfaDWHiu5H_4YZEE9F53OifffdeKZFzM43SPiAZFAOiycBnUlyAMpSDo96DHT6pqOx2yCEJZ8e4LjvEiBpuDmzi3R0K8qc9R5u_ebW4QwNowyzdr5N7KCqFcjvNGY9yESHBzIWPVg8jYPt2a9VT26IvDwf2ja_TV2MVnVqtfEkxg4OR4LfcYENe4OaiP2qesx0UHH2d1vaoKdzj_L126bfTFq2gftrDo7qpStHHOa-I1A05sG7jxM5uEObvoeYv6172qDsFIDWSgcqrerhZLpSEpkhHmEyIqmf4YLX_CtaL3ylujqhTiVeCfyoEoA4Md3BRGlSbgjTDnQtJvIp9UBOphZn6KGT7mfXx9bI_zhjSMIW93r5IGkCallWv1PC0NTKWO1MAC0evPYXKkWDwwaXMnzk2Cizn-9hNK75TDhETTXtmfCV8DNNYpFSv34R_vTd0jzaLQeqtPj6ivDpNhvUI2XnqNoGobiernPqU2voKAtvDea_-rJYO1HPdRRcNPMM-di4HpkLfiwHi3HzAe3V6g7q5ZMqJp7gdCSg-rafCdm9-lSQgr-skCspzdtBibrQKjYWZeCz0fHnko6g7f8UtxHpgd5EV7-d-Ipb6jaBWzJHySYW_W2BEM2ttdSu4hw-bAbtkpS14a5frk_u0UUZ6Xv92RWhLDJRVc2RZ6Kb3cVL42yuVIUG0lozDZRKQ9qarHKMnAuFkWoebqw2S30Fq0sw3OuJ5RJOWO8nwsuKNQe1jiUY8m63bGeNBwHn5AWYj1LF197Nlz0dnC8BhLDubzq8SEM36DS4IHxlGbgP4wnX-naKMs9bHvWDa2-KtQqMhCXrHYQnG_AMTrTW-3kMapkvoBkGzs0YXKYX6HybeIsYsOyCwNcTTJJ_zBh2UTeQFTh1dmywiNhl3DdJw4B7b4ygYp0CgIk52kQL1j8Pa18njC1hNC9zU4M0H0JGuHTuvzKtfSW6rLlO26amYDsE0Os42mVox6Q4KV8IKMp0np-XUruIEzUywa_askAI-wxEcIrAdIY8sZhpFkdlBlNxyOWDwb_hDQipZW_OfUOKbxrt1kNdE0Db3uZDuqBLfTa4F4XFq_Nxg3xhVv4Z0B3o4gvuDK-pCKv7i6ThNUpvHvqqVPP8MEOTH7guF1e1ZH6e796BRA7y0L4WWA3LXctYMRqZcSFeFjrzvGFc3YyaGdlaaQOtnYn9QXSvFculTDcRrW636UMPbUXLHLceAxMAMkkjD6hZY3C6xS4RkV94o8GEKpILRCjnhh44KqYEqd2LZNU2S2pKYe-OcFm7vnjvSicyEgDSCh4VhrH1vTjBSLpm6IbfYPZNwTOopGYKeRYkvrAZt99MxxMoi2M9H_get775d2FWpv_LZ1cu0tWnDztqTQ-oTSoAtpwhlm4Cxlo3fdX5Vw9dj_UE9Gs4-9a2cKoNSc2Drf8TzPvkit9GSpPlfvCnF4uFo8LK3kqgYKFX6GaJbtmhzLFa0Dj7w1Krjz2tJL6k4LkRlNl4W8ZZSJHfQ-f_NuVycCzRRkMlFcBtpRJnBtA3y6E6QzBHi2Qkxqi-wE0ZNcCQgnAiaEFAfXJ_bYzI_xJ3Vh8zY_qYYobnTjUf9qUV7KXmjPjvOo6XRB3hBDKUZT43mwZcZQt-TVOsKH-uihfN7cBOtbKrlVfWjbFwezc70sHqJjrT8OqvKHKbGhVFjakRdLz5GXsHAgwMqzGBFnQ8l874nP9RwsJWS_ImFPIrMddMEHtmYDZCaZRCucPOamzUNIWUe3KoXnfYzI0ObKB5tUf6_Mcla4vxx8CNSeU6yio-M5M204Msh2V8_N4fX2hKXN1si7W3nmtreIwwP2aW-idGREfn_inv0PTXnJ&cid=CAASEuRoGqChPDgpabqBaK8jxHLj-g&rfl=1%2Chttps%253A%252F%252Fsubject.com.ua%252F%240

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b4e529d575bd0cb94aba0e5e9cd9cffe066712e998ca3c01e87efce827ed749

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23553
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 090C 42 B
90 B 39ms
38ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AFag_mROF6oX5pGGPFydeRWjXuSMtvpfD66TC3ctb7RHSGj7Z2fFI6MYHA43EI6ervPNX0szRIaYK1-bIyEtTrhGh7FNZN-nh42rS2wpC6Y_FrQVU

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 090C 47 KB
14 KB 206ms
88ms Script
application/javascript 34.241.165.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=1499141&campId=46347355&pubId=1&placementId=328742660&adsafe_par&bundleId=&dealId=&bidurl=https://subject.com.ua/
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.165.231 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-165-231.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5305655b98adf89485d9ca7c37e2b31bbd9b1680d07043fe5f3e951d254046af

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
x-server-name: app20.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 090C 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:45:18 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 090C 117 KB
36 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:35 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 090C 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:41:57 GMT

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame C2A5 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 13:05:00 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 106895
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 13:05:00 GMT

GET
H2 200 8c77a2c821ca4e98b0049784c1486a62.js Show response
www.gstatic.com/mysidia/ Frame 45F7 6 KB
3 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8c77a2c821ca4e98b0049784c1486a62.js?tag=client_fast_engine_2019

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec0c5f7a8de37a02414756f98e8e57a5b396961226b912f832c1c2b1590fb73b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 23:03:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 18 Mar 2021 22:34:48 GMT
server: sffe
age: 157395
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2797
x-xss-protection: 0
expires: Wed, 16 Jun 2021 23:03:20 GMT

GET
H2 200 a546f35fd269b07d4094cea7a5b9c390.js Show response
www.gstatic.com/mysidia/ Frame 45F7 5 KB
2 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a546f35fd269b07d4094cea7a5b9c390.js?tag=core/maui_delegate_info_icon_v1

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a39884ea8e2e99e91589b75d029156840165456d16ee4b39144722c16d53f51e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 00:45:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 18 Mar 2021 22:34:48 GMT
server: sffe
age: 151246
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2276
x-xss-protection: 0
expires: Thu, 17 Jun 2021 00:45:49 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 45F7 4 KB
722 B 22ms
20ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d344632c01d1ca55dc380216de660c9b8a5a3174e7d7afa6784aff50c945e1cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 20 Mar 2021 18:39:37 GMT
server: ESF
date: Sat, 20 Mar 2021 18:46:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 20 Mar 2021 18:46:35 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 45F7 2 KB
987 B 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:45:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 891
x-xss-protection: 0
server: cafe
etag: 8551179781376740118
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:45:47 GMT

GET
H2 200 7efc730b264047f6b0bc7ba2cfe24db8.js Show response
www.gstatic.com/mysidia/ Frame 45F7 17 KB
7 KB 24ms
7ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/7efc730b264047f6b0bc7ba2cfe24db8.js?tag=exit_2019

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1ae0255028c4d4b7e0584498f099d5f100227f57ee74f185a41ca011cbdbb51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 00:04:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 18 Mar 2021 22:34:48 GMT
server: sffe
age: 153734
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7306
x-xss-protection: 0
expires: Thu, 17 Jun 2021 00:04:21 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame 45F7 17 KB
7 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:42:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 224
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7120
x-xss-protection: 0
server: cafe
etag: 15132876316592709121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:42:51 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 45F7 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:45:18 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 45F7 117 KB
36 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:35 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 45F7 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:41:57 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 45F7 0
0 16ms
15ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQYxA2UVEtl75alu1dcCtJ9u7p74EDEMBYFW6LDZ5WGVNbhP2YN5i6_284cjgTrErxVd5It7fVH3XlRoBCwgx9FsPq45g
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 index.html Show response
s0.2mdn.net/9331698/472251111716293/SP21_CKU_FEM_HTML5_160x600-W-1/ Frame 17DA 73 KB
18 KB 7ms
6ms Document
text/html 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9331698/472251111716293/SP21_CKU_FEM_HTML5_160x600-W-1/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3638677493e2f8cfeb76d8093d78a4b743bd37ffbc9bed6be086829f65b5d8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9331698/472251111716293/SP21_CKU_FEM_HTML5_160x600-W-1/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 18230
date: Sat, 20 Mar 2021 06:49:59 GMT
expires: Sun, 21 Mar 2021 06:49:59 GMT
last-modified: Tue, 02 Mar 2021 15:16:55 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 42996
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame FBBC 0
28 B 77ms
77ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstwAk8lp3SeEoe70hlK7EM49KKtf8YJ62zKckWixwkWpe6FNG6HC6NLtL_8xCnalUXFNEgAvT9HaRsa9GO81OoWbEkh42W9LZVSTdH3kjK4uak4MOe3zU8mZk_fZKfywC0TBRH7w_BzwHWQp08xPkKlohDJ9Oe7J__x3lW0uHT9mmssTa1vF5PCfLydPTmjN2IcAdoAvmAi2UN3KSRcYSyIAODwYPmi0QenjZKZiZU_c5tXVPJGTX3L1Hl_zpeHmL98hHfNHcelTYohALjJ1-sQfidjefCbzGZ13F3-gSvCqeBrpe6neAjFkbJGfAhwklncZnvAIYPJ1vsJvgFGkGcJmnL0UipNbKewxKY9NWZO2s28ZVywSwmKx6ZT0yTJ0UDCnRpUkqJJAHbMLjIofmWBlYA85V4VjdDax049hQCNVFOd-Ga7BWQB2ZcH_FAo3NESIXxGosV2pxx6oRmdPa4rg9Zq8qC58GtJLS0hIfNuuLvgoq9iMOVQKG59kIpPLpUW1-GJD_wnQv46ffr8KhURNVK8EZqWHsmcfPhKAGCx6PmmFoDFbwuWtqacTdcXfeTIQ8o9AQn1CVPFQ-vKH0Pq1r0Is5aVkujkxC0v40-pwaeUwOibMEXqQ541785bHx8UxTFUwx6OQDB7ZSBBm0sBbh8QaDxLswAZUH93mygnh1wesdJvu6SkOVIqb0lmBWK-DubZxBC1WY38vjEHwReiHwBKeNUV1Ff7a5WGyPnAXR6cQEOcmGFcNAVItgzIZIpjnA-k_tf7zksWv8b749cezZ4aPP9wj1ZNBtLe696lZFoCVQUwVL-SzXblmMkx68fFUcLyQSnwxZXIU_ip0wBQKYk1IsDkGHgRSgf8J3J9UavZHKnI7mAJBQxuWO8FHVFGkgQP5xjIU8YNYANF2waaabWpNVqP6udeaFsZF8rcdEl5_1IdQYQYBI2-Ud-mDgNk94gOmQHzCqazxWPqE3h1ZWDCdh4as8XQiM46sC8KLQtp8Fyq4VDsrJSQwr3kXuznkmnKTP6-UwL5B4WKYTcrnzX4EaOvIpZryf6PW1pYbQZFZTme3YIisQxpAFBvr2m5CRnqds7HfrwjnAxoHgaOSo1-RUXW5NIrWZSxi6sQ31p6qw-bcTiK6CEpqDrsJN5j3iselPdJDuXyOx7hwx1myhzX-kCfdApu64mL6vZoGT12KYaS4ICLeyTL8JLLyjQPgJfqb4gG-WGchnkzKds&sai=AMfl-YQb1rVmQbAbjrRzeNtuu0qksE9w0B9g7oxHlP0Ba38bBqq4cum-FGVxVRU8h3oxsce4Xl6cn1WLXiH0IzdlzGDCyms9ZRHIcqYn2dE5hnEWRLYWUlJI4ObNnmSAPlRJWgDR0e0Gb4lO_qxJ7nU28un9emHCsg&sig=Cg0ArKJSzBNuIst2ZdxlEAE&urlfix=1&omid=0&rm=1&ctpt=119&cbvp=1&cstd=118&cisv=r20210316.80153&adurl=

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 20 Mar 2021 18:46:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FBBC 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:43:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115376
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 10:43:39 GMT

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0430 1 KB
779 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 20 Mar 2021 16:59:40 GMT
expires: Sun, 21 Mar 2021 16:59:40 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 6415
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame FBBC 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 743e9a0578a121c6fa639a110860ff79f812e238c55e81371bb7d276d72c3f92

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 300x600_.jpg
s0.2mdn.net/9331698/472291887891528/SP21_CKU_FEM_HTML5_300x600-W-1/ Frame 74B5 91 KB
91 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9331698/472291887891528/SP21_CKU_FEM_HTML5_300x600-W-1/300x600_.jpg

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91d44eed98b93fe4029788a3383dd43a6cb96a9dacee877d88203cb192335144

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9331698/472291887891528/SP21_CKU_FEM_HTML5_300x600-W-1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 08:07:10 GMT
x-content-type-options: nosniff
last-modified: Tue, 02 Mar 2021 15:17:36 GMT
server: sffe
age: 38365
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 93476
x-xss-protection: 0
expires: Sun, 21 Mar 2021 08:07:10 GMT

GET
H3-Q050 200 300x600_1.jpg
s0.2mdn.net/9331698/472291887891528/SP21_CKU_FEM_HTML5_300x600-W-1/ Frame 74B5 71 KB
71 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9331698/472291887891528/SP21_CKU_FEM_HTML5_300x600-W-1/300x600_1.jpg

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64e516f842387337ac6c58f691ded6f8037e5d001d9e68a32b4451bb8daf4747

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9331698/472291887891528/SP21_CKU_FEM_HTML5_300x600-W-1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 08:07:10 GMT
x-content-type-options: nosniff
last-modified: Tue, 02 Mar 2021 15:17:36 GMT
server: sffe
age: 38365
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72794
x-xss-protection: 0
expires: Sun, 21 Mar 2021 08:07:10 GMT

GET
H3-Q050 200 container.html Show response
3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame DC94 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Sat, 20 Mar 2021 18:46:34 GMT
expires: Sun, 20 Mar 2022 18:46:34 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 090C 176 KB
61 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 11:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24998
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62241
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Mar 2021 11:49:57 GMT

GET
H3-Q050 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/ Frame 090C 8 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A6PWaPeuf3hZf0QiCS1VB7fwFk7zXn_ot3KuhFxyOynLWRkhMCjiNHaoZmjOL3AM8AIwAXlQNa-2G4V9--SV-KtK5Op5bdCNjqUdatnWLj_2FRnfpiW4d-4c6CXAFIiWhs3JIJYFKKzO1gvt9H5NVm2DGt1g&dbm_d=AKAmf-Dao5zVFaYySeVkzWnh-uMoIP_x1iIIPadHRqoIPrlMiQXTJEA8qOFsRsX0MXlxx2XKhQDJoIIW0TPm0jQlUWA-vFKg4Nc9ezgrJGk_VzLlOrNMOMm-l0o0aNJsY4iEzpmBU6e9N5XOYaZvLLzWR3KZQNcLcBxQgqdsotIsce26HdGm63bolABuUDH2J3LyLSVbetj_VP0RT5pT42sWkCxSz-sqmLLWaTAfF_MFW1cPSOrsAwZTK9cHYn7Gf1DgIEocdNEM-H1GRw0R1qCdoOCEcSASUhaqiTDyCeVI0BzXUHzmKK5QlBCcAy_ChJHpTj-5QxdXiOdE5yDJY1nTp4kaBUD-yZGrkbpd60LvkwkD_GqcMVfDIW4z68RIVdt8vf0Rvnt9CD9Y9aIsvsddJ3rJSCRbj-XFGhtrLbFKx3JHb7sX3XywLF4XjqgYKXMgwjSO4L_zLPfU9eWkj8SxbsdMw6RFt7KG0Sxuv77icMpt386s05F5wiNCaVj7vOokUKQoZRu3Mb-UVDvltlL8c9-F9krgZNFn8VvzLMjSMlNtr2NYiH1_5QE2HQ0JF4QCBLdaJGoqHXd0nbs5TAjb7PvrNigNhwJDFPGKdQjNSkRmNrHif1rZ6r8bB-NXE00JkTVomGt56ca00dzFfzOVi8b61bquXTpoLN2F_oTCIS6A5d94blDWQfZPluEa15PIRTx_kwCCVp2M4tyPGH7r0obdf8baTBHPBtkl9-vDpOfwcAeF6LmP7SIbOMdivqVR-BfIy-jEBB6y59oWHxfsUVF-nKzzWuI3E7iFCuY1D12AB3an8GoQwPlDfSH7aIw2bDAVVPInMtD5ETv8cuKlKJzFYbfNTRRqe9O1DmAevJl4zPrl44TZA4GP50WCzADNG-Sm4e6CmYp7wA4bJvfcsfXjuk0C-mVgraCTk8LZx1yfPXY3BfOwrYZNF2c77wbvGKYA7Rmb7owDmVK3lI8Q1Xg3VYXyexxf6lBGp8J0DmUI8t6THz6pXPzGE4aAePtxRYO0ZOYx-JCMb3FXtK1eCu4ptytKMGCpTABr4dIxdz78fikBk8gZ1ei839qf-LmqO5_6G9mRAXlBu5dHgXPaMrnKT47OFZcPsrBdhSw6-P59zd_-RRTwbB1sCcUD3ow_QrhrMnVfiAEtjdu0n_ocCUh6pCCAaCRQpPpt768M7NCAXh_eTN-rrUKPsqexF1CaXP3eXUy_tofVj7OMIhBq6NMqHjgCYgvHjh-cKU3Z53ST6fCtKEMQJ0GSodED3ewdiePV59Fd7PufYVL1PVhzQGENAvAjhoSaRoyw0UOJr_Z1rH6lJYppFFsWs6i1cMP8hfaDWHiu5H_4YZEE9F53OifffdeKZFzM43SPiAZFAOiycBnUlyAMpSDo96DHT6pqOx2yCEJZ8e4LjvEiBpuDmzi3R0K8qc9R5u_ebW4QwNowyzdr5N7KCqFcjvNGY9yESHBzIWPVg8jYPt2a9VT26IvDwf2ja_TV2MVnVqtfEkxg4OR4LfcYENe4OaiP2qesx0UHH2d1vaoKdzj_L126bfTFq2gftrDo7qpStHHOa-I1A05sG7jxM5uEObvoeYv6172qDsFIDWSgcqrerhZLpSEpkhHmEyIqmf4YLX_CtaL3ylujqhTiVeCfyoEoA4Md3BRGlSbgjTDnQtJvIp9UBOphZn6KGT7mfXx9bI_zhjSMIW93r5IGkCallWv1PC0NTKWO1MAC0evPYXKkWDwwaXMnzk2Cizn-9hNK75TDhETTXtmfCV8DNNYpFSv34R_vTd0jzaLQeqtPj6ivDpNhvUI2XnqNoGobiernPqU2voKAtvDea_-rJYO1HPdRRcNPMM-di4HpkLfiwHi3HzAe3V6g7q5ZMqJp7gdCSg-rafCdm9-lSQgr-skCspzdtBibrQKjYWZeCz0fHnko6g7f8UtxHpgd5EV7-d-Ipb6jaBWzJHySYW_W2BEM2ttdSu4hw-bAbtkpS14a5frk_u0UUZ6Xv92RWhLDJRVc2RZ6Kb3cVL42yuVIUG0lozDZRKQ9qarHKMnAuFkWoebqw2S30Fq0sw3OuJ5RJOWO8nwsuKNQe1jiUY8m63bGeNBwHn5AWYj1LF197Nlz0dnC8BhLDubzq8SEM36DS4IHxlGbgP4wnX-naKMs9bHvWDa2-KtQqMhCXrHYQnG_AMTrTW-3kMapkvoBkGzs0YXKYX6HybeIsYsOyCwNcTTJJ_zBh2UTeQFTh1dmywiNhl3DdJw4B7b4ygYp0CgIk52kQL1j8Pa18njC1hNC9zU4M0H0JGuHTuvzKtfSW6rLlO26amYDsE0Os42mVox6Q4KV8IKMp0np-XUruIEzUywa_askAI-wxEcIrAdIY8sZhpFkdlBlNxyOWDwb_hDQipZW_OfUOKbxrt1kNdE0Db3uZDuqBLfTa4F4XFq_Nxg3xhVv4Z0B3o4gvuDK-pCKv7i6ThNUpvHvqqVPP8MEOTH7guF1e1ZH6e796BRA7y0L4WWA3LXctYMRqZcSFeFjrzvGFc3YyaGdlaaQOtnYn9QXSvFculTDcRrW636UMPbUXLHLceAxMAMkkjD6hZY3C6xS4RkV94o8GEKpILRCjnhh44KqYEqd2LZNU2S2pKYe-OcFm7vnjvSicyEgDSCh4VhrH1vTjBSLpm6IbfYPZNwTOopGYKeRYkvrAZt99MxxMoi2M9H_get775d2FWpv_LZ1cu0tWnDztqTQ-oTSoAtpwhlm4Cxlo3fdX5Vw9dj_UE9Gs4-9a2cKoNSc2Drf8TzPvkit9GSpPlfvCnF4uFo8LK3kqgYKFX6GaJbtmhzLFa0Dj7w1Krjz2tJL6k4LkRlNl4W8ZZSJHfQ-f_NuVycCzRRkMlFcBtpRJnBtA3y6E6QzBHi2Qkxqi-wE0ZNcCQgnAiaEFAfXJ_bYzI_xJ3Vh8zY_qYYobnTjUf9qUV7KXmjPjvOo6XRB3hBDKUZT43mwZcZQt-TVOsKH-uihfN7cBOtbKrlVfWjbFwezc70sHqJjrT8OqvKHKbGhVFjakRdLz5GXsHAgwMqzGBFnQ8l874nP9RwsJWS_ImFPIrMddMEHtmYDZCaZRCucPOamzUNIWUe3KoXnfYzI0ObKB5tUf6_Mcla4vxx8CNSeU6yio-M5M204Msh2V8_N4fX2hKXN1si7W3nmtreIwwP2aW-idGREfn_inv0PTXnJ&cid=CAASEuRoGqChPDgpabqBaK8jxHLj-g&rfl=1%2Chttps%253A%252F%252Fsubject.com.ua%252F%240

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 213
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:43:02 GMT

GET
H3-Q050 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame 090C 21 KB
8 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70d82c6075989e0082b4917c6685f5f6bec1e673d0a80160eac61b3f1cdcb1a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8471
x-xss-protection: 0
server: cafe
etag: 753583566593306265
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:46:32 GMT

GET
H3-Q050 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7ED2 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 19 Mar 2021 10:43:39 GMT
expires: Sat, 19 Mar 2022 10:43:39 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 115376
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 pixel
cm.g.doubleclick.net/ Frame 19D6 170 B
190 B 44ms
44ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCFwFsYhO7gnAEwAQ&v=APEucNVtQhBcQKHVMxxjQY3QqwXiBuEJnA03hhUjLhIFun7EXvbPLMJpF7cWME1pm7MZEgNJZJfbqyUIdWldylnRgKfcbDjWLw

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 19D6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELhaG-KJRgx2Q5PS5UVv5cc&google_cver=1

43 B
894 B

55ms
54ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELhaG-KJRgx2Q5PS5UVv5cc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCFwFsYhO7gnAEwAQ&v=APEucNVtQhBcQKHVMxxjQY3QqwXiBuEJnA03hhUjLhIFun7EXvbPLMJpF7cWME1pm7MZEgNJZJfbqyUIdWldylnRgKfcbDjWLw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:35 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELhaG-KJRgx2Q5PS5UVv5cc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 19D6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELhaG-KJRgx2Q5PS5UVv5cc&google_cver=1

43 B
894 B

62ms
62ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELhaG-KJRgx2Q5PS5UVv5cc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCFwFsYhO7gnAEwAQ&v=APEucNVtQhBcQKHVMxxjQY3QqwXiBuEJnA03hhUjLhIFun7EXvbPLMJpF7cWME1pm7MZEgNJZJfbqyUIdWldylnRgKfcbDjWLw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:35 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELhaG-KJRgx2Q5PS5UVv5cc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 DcmEnabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 17DA 28 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9331698/472251111716293/SP21_CKU_FEM_HTML5_160x600-W-1/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9331698/472251111716293/SP21_CKU_FEM_HTML5_160x600-W-1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 11:52:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24832
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10285
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Mar 2021 11:52:43 GMT

GET
H3-Q050 200 10402880833034510387
s0.2mdn.net/simgad/ Frame 45F7 1 MB
1 MB 8ms
8ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10402880833034510387?w=400&h=209

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47e90c0892a9e6a0c54e04f305932f808781214071fef9a3332e606d827388ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 00:00:07 GMT
x-content-type-options: nosniff
age: 67588
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1121085
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 09:25:27 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Mar 2022 00:00:07 GMT

GET
H3-Q050 200 container.html
3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 45F7 6 KB
6 KB 6ms
6ms Image
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2973
x-xss-protection: 0
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
server: sffe
vary: Accept-Encoding
content-type: text/html
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Mar 2022 18:46:34 GMT

GET
DATA 200
OK truncated
/ Frame 45F7 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 38354e6a0119fe113356e1506a115ca148a6b9ea22cf88136baa9167d6fde794

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16716623382612323366/ Frame 45F7 13 KB
13 KB 45ms
44ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16716623382612323366/downsize_200k_v1?w=400&h=209

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69b05de5271b36d3c033cafb3e5c6ed972d9cb83f2da078797f09e30c130d762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
last-modified: Fri, 17 Jan 2020 12:06:29 GMT
server: sffe
x-dns-prefetch-control: off
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
expires: Sun, 20 Mar 2022 18:46:35 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13646650426232018405/ Frame 45F7 11 KB
11 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13646650426232018405/downsize_200k_v1?w=400&h=209

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bbc1b2ca55b6ac7ae967c69d5d22314d70344fdbfc230d54c5eb6b54b98a84a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 20:38:02 GMT
x-content-type-options: nosniff
age: 166113
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11353
x-xss-protection: 0
last-modified: Thu, 17 Oct 2019 14:42:35 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Mar 2022 20:38:02 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12434149367734870809/ Frame 45F7 19 KB
19 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12434149367734870809/downsize_200k_v1?w=400&h=209

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fbf8cf2a318a00d46a30d0710a91a04a310be1e1a0a39fe4b5b67b0370a6fed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 09:38:15 GMT
x-content-type-options: nosniff
age: 32900
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19404
x-xss-protection: 0
last-modified: Wed, 03 Mar 2021 11:00:29 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Mar 2022 09:38:15 GMT

GET
H3-Q050 200 6031607938391896960
tpc.googlesyndication.com/daca_images/simgad/ Frame 45F7 18 KB
18 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/6031607938391896960?w=400&h=209

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2750df65bf5381092d06c12e61d2518d82fd2602c38039d609b0c4b662701344

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 06:52:18 GMT
x-content-type-options: nosniff
age: 42857
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18720
x-xss-protection: 0
last-modified: Sat, 27 Aug 2016 19:43:14 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Mar 2021 06:52:18 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/10840131548420876629/ Frame 45F7 14 KB
14 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10840131548420876629/downsize_200k_v1?w=400&h=209

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e50b4bb1c8f28f2921f6ae06a9023339b268a936a55f6f27310e826d24361f50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 09:38:12 GMT
x-content-type-options: nosniff
age: 292103
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13857
x-xss-protection: 0
last-modified: Fri, 15 Jan 2021 13:39:36 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Mar 2022 09:38:12 GMT

GET
H3-Q050 200 4589776928829351309
tpc.googlesyndication.com/daca_images/simgad/ Frame 45F7 22 KB
23 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/4589776928829351309?w=400&h=209

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4cbe6d9e5212ea12e189a83eefcd3d81fb9d1d05cff7dfce48daa6c205f8da1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 12:00:50 GMT
x-content-type-options: nosniff
age: 197145
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23022
x-xss-protection: 0
last-modified: Fri, 24 Nov 2017 07:28:58 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Mar 2021 12:00:50 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/3342225559902818525/ Frame 45F7 12 KB
12 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3342225559902818525/downsize_200k_v1?w=400&h=209

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0aabe6dd8a616b341370083a0b80966f424e375960eb4db2992f53454a2d00a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 12:49:38 GMT
x-content-type-options: nosniff
age: 107817
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12383
x-xss-protection: 0
last-modified: Wed, 10 Mar 2021 13:48:55 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 12:49:38 GMT

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame FBBC 0
27 B 79ms
79ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0430
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUJadwVh8jDsQeMSERsckcxqUGu7I5G4bbnSqZ8...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUZaREN3QUFCSzhhV2hudw&google_push=AQvitUJadwVh8jDsQeMSERsckcxqUGu7I5G4bbnSqZ8PZtKWIO4lfTTu79UknIOLSz5Hh0tEpDChaRD1DtEVseV__heO_YfgFOTg

170 B
190 B

73ms
73ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUZaREN3QUFCSzhhV2hudw&google_push=AQvitUJadwVh8jDsQeMSERsckcxqUGu7I5G4bbnSqZ8PZtKWIO4lfTTu79UknIOLSz5Hh0tEpDChaRD1DtEVseV__heO_YfgFOTg

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUZaREN3QUFCSzhhV2hudw&google_push=AQvitUJadwVh8jDsQeMSERsckcxqUGu7I5G4bbnSqZ8PZtKWIO4lfTTu79UknIOLSz5Hh0tEpDChaRD1DtEVseV__heO_YfgFOTg
Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0430
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEPP-jRj5zA4o1gefVeSVe2g&google_cver=1&google_push=AQvitUKdgAO4Ar4g4dqrqkRg_zErNj8KM8pLqdgeJwREYuiTK9ejEhZPKtAPNEd9Rc2-IIH_xMn-J...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AQvitUKdgAO4Ar4g4dqrqkRg_zErNj8KM8pLqdgeJwREYuiTK9ejEhZPKtAPNEd9Rc2-IIH_xMn-JPB5L1HeDE-bgGpErUa6IJ75

170 B
190 B

78ms
78ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AQvitUKdgAO4Ar4g4dqrqkRg_zErNj8KM8pLqdgeJwREYuiTK9ejEhZPKtAPNEd9Rc2-IIH_xMn-JPB5L1HeDE-bgGpErUa6IJ75

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 20 Mar 2021 18:46:35 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AQvitUKdgAO4Ar4g4dqrqkRg_zErNj8KM8pLqdgeJwREYuiTK9ejEhZPKtAPNEd9Rc2-IIH_xMn-JPB5L1HeDE-bgGpErUa6IJ75
x-li-proto: http/2
x-li-pop: prod-eda6
content-length: 0
x-li-uuid: FSmHFlwhbhbA0ZpGVysAAA==

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0430
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESENrVas2bbyksDbCGD1xaxRI&google_cver=1&google_push=AQvitUL8Q5u8HCIj221TnEettHXLbVKSRU7Jh7NyhavXdrJewoc94EJ1qOOUbacjS3x8duulF6IrZJaTEFGfEh5xu4uHQBxtvZC5
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=a0c5bTZ1UG1CVmlFbmtGVkRFTldZQQ%3D%3D&google_push=AQvitUL8Q5u8HCIj221TnEettHXLbVKSRU7Jh7NyhavXdrJewoc94EJ1qOOUbacjS3x8duulF6IrZJaTEFGfE...

170 B
190 B

64ms
64ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=a0c5bTZ1UG1CVmlFbmtGVkRFTldZQQ%3D%3D&google_push=AQvitUL8Q5u8HCIj221TnEettHXLbVKSRU7Jh7NyhavXdrJewoc94EJ1qOOUbacjS3x8duulF6IrZJaTEFGfEh5xu4uHQBxtvZC5

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=a0c5bTZ1UG1CVmlFbmtGVkRFTldZQQ%3D%3D&google_push=AQvitUL8Q5u8HCIj221TnEettHXLbVKSRU7Jh7NyhavXdrJewoc94EJ1qOOUbacjS3x8duulF6IrZJaTEFGfEh5xu4uHQBxtvZC5
date: Sat, 20 Mar 2021 18:46:36 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 243
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0430
Redirect Chain

https://sync3.sniperlog.ru/?src=ggl_nga&google_gid=CAESENNDiEMvKXdbcv_fz3cQZmA&google_cver=1&google_push=AQvitULurmJc0lIPCGLTtbeY1dklkLzoaw7ivxMO2z0jc9GvD0akfPX_6gjnjS67KIUCFPDnz0MPf953eMffyUAwsLZA...
https://sync.bumlam.com/?src=ggl_nga&google_gid=CAESENNDiEMvKXdbcv_fz3cQZmA&google_cver=1&google_push=AQvitULurmJc0lIPCGLTtbeY1dklkLzoaw7ivxMO2z0jc9GvD0akfPX_6gjnjS67KIUCFPDnz0MPf953eMffyUAwsLZANdW...
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AQvitULurmJc0lIPCGLTtbeY1dklkLzoaw7ivxMO2z0jc9GvD0akfPX_6gjnjS67KIUCFPDnz0MPf953eMffyUAwsLZANdWRUHSX

170 B
190 B

71ms
70ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AQvitULurmJc0lIPCGLTtbeY1dklkLzoaw7ivxMO2z0jc9GvD0akfPX_6gjnjS67KIUCFPDnz0MPf953eMffyUAwsLZANdWRUHSX

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: nginx
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AQvitULurmJc0lIPCGLTtbeY1dklkLzoaw7ivxMO2z0jc9GvD0akfPX_6gjnjS67KIUCFPDnz0MPf953eMffyUAwsLZANdWRUHSX
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0430
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEK...
https://sync.targeting.unrulymedia.com/csync/RX-57259296-7f71-433f-8361-73c5ae6ee27e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUJBQ5maxmkytJcCYfpjv...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUJBQ5maxmkytJcCYfpjvCcnnSAZMzCSbXv6NnzZgmmo9RuH7QN81s7k7YFIU8375ur5kFJZQDEBwf2CzwK4kh5fcqEppI1l&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4

170 B
190 B

67ms
67ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUJBQ5maxmkytJcCYfpjvCcnnSAZMzCSbXv6NnzZgmmo9RuH7QN81s7k7YFIU8375ur5kFJZQDEBwf2CzwK4kh5fcqEppI1l&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: Tengine
ETag: RX572592967f71433f836173c5ae6ee27e003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUJBQ5maxmkytJcCYfpjvCcnnSAZMzCSbXv6NnzZgmmo9RuH7QN81s7k7YFIU8375ur5kFJZQDEBwf2CzwK4kh5fcqEppI1l&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4
Connection: keep-alive
Content-Type: text/html

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0430
Redirect Chain

https://google.ops.beeline.ru/p?ssp=gl&google_gid=CAESEAJWktxM4U6THZRXyl7dBcE&google_cver=1&google_push=AQvitUImY5w6INPjwtvWeCtPa93L69bjfXGW5H2zF1qvX0vECQnpsEFqFIGNLBIM-oElKiSOVXyD8Rm3-baYGusGOQlDn...
https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=Y2EyODg0OWItZmQxNi00Zjc3LTg1OTctYTgxY2NjODU3NDU5&google_push=AQvitUImY5w6INPjwtvWeCtPa93L69bjfXGW5H2zF1qvX0vECQnpsEFqFIGNLBIM-...

170 B
190 B

77ms
77ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=Y2EyODg0OWItZmQxNi00Zjc3LTg1OTctYTgxY2NjODU3NDU5&google_push=AQvitUImY5w6INPjwtvWeCtPa93L69bjfXGW5H2zF1qvX0vECQnpsEFqFIGNLBIM-oElKiSOVXyD8Rm3-baYGusGOQlDnJ-QQYcwFQ

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 20 Mar 2021 18:46:35 GMT
x-route: http://upstream_cookiesync
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=Y2EyODg0OWItZmQxNi00Zjc3LTg1OTctYTgxY2NjODU3NDU5&google_push=AQvitUImY5w6INPjwtvWeCtPa93L69bjfXGW5H2zF1qvX0vECQnpsEFqFIGNLBIM-oElKiSOVXyD8Rm3-baYGusGOQlDnJ-QQYcwFQ
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS, GET, HEAD, POST, OPTIONS, PUT, DELETE
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true, true
x-host: 192.168.152.38
access-control-allow-headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 0430 0
16 B 49ms
48ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IIIjdKB3jLMaMVWANUg3BtkH1eWblFBnE1LwtXGi94QTuerbqFgPAwW4VKASEtiNA

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/ Frame 4D3D 1 KB
685 B 41ms
40ms Document
text/html 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90ac48aaad0a073eb0280633dbff6f92f19d2546de635addc92857114095b550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 586
date: Sat, 20 Mar 2021 18:46:35 GMT
expires: Sun, 21 Mar 2021 18:46:35 GMT
cache-control: public, max-age=86400
last-modified: Mon, 09 Mar 2020 09:30:20 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame 090C 0
28 B 82ms
82ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuD_9hcLfqYhnwCQelaHg1OINz_2-Gr5EbXixwGGnCl1HBYuRl4dw-tzhZVF5HVapJUcSeBjn7a8A0pBVEG0shS2L2Ok9dIA8-6FOVT86lhsuvGm5ybbf5bC6Nu1TLv9uz5NQtgszhyYOBpKwLBFn93HctGA_Sbhj_f0TIXFAehF96Y8s0p-n76pteOTqGPf95u5WGK6eqtadMXzpy-szr74zUMUiIIw8AZR92MGNbHcxvzWMkmO-NOvu6NYIf0uMxR4y7jrEeZZKZx2a8cx-ZRBqLULdU3FP2KsfBAH20anTKQi4sTxtP0mXnARwYAn-1cFYIkVA8k89b6waEoLeD7feHTFG0YdYXl9SrbDEQS9QzYiUMhNjTWjSAlhK4cxtQnjSn-5MdGnReTIVW0Dv_6258c6ecLOX4hKLXAiQxKJypuuL5PFfSnFeO55Yh5O-5J0Ns6PCysivS0zDCXG05pm32jNW86pZOuoK63IeGYBDwW4YlMvtLCP--HQqKeaCPd1EgKGHM7su_HLXbiQf8gxw9roN0Ufma75SEcI1U5TOQZebWWW4ACMLM9WuGRZPzz-XppP8JYHI6aNH55OfoT9FBIrHq3eVwHyjdQIuMwgeae6oXeYuHh8Tzz3yqUwuffMNesnROyEClob50JrT_DPs4LTcI3ID4LeX2rBVXZcPv6zIar1P0G3hoxY0XyWsEFWtzGWhPsWWVsgKWnCWECtwcrFLwwoC_IucysbUmS4MCINEi3ac4jTRdq-lxOKCim52BLgGwxFP79SGlb0Q4iBEnpyB2r4f02FIk_qJJq-0igdHsXpNOSaR-81OsLaKNiwSqkc7PL9qdYVc4A5rVkppwXiCBZLI8IuMitDpQ_TEWc0Co1MsNtHXEvGQDZnVdfayvnXGIf8uCQEDbmEiyMEoVuO9Y_iH5MMgf1vuMBgJt9Ns0lqtHlLYqIkWG5uVD2VeeIpqqxPORLSqntLPTu_z02tfSM8pp-k2cEUFf02v3FqTRayXqzJuILh7apfDpoNBeLa427xc8hyWXTSR6zib486TPe9MgQuDh83wRTLDlPYUVigrtP0_yNE-1_jr1NFcoaOS7E3-iS6rEfFl55YH1Zou4p0Kloqudh2LI4Gw8y2mK3p48YgWmyJfbgHt6nwGEYcBiy40TlwYUP0wcINu_Nju7mCuAEMmYh9Jgx4X6K8k-_34Vy4OFOg4MsyRfu9WQxIUDMcGWEbHut979ehJnXTvOsjKXbTChjqNffvzE&sai=AMfl-YSdqAA2YIsJ9h7RkIdurZeREtvFd_sbP-aiYI-uXnJWvi4cb7IVM-jfq1c2EexodhEOzVGPgCGm5ZZSqPWwEnxBlFVgWlIKkO_QUnEylTxyxTpUS-5VRbDAc6Ut7IgL1Yw_5ZYnvAoU-V0kOb9so4DeVx7YcA&sig=Cg0ArKJSzD05FGHAq4FyEAE&urlfix=1&omid=0&rm=1&ctpt=179&cbvp=1&cstd=173&cisv=r20210316.67713&adurl=

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 20 Mar 2021 18:46:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 090C 43 B
1 KB 234ms
86ms Image
image/gif 213.202.235.8
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extLi=25367865&extCr=130151284&extPm=295089156

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.8 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Sa, 20 Mrz 2021 06:46:35 GMT
Server: Microsoft-IIS/8.5
Date: Sat, 20 Mar 2021 18:46:34 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1633
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-Q050 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8121 478 B
252 B 17ms
17ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6WVRDvjt8BGN6H_JcBMAE&v=APEucNUqWu9YI1cG7-wY1bsvCBB23wVRKJouWkd-_L_GlXJeNI_VFeoDKinxCO8Rll8e-VSMCZhkmUtPKbpLx0yseMP_Qd9bEw

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CM6WVRDvjt8BGN6H_JcBMAE&v=APEucNUqWu9YI1cG7-wY1bsvCBB23wVRKJouWkd-_L_GlXJeNI_VFeoDKinxCO8Rll8e-VSMCZhkmUtPKbpLx0yseMP_Qd9bEw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUnVs0HFgYrfpIcE1QFnLXQHkokrjiJeaV0_MyhNEj1VjhLmW9HpAC2xuUMoW1k
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 20 Mar 2021 18:46:35 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame DC94 56 KB
22 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ay2v5XOLdnL3fv7ndfg2R6PIcC1kXBUWkH2HtpQ5QPaQ1Kc45zN-sft0NY9EjozjbBveKK91dI06m4S_yzf-U_m06DzUKZhs1SvJrKyZalOEkZC7-JeyvZ6z-_m97luFLK_LSYiSea-7kBbJFUPXRmHPISTg&dbm_d=AKAmf-B6TarPwBrz_PiJ6BhfS-YP6OR_PfYkf26xoqkFBqSfU5b_c8C3BF7TCndc52eDvo3-jqwmG7ctfjQr_h1fTutZ8tP-spxBfUGAus86tDvQb5nlgd9tsoJVNOt7nnZ8vc_0qF7cxifn6w--6k0wY78QzL9FHdc6ZKLljE68yV61WkAGtDk6SYE7Fsc1ZYxxc20Hk_u11ajlySICzsvce0sQ9wkBiAMEqp8Wo9aDM-HzDSsY1rRjfOZvPAyOrtR2znrxuzv5oJeh_aIZXTeePwcTvCmGkXw3SyU9gdXT2x225zYUWPYCq-dr50AXKBVOG_Hjv3S49XeIspv-JS4ByL_AZ41tm0-olaJihOzMT3yrMMNk6ccPOmOlnPxeAv7CKP_qhmfk9QDUF0LBfRbxT2SMuJUFwdXd3eLa5DkS6FlTMhHiwT4IUjWPKqUSJgNRJ46aEUcW11aeq-BU0T31j5p-Ti_3a-CRkbLD6ZvmgVpyB69e0uoEHB2w8xvcbtAg6mmZ5kQ8YVMrpFaXQwl9LY2spVVDetDTy3VIqrkq-zArPvJG5qLimlBjp5mfbmFi6HCn5zbuU7-N-0wUkmBsSu_0nDAqYgaBMiKpiIDR6gGDR_Qzl7J9q7qNvKczXVIkbAA2vHqx-CQBbUb_bHQc7b8_T3q8afc2Q9j6nB8-iJXPEAEFvkYNmPJ0To_V0wA2uYggFaUNDDFjph-a92vWEqDgIn1YyHgNbTMDcArFtpfsS6wE468UhIAwTLC6fSrE3r-Hxs3t35wytMXqvRWyc5BDClPl1fYw-519miNVza-TwRhMZ_2fNnCXvceQt9_Q9QhicCRC0HadpteYdfpgOh6MiTRN6uUiGq-XewPagMGKMI3r5I8bs9UXWfsahNX0GnHrjYZQyZw2AzxYRb4H85ag-iuAONAomibLVEn2-IF39hU81DQREH7Wq0f67ujkBYcYTGsaGm_RaeJlc2m9_fBI1UyiZqCk7BtPyNB1IweVz9UiMgXapobcW21uC3KFBWOYk-FEuJW9NUl9lSUW2WYItwcZ6GD58l9VNPLBkwb7ey3dVwBrzujMfX9YYDLCTLsw36ankGDhUkMo7GYkC_CDtQJCCTjbDeuWhqxpZgVcSEe4I6v2CkZXLxXqwNHN7IgmMM6qsHn5dDU8KlUG4Dh_gbQu_3cFnuOPAIWlT0gvGEdDrBhB-SpPiJhj3dgNNek8CtxBASYJi5jPvD9z_uawN-CxFH_Uzx-LvaNV5wbp9aVe_vUEuxO2qPK6f9icF5kTmru8n9lKfxiQU3Vety6PFW93nbZsohV5QzXpIKz-cRKbtXfsEBQIM-npYxI2LuuGvNPfFLLj3VZWovPNv4DJbRs89WT0MCA-Im9vT_hQS8bVbV6hhwmoKC5xbG-VW6Keaw4M_Am8DGyhQtN2CBW21wWSXMuvL9OAMIDIxEwJsdasLGPlonjNiEIE1d_YxxPbkEv9D5C1-i9L8BmIbNNmdO6TPcZJ0VG8XcIhji2U36Uq-JWKvuLhfSaNp4NWbW6wLcA1JFUzyOXE6c4eBWCEcejaO4rvq05P_HXpsVRvRVl177h9k3WBVepXnosJ-ZhypaX17v-kBDqnH5MopiprPdNoARNlBnWFP1OLIhybR8qETlKupq08E1aIWiwCWnSv5PbpHW_bNb5Om7I3XzV8adAf3KAdC1lUXg-ROGtLxBIeCyQIKN1qY1C3PXC9oyskg64H1dGXhClG4xDbBOkUVsOS_GtkVkorgNwFol2p24H7Ug16kSXaO5xpNj_6Ius-3GFhnklMUE_B23bEda2b3pH-WAglsOsBTdx5GQdI0xEwpnDOdzWxsG0r52PbVPwxXs_2w4Z13seSBgwKpjs5Nbr7mlbMqqQv2ZCk36iZ2MtXORXGxn0BW4Hc4hUjg2pCDzRzFA5JCnJ3N-Mj_ec6-qSGXysKpexH_eicby9FxsAV7u5zvEg4EWpN9KJDA2l-o1hQks_ylD_nIGcqrsMemS1CmyQxx-rlcvZLVZYpalSJblBFhd32TcSq1UI5Vjwj9p0vnVaWIzoSpEb7ZNjZu9Tx9SO9VmTIsUH8pnfzQDYwFbcG17XShNAl3daSa04VQ9hL9N8tT5dH00-sCfmITkPvSkUw5dhfqn2ASGuL_-YF5bT5lmyHaaz0RD4wS_XNIUKTlmox_TSp6NLFPFWi8I7YSbG5bqqnknmhqj5raT6w187CFyOC7We4g0nLIWdFT46FkZuZCpD2P2OEjHaTu_M_KAC75TVXOOBTs5sdu-zr31Qz3OL8Zyigo7g6wgi87A3qJN70FahOJ3TYKmspFMzG6Q3TrwYePNG2Bmv8lD-LOweMFftEy7LL8Aeb-mxJnDZJg8res8IZYXowf4DXSe0Qj9bj2c1B46FfC4uI2HgIka0sTDY4UTlRt_hXfBKzMG-oxcBmwyZ9kD7_wrv2UlKJGgXsO2ATo-q91I4yd2bXwwhQ1LlubYu5eEqht_kAnzEfMAGZmMvSbSuFISpAK3UJ90U13xtOkhSTjIWAN7-_d3TkAtCvYGf7HSUghzDm4xjI5bU76t1m2lxac1FM_79HEt5iVXQNMOR_VKlF1BumPxctSSPZxlWOdx79-V0ya0v2RIj15IRy87sbnmKoZdgXmPT-CToWhQyE-DSJ2NtAi1BKORwV0ODLokhX8VXNx8u4n_fapnnfGvt_sQas45kvnLc3MczSg_0JgMLv_rNzXxLizxQmF1XXHSP14oKFjv2t9xyyKWd42BDCdW5oTBuimepBo74aqNIC0z3iN1uST0pbtf6ZTCKM8BEIt5xi1V_GxLabtzkDukACIaGFV9yLBsJBz11QQ2WS8t1SnFZUYioPpFNSgPgxH-b6xYrzh3Wp9DNuO9OEkL9-uotb6PywApBr8DaHeOiWBw6li524YzGzqqN3vZYAu93ZNJ5OjTgieZ7-BulsrR86lPjirqEe9laZqb3aDWoDXt18iL0hCuoR31FW15UMY_6GqnMSOZAFehTd0rGTCInHCCSvgH-mKdlEkBjCLiPDzz3saLKlrv34HVy1mFPVZ6OG-XmgkJBG-oDOrH1xxQYguCKDbet9gv8Rjq72unHbQYiPXYNXExM&cid=CAASEuRosPrBl0K9xifAuZeEoI-i1w&rfl=1%2Chttps%253A%252F%252Fsubject.com.ua%252F%240

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf8301e988927102eeba4d9c528a1694a63aa86785f7e2f60abd07dfe48f5c11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22962
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC94 42 B
65 B 40ms
39ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DgJA1XDIZbbjyjc1bgpjVvZuPary1tnMrI_-hd9U_NedX7vHdWYTOuO_5RPtxfmOEe-Ok1HHWNFoOp8uZTFX7ljdUhGG4U5ERsMBt3VcebhsHCLPs

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame DC94 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:45:18 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DC94 117 KB
36 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:35 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame DC94 13 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:41:57 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame DC94 0
0 15ms
14ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRmwrBJGADJWWJsUdIITXSImsVUxbItzU_8ydE3JtqHDpwzXuqYKuxwG7ydguAhKDHfrPfdZ2qYmkKdZtGzNW7-sVWvvw
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CAE2 1 KB
750 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 20 Mar 2021 16:59:40 GMT
expires: Sun, 21 Mar 2021 16:59:40 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 6415
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 45F7 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3301c45d325907f095fff7ebefc2630b347e2c272a730d06660e957f52dc0c6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 090C 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:43:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115376
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 10:43:39 GMT

GET
H2 200 main.gr.19.8.175.js Show response
static.adsafeprotected.com/ Frame 090C 182 KB
58 KB 249ms
85ms Script
application/javascript 34.247.220.143
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.175.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=1499141&campId=46347355&pubId=1&placementId=328742660&adsafe_par&bundleId=&dealId=&bidurl=https://subject.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.220.143 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-220-143.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 7be8857ba72af31f2fdaf03eafad7d8b209b6efa9348c4afc875b2b740f048a0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 18:48:08 GMT
server: nginx/1.16.1
etag: W/"a814ca41068a734c86a57520036db2a8"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DC9A 1 KB
750 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 20 Mar 2021 16:59:40 GMT
expires: Sun, 21 Mar 2021 16:59:40 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 6415
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 090C 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8632ce1c45c1ee5126fec64b39b9eef9e1d3ae32e32dd472dd3237423c055da6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 45F7 16 KB
16 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 15 Mar 2021 18:27:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:37 GMT
server: sffe
age: 433136
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15872
x-xss-protection: 0
expires: Tue, 15 Mar 2022 18:27:39 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 45F7 10 KB
10 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6bbcc62f3b6a3ada1215006f0f6c04dbcc035efe815caf60e6a26eafc335b7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 03:54:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
server: sffe
age: 139940
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10048
x-xss-protection: 0
expires: Sat, 19 Mar 2022 03:54:15 GMT

GET
H3-Q050 200 container.html Show response
3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame C466 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Sat, 20 Mar 2021 18:46:34 GMT
expires: Sun, 20 Mar 2022 18:46:34 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
799 B 38ms
15ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=subject.com.ua

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
531 B 42ms
29ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=subject.com.ua

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
115 B 227ms
99ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/rtb.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://subject.com.ua
date: Sat, 20 Mar 2021 18:46:34 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H3-Q050 200 html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame DC94 176 KB
61 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 11:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24998
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62241
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Mar 2021 11:49:57 GMT

GET
H3-Q050 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/ Frame DC94 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ay2v5XOLdnL3fv7ndfg2R6PIcC1kXBUWkH2HtpQ5QPaQ1Kc45zN-sft0NY9EjozjbBveKK91dI06m4S_yzf-U_m06DzUKZhs1SvJrKyZalOEkZC7-JeyvZ6z-_m97luFLK_LSYiSea-7kBbJFUPXRmHPISTg&dbm_d=AKAmf-B6TarPwBrz_PiJ6BhfS-YP6OR_PfYkf26xoqkFBqSfU5b_c8C3BF7TCndc52eDvo3-jqwmG7ctfjQr_h1fTutZ8tP-spxBfUGAus86tDvQb5nlgd9tsoJVNOt7nnZ8vc_0qF7cxifn6w--6k0wY78QzL9FHdc6ZKLljE68yV61WkAGtDk6SYE7Fsc1ZYxxc20Hk_u11ajlySICzsvce0sQ9wkBiAMEqp8Wo9aDM-HzDSsY1rRjfOZvPAyOrtR2znrxuzv5oJeh_aIZXTeePwcTvCmGkXw3SyU9gdXT2x225zYUWPYCq-dr50AXKBVOG_Hjv3S49XeIspv-JS4ByL_AZ41tm0-olaJihOzMT3yrMMNk6ccPOmOlnPxeAv7CKP_qhmfk9QDUF0LBfRbxT2SMuJUFwdXd3eLa5DkS6FlTMhHiwT4IUjWPKqUSJgNRJ46aEUcW11aeq-BU0T31j5p-Ti_3a-CRkbLD6ZvmgVpyB69e0uoEHB2w8xvcbtAg6mmZ5kQ8YVMrpFaXQwl9LY2spVVDetDTy3VIqrkq-zArPvJG5qLimlBjp5mfbmFi6HCn5zbuU7-N-0wUkmBsSu_0nDAqYgaBMiKpiIDR6gGDR_Qzl7J9q7qNvKczXVIkbAA2vHqx-CQBbUb_bHQc7b8_T3q8afc2Q9j6nB8-iJXPEAEFvkYNmPJ0To_V0wA2uYggFaUNDDFjph-a92vWEqDgIn1YyHgNbTMDcArFtpfsS6wE468UhIAwTLC6fSrE3r-Hxs3t35wytMXqvRWyc5BDClPl1fYw-519miNVza-TwRhMZ_2fNnCXvceQt9_Q9QhicCRC0HadpteYdfpgOh6MiTRN6uUiGq-XewPagMGKMI3r5I8bs9UXWfsahNX0GnHrjYZQyZw2AzxYRb4H85ag-iuAONAomibLVEn2-IF39hU81DQREH7Wq0f67ujkBYcYTGsaGm_RaeJlc2m9_fBI1UyiZqCk7BtPyNB1IweVz9UiMgXapobcW21uC3KFBWOYk-FEuJW9NUl9lSUW2WYItwcZ6GD58l9VNPLBkwb7ey3dVwBrzujMfX9YYDLCTLsw36ankGDhUkMo7GYkC_CDtQJCCTjbDeuWhqxpZgVcSEe4I6v2CkZXLxXqwNHN7IgmMM6qsHn5dDU8KlUG4Dh_gbQu_3cFnuOPAIWlT0gvGEdDrBhB-SpPiJhj3dgNNek8CtxBASYJi5jPvD9z_uawN-CxFH_Uzx-LvaNV5wbp9aVe_vUEuxO2qPK6f9icF5kTmru8n9lKfxiQU3Vety6PFW93nbZsohV5QzXpIKz-cRKbtXfsEBQIM-npYxI2LuuGvNPfFLLj3VZWovPNv4DJbRs89WT0MCA-Im9vT_hQS8bVbV6hhwmoKC5xbG-VW6Keaw4M_Am8DGyhQtN2CBW21wWSXMuvL9OAMIDIxEwJsdasLGPlonjNiEIE1d_YxxPbkEv9D5C1-i9L8BmIbNNmdO6TPcZJ0VG8XcIhji2U36Uq-JWKvuLhfSaNp4NWbW6wLcA1JFUzyOXE6c4eBWCEcejaO4rvq05P_HXpsVRvRVl177h9k3WBVepXnosJ-ZhypaX17v-kBDqnH5MopiprPdNoARNlBnWFP1OLIhybR8qETlKupq08E1aIWiwCWnSv5PbpHW_bNb5Om7I3XzV8adAf3KAdC1lUXg-ROGtLxBIeCyQIKN1qY1C3PXC9oyskg64H1dGXhClG4xDbBOkUVsOS_GtkVkorgNwFol2p24H7Ug16kSXaO5xpNj_6Ius-3GFhnklMUE_B23bEda2b3pH-WAglsOsBTdx5GQdI0xEwpnDOdzWxsG0r52PbVPwxXs_2w4Z13seSBgwKpjs5Nbr7mlbMqqQv2ZCk36iZ2MtXORXGxn0BW4Hc4hUjg2pCDzRzFA5JCnJ3N-Mj_ec6-qSGXysKpexH_eicby9FxsAV7u5zvEg4EWpN9KJDA2l-o1hQks_ylD_nIGcqrsMemS1CmyQxx-rlcvZLVZYpalSJblBFhd32TcSq1UI5Vjwj9p0vnVaWIzoSpEb7ZNjZu9Tx9SO9VmTIsUH8pnfzQDYwFbcG17XShNAl3daSa04VQ9hL9N8tT5dH00-sCfmITkPvSkUw5dhfqn2ASGuL_-YF5bT5lmyHaaz0RD4wS_XNIUKTlmox_TSp6NLFPFWi8I7YSbG5bqqnknmhqj5raT6w187CFyOC7We4g0nLIWdFT46FkZuZCpD2P2OEjHaTu_M_KAC75TVXOOBTs5sdu-zr31Qz3OL8Zyigo7g6wgi87A3qJN70FahOJ3TYKmspFMzG6Q3TrwYePNG2Bmv8lD-LOweMFftEy7LL8Aeb-mxJnDZJg8res8IZYXowf4DXSe0Qj9bj2c1B46FfC4uI2HgIka0sTDY4UTlRt_hXfBKzMG-oxcBmwyZ9kD7_wrv2UlKJGgXsO2ATo-q91I4yd2bXwwhQ1LlubYu5eEqht_kAnzEfMAGZmMvSbSuFISpAK3UJ90U13xtOkhSTjIWAN7-_d3TkAtCvYGf7HSUghzDm4xjI5bU76t1m2lxac1FM_79HEt5iVXQNMOR_VKlF1BumPxctSSPZxlWOdx79-V0ya0v2RIj15IRy87sbnmKoZdgXmPT-CToWhQyE-DSJ2NtAi1BKORwV0ODLokhX8VXNx8u4n_fapnnfGvt_sQas45kvnLc3MczSg_0JgMLv_rNzXxLizxQmF1XXHSP14oKFjv2t9xyyKWd42BDCdW5oTBuimepBo74aqNIC0z3iN1uST0pbtf6ZTCKM8BEIt5xi1V_GxLabtzkDukACIaGFV9yLBsJBz11QQ2WS8t1SnFZUYioPpFNSgPgxH-b6xYrzh3Wp9DNuO9OEkL9-uotb6PywApBr8DaHeOiWBw6li524YzGzqqN3vZYAu93ZNJ5OjTgieZ7-BulsrR86lPjirqEe9laZqb3aDWoDXt18iL0hCuoR31FW15UMY_6GqnMSOZAFehTd0rGTCInHCCSvgH-mKdlEkBjCLiPDzz3saLKlrv34HVy1mFPVZ6OG-XmgkJBG-oDOrH1xxQYguCKDbet9gv8Rjq72unHbQYiPXYNXExM&cid=CAASEuRosPrBl0K9xifAuZeEoI-i1w&rfl=1%2Chttps%253A%252F%252Fsubject.com.ua%252F%240

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 213
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:43:02 GMT

GET
H3-Q050 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame DC94 21 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70d82c6075989e0082b4917c6685f5f6bec1e673d0a80160eac61b3f1cdcb1a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8471
x-xss-protection: 0
server: cafe
etag: 753583566593306265
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:46:32 GMT

GET
H3-Q050 200 160x600_1.jpg
s0.2mdn.net/9331698/472251111716293/SP21_CKU_FEM_HTML5_160x600-W-1/ Frame 17DA 51 KB
51 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9331698/472251111716293/SP21_CKU_FEM_HTML5_160x600-W-1/160x600_1.jpg

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a4d51fb05b2ac6e1b6b6c0175939bb398e797fd3ef8b03e89d387c2144b5c9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9331698/472251111716293/SP21_CKU_FEM_HTML5_160x600-W-1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 11:51:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 02 Mar 2021 15:16:55 GMT
server: sffe
age: 24932
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52283
x-xss-protection: 0
expires: Sun, 21 Mar 2021 11:51:03 GMT

GET
H3-Q050 200 160x600_.jpg
s0.2mdn.net/9331698/472251111716293/SP21_CKU_FEM_HTML5_160x600-W-1/ Frame 17DA 46 KB
46 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9331698/472251111716293/SP21_CKU_FEM_HTML5_160x600-W-1/160x600_.jpg

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d46cd86cfae31b51738ec9d05802c8948f23605f132695133245ea303ee0e104

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9331698/472251111716293/SP21_CKU_FEM_HTML5_160x600-W-1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 11:51:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 02 Mar 2021 15:16:55 GMT
server: sffe
age: 24932
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46679
x-xss-protection: 0
expires: Sun, 21 Mar 2021 11:51:03 GMT

GET
H3-Q050 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 43A5 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 19 Mar 2021 10:43:39 GMT
expires: Sat, 19 Mar 2022 10:43:39 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 115376
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 7ED2 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 13:05:00 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 106895
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 13:05:00 GMT

GET
H3-Q050 200 pixel
cm.g.doubleclick.net/ Frame 8121 170 B
190 B 68ms
67ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6WVRDvjt8BGN6H_JcBMAE&v=APEucNUqWu9YI1cG7-wY1bsvCBB23wVRKJouWkd-_L_GlXJeNI_VFeoDKinxCO8Rll8e-VSMCZhkmUtPKbpLx0yseMP_Qd9bEw

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8121
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDtCk6zXnp5XnSsXT62extI&google_cver=1

43 B
894 B

72ms
71ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDtCk6zXnp5XnSsXT62extI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6WVRDvjt8BGN6H_JcBMAE&v=APEucNUqWu9YI1cG7-wY1bsvCBB23wVRKJouWkd-_L_GlXJeNI_VFeoDKinxCO8Rll8e-VSMCZhkmUtPKbpLx0yseMP_Qd9bEw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:35 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDtCk6zXnp5XnSsXT62extI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8121
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1

43 B
894 B

75ms
75ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6WVRDvjt8BGN6H_JcBMAE&v=APEucNUqWu9YI1cG7-wY1bsvCBB23wVRKJouWkd-_L_GlXJeNI_VFeoDKinxCO8Rll8e-VSMCZhkmUtPKbpLx0yseMP_Qd9bEw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:35 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5323 0
25 B 41ms
41ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BAOQ3CkNWYKHqBcqM3gP3mJEIAAAAADgB4AQC&bg=!vb6lvvrNAAbUo7L91KM7ACkAdvg8WqClm87c1MxherS3Rl-S1rA9hkOKWIY8R-ew1PRtZlyA6QC1ywIAAAHbUgAAAH9oAQcKAQKRBXzv8h2FW_wpXiiz-W6ZtdWmMARM85YGOLRbHGKobXqznnatG8PMUlgJE8IGr-xV9J8ZGmoeux4_OgYz7fyBB_ezs-B2hsaSHIu5eL7qU1aBRAuyV1DPRlAprbI5u-AA1-ogIlIptTFTM-YZ-j_OIXjEuRaLpvUpLF2WUC7P0uTkYsegpZnkoSHTdaeAgFV2Iu2euTE5bVDA_D9V8q6-TTkr57EdHfXsZlN3CKcDLY41puHYH33EgNZZi0pCTsYMtcfhqMQdmaLV0U26MiHmeIW8QiKDBXj0_FJrJJxlW1Ath_pJiGYPH7XdhtJxaQkGnTUnLU_E_a4sMY0-mVDqJ7eZAmjBM8zZLG4ZKO1EzZe5UQKSlocYiy__WQpXv8ejvQlJ7zDZw1WfQQ8EzdVzORgQ0ZO8sxMIhZQqZrijeOvcnSLh3Eq7Dzx-hMMRgQxkGz5xbId8VNmvggqwHv4PXwqQxjpo8cexNUcUNhyboSY4Qnnph1pCq25p5xm2RYBvh7C3aqghVBAy2yfcfeIbxUZL7aEel51LxwoN7N7IBHz-Y8wGrVOYea09fbdUXLvXNvf_8OHDgma5Qy2QSZqkFfXBX7ZXq5dsi36-ufu8WyJIEGhCyIGZEtUkKQbnPWqFKPsizvn2paOUIGG1AgOlaL1z-r9aFCc1I7zxLOWwlbaf-GGkZQSgkBpn6Vrmg2MI5pV44baVNA4T4TqjmHnveu_GCWT8ewTGvI51ZX-1qw4vjwo3uWZ2bqRs-pfLTHRWjoDvDkTXUBGJDxAZzxe6MApR4VqmeYxzudRpapefg0VkAthoHr805YUxZfmFqpOx-koWLq-pO09SevfeGioL9g18uAn8UUxg9TqElQdwaQwzwUI2aGt3jQ_3mi5gAw9_cFza2opc2rW0OTO8LVT9sms8Jn_S22SD3GzyFaxuBMzamaNxh_iNzMosYBsftLuPrvUgmOBpL1pC0nM0odwqRvUywj1EWtRLqCqcrtE-hK_0gvVdRcbzRyspr62yfDmAJdV6a0d-lnWqzWR1xWU9vEom0FdIzzw6c2gzhzCtdugycDWw3oyaukW2Yhr0HkV1ZWf1JSX8YdLpHiZEjFyw8mrVVMj_Rw8wRWrEs2EgpWyXd8IAnoOKegLR9jSIzi-bbZ1lxOLKX6FHmnYx

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 Enabler_01_241.js Show response
s0.2mdn.net/879366/ Frame 4D3D 107 KB
37 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_241.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7cdfd59d0748ea8674458b0c70ac670b5f5f973ddb26b37b2f99b64ddb7a2a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 04:50:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50194
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37392
x-xss-protection: 0
last-modified: Tue, 14 Jan 2020 17:33:32 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Mar 2021 04:50:01 GMT

GET
H3-Q050 200 preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 4D3D 64 KB
16 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

659aba74af795768d9d8d2ed688e49cd5f47d9425d5a1630329a845759b4591d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16579
x-xss-protection: 0
last-modified: Mon, 12 Feb 2018 18:09:40 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Mar 2021 18:46:35 GMT

GET
H3-Q050 200 tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 4D3D 112 KB
38 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3b9597a90a43830b2a92897a5ef015ce5310e7f32dbb5cd1db2c807c5e6b036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38407
x-xss-protection: 0
last-modified: Wed, 04 Oct 2017 18:33:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Mar 2021 18:46:35 GMT

GET
H3-Q050 200 de_CH_polite.js Show response
s0.2mdn.net/creatives/assets/2377528/ Frame 4D3D 86 KB
27 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2377528/de_CH_polite.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

953051838ea784f9b0b5200190569adaf51ad084828043a8fc269f52c6427edd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 550
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27173
x-xss-protection: 0
last-modified: Sun, 14 Mar 2021 22:07:39 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Mar 2021 18:52:25 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 92D3 156 B
207 B 96ms
95ms XHR
text/xml 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-video-pub-7094677798399606&slotname=subject&ad_type=video&description_url=http%3A%2F%2Fsubject.com.ua&max_ad_duration=66000&videoad_start_delay=0&vpmute=0&vpa=click&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&sdkv=h.3.447.1&video_product_type=0&min_ad_duration=0&sz=800x450&adsafe=high&hl=en&ca_type=image&unviewed_position_start=1&output=xml_vast4&osd=2&frm=0&vis=1&sdr=1&num_ads=1&t_pyv=exclude&video_format=43&is_amp=0&u_so=l&mpt=videojs-ima&mpv=1.8.0&sdki=44d&adk=4096054978&sdk_apis=2%2C8&media_url=blob%3Ahttps%253a%2F%2Fsubject.com.ua%2F9aaec262-f893-4163-95b6-5f8156761aef&eid=44736621&url=https%3A%2F%2Fsubject.com.ua%2F&dlt=1616265993239&idt=1531&dt=1616265995652&cookie=ID%3D8ec5d9cabcd446ef%3AT%3D1616265994%3AS%3DALNI_Mbl_CGNmIt19n0jFd7-zNhLLP4AIQ&correlator=69646019472464&ad_block=1&ged=ve4_td3_tt1_pd3_la3000_er0.0.0.0_vi0.0.1200.1600_vp0_eb16491

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.447.1_en.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://imasdk.googleapis.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/xml; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0

GET
H3-Q050 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9FA4 478 B
252 B 17ms
17ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMY9oWTCzAB&v=APEucNXxUH96H-QuSL0RxFBr8tS6ibJ-O7CTpJF3i8CyYhJTKB6ZpAJNocT3VPIcX2J2VOZE6uBE9_do6QWk-7FuJHK8I9cKQQ

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CIKSIxC9tCMY9oWTCzAB&v=APEucNXxUH96H-QuSL0RxFBr8tS6ibJ-O7CTpJF3i8CyYhJTKB6ZpAJNocT3VPIcX2J2VOZE6uBE9_do6QWk-7FuJHK8I9cKQQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUlioT9ACMCfk3lMp6vQ89y3kzogCMLl9X21NdHXbXjO26qUHFdYLT1lKQbpF94
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 20 Mar 2021 18:46:35 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C466 40 KB
19 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DKC7FLAOfrIASV9b3cF3aB61VQpB_SghRl0zDYZ3hv22k7ZcBSwvllOR-i7K08cRl8QKuHwCCutmjWd0wmFP_cHc-w2WhxJKHQXnCkqJuSbGVGCWpHmYvXr89bZoguzk2x3ggC0gdPesV0wr1zVjuixc9-IA&dbm_d=AKAmf-Cmocc3tBl0HEsf7tZSfosBOfUgJFqsYhIo3Fsw7ncEHdyrNg_Itx0O9_maiwT8eO0seP2Wm_1C8h5ce9sYAOkHfJ3Ne7z5ggp8Kir2mZPvt6YC6UF0_Vr_eT1utz7O89g0mVRONkbDeBwv_YOireqK8p4rEdxP27uFgK7uTGLOS0l0eOSWzJfzXyeobQzqMoB8_6LZVhhxQ6mJ0aPDyhRsuCUd4LqR1gcXd2jXsJu0IDBSuduwdYIKy-mjcDLs5u02ySklEoSBpoLs5JHPBM3_Sx49_fzmpNuoaYGXKtBLPxM0I0ifYOQVGAbkmfvG0JUkz0K-m8HaAA8di79S9DozRxAYdPy0_Fhr3aE6pcOcz7NIOHfRlOl7sE77_YVFlygqSTY8OTRl1SUbvrp60S11oZsqw-nVnpzz1nP4imN6zUVeyqI0_ge2s1x84Jv_57o1bwKArBcTt7D6pBDvz5Iy_EvO38PmJk9Tgx_NJ1RzGrJ6VNY3pTS9yb3ZoKsQyGAirgXioZsuzO5KrmrQwSrnp6YuAkv-jevhybn27a_Wq-1GViTljeJlzv4BFVHitwoAiMcm9YSaIuM6n6_auKzY4ZNNmDsvmiF4SvO2YViwk8lHxnpVQWP73RhOSFXAwpters59QrwOIwlL7sQv7b5X77HaFylQ0Yq44mfmHIwVtzfrO4PSxqQlVd4yeMXz4Fv-xJ8v2rakakaA-mWwDrrTcPVLkJEGUaziVptjZLratcLj8kquDGSAad-qr7OUpQK0z58kGAEPuwaYz-AzQW-qgqJj9jKDGegB9P35u_95nev61vyUm2osjSiQprt0i3y-rMUzAK0W6_PN4ZZ_jS8rMhoL0A13EDhRkc5t73sS7o_xOPfEMJRNl1ZLwoADPkKePjEw7XFsr96QVEYz1MERtCm8zMrTTlHFSpSLl4yBivJQor-8VPUQBMOO9Hfz_d_2YeulUcj4qcG-XjjpVAwp4rfoe9xBz2bc-PayvbIrRQlpjkk6DB2uQ_sRcTQXNL37VnCMM6FM_E02SDd05t1gPw85G-qMePfkEiFTo99y2eU0Danvp3ckQv2eq2BvNa-Pn5z4tsVfHNhscueU9RaaFXuEUaNPtlYthcDp9ByAdhsPAs90Bn8Qkw2lNQ7YAV-JhwYAQql6n25Dzy7J1fWO4DH96deD8bv_TtNagHcQXQnG3ST_34J39Sq28Ie7BTQ4KBttnJIPQg_V_BFskD5VBWp4SatdePspnRF1_0B-ZX2nj20i_w8AtXLqCtXIEarcL0WRIK5e34mfBpM0AQVTmWnKL1H8zAWY9MqqY1M7D6KGwsfIRYPVWDkiTcWiIycUWhF2lE-1udyXB8RVszXi_n4rGpBCDpe3j9YU6dOxLtRMNZZJrBiCaE6O9lmrCPiPTEEsANYG4EtKJHvN0dWJHT5dedA_QVaHYcHojiJMxkPURdbux-NSbevHpKLghn3RT1gcSx6UU2KQXleF7BJg7lCGG3Qv7HKjt_5dsMBk73JKPlJbUhcUiPpSEyoJ_Be31dLzXWv0FDA7DtlSzQryrXKUK1kmEPH3NJWegaDYf5MIDGoiQQdTtMQioeh-vAyCzK238oseVBuWhjCRr1UNhoctyKld-NWMuQtOdPNaWkK3nMuhusTBKHbIchMtwLF36aztIcmPtpVAbknbqRNl4hbhn3rGcE3jC_pBH5xeNQw7-dQq69fsx_AfyF9MmOwXmQeQ7B3_DFDZyphBbl0EpH6mtyMyxNvKpbGcg-4Fw2xXKo2JDtZuOenRJ9ArtHVE8nPVFY5Am434Q9y2Ocp5WI9S4gCvIUNbhHwUkwEg61x-ElWH6NdGcRj6OQrUCVUnGtwrMHqGZwye5g-IIRLk1TKukRkp7TzihqPm_7c6XCeoBKBQd069H1qSGl20mTh6nbPamaoM29zx217q-yYpRaYj7bSRJzj74L7ihuHfYvkPqql4-ECj_uXDaxTAfxsuI1y4u5PGNlrOTkJ-mZVx1LNuWokRF7Rflp0cO1pO8kY0rjLP2eG_AtJf-smUUDhNZ4c1xbeZKNE5FpUk9oK9ZHbOCWStQ99JChfOfQ_b8mQlTMZPfLHu_ptxx4ZYGjdYh3dDzkGb1xV7bXCAZ4PDOrfL8MMLRY_VmPijpLtW2imIckl5d__SIyvGSHl_RV_BSK8iAzdmY-5SL_Ar8qPcNawnT3Ve_yrQ1Ekc21qKgfqZTME6iS3rYIfYCJZdMoRey030QJle30AknjKuNU3u9AQP8P3lwbusFF02YM8gAU407lG_6ceP7mWCGyZgln3M3MksN5RJvRfYmquU69AGTwuL-gyEWqn981hxVLufQCcI7_ZNH9UGcCJNVULjKixzadDnpKbcN1drdrsgSiqv02ySv7RQdRJv24K-5UIsofXPTizMDXYTLghjRaZD_feHd-8M-KKL5FHqaRKCuYAvnT1Bt64ddOlOPUXR5WhvBTTZo1ZF4TnRMIU1DvQI2JseyQPm3RfGG_38kqvwEJwsVyMEVVvM9pQXn2F_3FRvaG5egEzuaA5A8FVEMf0WjtjP8kBq2CRTlqYpVDdv12UrqpzSrDJcsAOGoqna_3tLMw_Vdh9qW5Kp-BCbGSQuRu9_ImZZBsK8-3lyBqwksAqH__qZIU0NNBpoRtga-A6C-JsGsuP0ENClsZw2HKqtFJrfB_bxhH0ua-E_hKu28awQK-15x6jIGJKrz8DbvpDdF0JOyqgEUis9Ak7_m9yU0E5ZO6GKFkzcirxIj6IveuvcPO20C5N1VGl23lKqKnR0Z5TApKL7EA6-vkP_aDXpziaRtRsoLTYiJRxc20fVjmxSRTlUCuag_KR5VOCdYv1cHxi7wasFDIHyPIvwg9JqSNp_TBoUBHBb7__IClh3H-Uq8RDuw7hHx5iWlQLrEvjjRTGF4zv9aaHx07-h2wOEKH-2FhNND7ecJmi0LzHYBbWdCuQhXYcKsqvMkxO7LXHGV_wYxS_fsLkQqixJsbk-vQxAcxL5jmPbgWUiPueW_qoeSdnJGdZgirM6pjgOARdQrtTUHrQEzv2Athq2dH1WUhU9bx2sMASYuvxSmoW6DWede4GLIA&cid=CAASEuRoujWd4ma9r9D4g8448QhRBA&rfl=1%2Chttps%253A%252F%252Fsubject.com.ua%252F%240

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c727a31d76ac2a75e9e5147f4e2159ccb46dd5091d7ed3edcd178cd800ba6ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19294
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C466 42 B
65 B 39ms
38ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CdK3MYvZWWLo8VsQpmqKpyiD1cRPmDIRgGOG5BoRMEscxzsqt5GTJFQ3D6qfD0mfFI1Hx0C7IB4O6-YoUtjmi1tdlNCK3fBvUt1ZTo0bme3hPVBsE

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame C466 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:45:18 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C466 117 KB
36 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:35 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame C466 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:41:57 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame C466 0
0 15ms
14ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSvGXFWLR1YlL2Ubgj_PZs-iiVcuROAaL4fIVOasVc3rLBYeKCs9-z0e8FRiBWIIlaBqqEyewDGTxESgxAD2RrswFrlFQ
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK mtrcs_876030.js Show response
s407.mxcdn.net/bb-mx/serve/ Frame DC94 136 KB
53 KB 271ms
127ms Script
text/javascript 104.75.88.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s407.mxcdn.net/bb-mx/serve/mtrcs_876030.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-140.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 1bbca8adf1df24f3ec82e294731277b9793101f885bc24f4f07cb579aca84b0d

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:35 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI COM NAV STA"
Cache-Control: public, max-age=48301
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 54059
Expires: Sun, 21 Mar 2021 08:11:36 GMT

GET
H3-Q050 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61660420/20201218090239950/ Frame 6569 3 KB
2 KB 41ms
39ms Document
text/html 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61660420/20201218090239950/index.html?e=69&leftOffset=0&topOffset=0&c=7kVpP2nLkf&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7068641b393a9908d2e1083fc049f195bf15b64e53bb0c38a12d94755cd9218

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61660420/20201218090239950/index.html?e=69&leftOffset=0&topOffset=0&c=7kVpP2nLkf&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1583
date: Sat, 20 Mar 2021 18:46:35 GMT
expires: Sun, 21 Mar 2021 18:46:35 GMT
cache-control: public, max-age=86400
last-modified: Fri, 18 Dec 2020 17:02:40 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame DC94 0
28 B 108ms
107ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstx1aKKD4KfnorZAudENPf8JtdrxdrxguNNcaY05pV7iEScmGevxFdTcRRSjRDONtGJ_cni9Cnt3YYdUWkA4pEbTFZ9vQqD95kOIE_Yrl5KqH7_jrVOLwzRYkOpLDtK5ym904GF4gm4KLvDKhSjDVbbWwy2LBf-nNc6io2dPmB86kUt4EVaYbHtur0YO77sDOoc0E31za1AtzZmTZR5Ip_vAAt_8ZU0WHjqsNlypZoeZi7BCGQvtgN1bR62jHSrAo7tLyLuQNmnqEBJfQWghCuh2PYEX8LeprMuA_S7u2FqRq8gi-f3RLguzpi8OqgL2_5vvYD9pGmrN_0BWKzb4mi1t0opmP2Xprf_b7nOH7D7WdIuVgRJ3MbIx4gc_lONNm7U7jvDwX2JqBwAN9B_FQFPhOoHK5MURgGYzwy7ouaMTBjckOq6LTTKLgIr1logUcp7UzyMhUZFMt3wJeWlN1IVFsXiUom7YL-XzwknTTUOeg5SgYhNFa31O4DX-JwTkZK7hcVe8pqc-JQUQgNCz-Msd55Q95Z5OezBajveaoeaHoQYQfykBmNqTpRANiwICUH0uJ4fNtePyDNFfL9P6V04TGRSP1-l-6_px_E1UhppW0V8lcyexVcZflDuhNUETJYkQShjmgapGn7FAmlCjliVSf4w2yD6D1P9PnSFRlTZYss31t1JH1JEcgbg9D3QEID5iYLUZORnNO3A3uwrUEjeBTpISz6_45YB9yqVtDXMzGb6ac8cfJCJQ_naXCyz11kVTrPUC6lWx5Q6ZOxMreQLSldVu1xkwMAchwgxVfP7QiTBwFN1PsJyzOkDxDrbQ9uSXKyzywX-Kp3g_5x7HfQQRSjeCcoGBCcrKa23TlTMp1cqzTJu1tdBmDz7nzSEF6V0Iu5kYCReAethAOjv90dH9IVOOLypqPsp2iI6YsambD5j7WwTgzG1Lk2_tIa7XWliAd6EF_0jjVligwYz1Zp1o_o1m9YJ9aQ0Oxjx5pGcqv6cq9UJ-JDcc6DF37LfYbbd4kSB_e9gB_yt0isYymA0GhxBdwIhk3pSGXM7N7j-8G2UsANnP_lztXR-qA_NOjaHTc1HOS7KAXUJPrXO6hivYSUyfMoKEvVwlWAjwUhliKOhKIyEkOMhY1Tpz3B63hlnJ6lJ6VLj607F5Xfc6ET8xM2Qz48K5bXzjHSP2pbkj31fNEiYjHDZiT2VvyrEFsbS0khjeQF-E0YSLQ7laowDkY6Vp2VmNjXmbZHLK-zRRF-J1gZx&sai=AMfl-YTzHjN6jpLv1r6WVczK5ELqIgsTKxcYsIMDyE3LmE3i-SOJNb3yCJEIyOneItMga-hShKHCmxs5N5COLOPJ7z0zyobqXMGOkC0WlSVvrVqEJQhhBEgbSc86iwzKYJKAf01OaDPWvxfGIK2WkZiU5O7U-fYHdrn1Ftt6eh_dynZGEUeFt92H_g&sig=Cg0ArKJSzCDrNu0ksrYqEAE&urlfix=1&omid=0&rm=1&ctpt=128&cbvp=1&cstd=124&cisv=r20210316.52974&adurl=

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 20 Mar 2021 18:46:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK gif
darcs.meinungsplatz.ch/tracking/ Frame DC94 43 B
634 B 471ms
77ms Image
image/gif 78.40.88.153
AS-BILENDI-TECH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://darcs.meinungsplatz.ch/tracking/gif?tag=1078&app=MPC&data={%22campaign%22:25050995,%22site%22:5137074,%22plc%22:289671920,%22ad%22:486086977}

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

78.40.88.153 , France, ASN51664 (AS-BILENDI-TECH, FR),

Reverse DNS

darcs.maximiles.com

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: NO-CACHE
date: Sat, 20 Mar 2021 18:46:36 GMT
x-content-type-options: nosniff
last-modified: Thu, 16 Jul 2020 09:28:07 GMT
etag: "5f101da7-2b"
strict-transport-security: max-age=31536000; includeSubDomains; preload;
access-control-allow-methods: HEAD, GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-Cache no-store, must-revalidate, max-age=0
access-control-allow-credentials: Yes
accept-ranges: bytes
access-control-allow-headers: Keep-Alive,User-Agent,Content-Type,Accept,Authorization
content-length: 43

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame CAE2 70 B
265 B 264ms
86ms Image
image/gif 54.216.123.169
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESECnxagXAdB7blbtW1llGsek&google_cver=1&google_push=AQvitUK5Up9SJ6RTLJYDKpYjopmm1o-t2lMbn8YDkcysCp5n9FIP98wpfrwm3NmiSnpUoIEuwOfE2wj1gY3iAzOU1Wbj9J86-T0
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.216.123.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame CAE2 0
135 B 201ms
78ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEAiDWCY0cua0cllYoU7dvs4&google_cver=1&google_push=AQvitUJASMUzd7WUaE6SOf_K4OBYjz1xNryib1GN9LiKpvySMizzqMapsjyr7tetmfpBoezUxuZaAaAdiSceSIaXtKgkJfIOU7mi
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
via: 1.1 google
alt-svc: clear

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame CAE2
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKXS36OzYQPwwIs9Tk1ENLQ&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFZDCiR1UnH4_BHqPlI_UwAABGwAAAIB&google_push=AQvitUKPeLoNRAWhlBESQ4EkIJP3XKTryOP6f7DuNrZ6PkrHGSjxr-6HkWPXPtjPB1anj9nY0f8bNiVc2H34Lugmwd...

170 B
190 B

70ms
70ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFZDCiR1UnH4_BHqPlI_UwAABGwAAAIB&google_push=AQvitUKPeLoNRAWhlBESQ4EkIJP3XKTryOP6f7DuNrZ6PkrHGSjxr-6HkWPXPtjPB1anj9nY0f8bNiVc2H34LugmwdPD2TpuOQ-4&google_cver=1&google_gid=CAESEKXS36OzYQPwwIs9Tk1ENLQ

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:35 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFZDCiR1UnH4_BHqPlI_UwAABGwAAAIB&google_push=AQvitUKPeLoNRAWhlBESQ4EkIJP3XKTryOP6f7DuNrZ6PkrHGSjxr-6HkWPXPtjPB1anj9nY0f8bNiVc2H34LugmwdPD2TpuOQ-4&google_cver=1&google_gid=CAESEKXS36OzYQPwwIs9Tk1ENLQ
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 460
Expires: Sat, 20 Mar 2021 18:46:35 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame CAE2
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEFY1XaYAnINz1lb4JcUp5uY&google_cver=1&google_push=AQvitULC92R0c60NOE3zI3kEsrSnVoM3fHO9xIxAfsnkw2gPiwu4Igfb28RKwImELR_YK3gK3h8asBdKZMfni0Kp...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=79c471335c24696c7554&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AQvitULC92R0c60NOE3zI3kEsrSnVoM3fHO9...

170 B
213 B

68ms
68ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=79c471335c24696c7554&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AQvitULC92R0c60NOE3zI3kEsrSnVoM3fHO9xIxAfsnkw2gPiwu4Igfb28RKwImELR_YK3gK3h8asBdKZMfni0Kp3LLcnbtSBpsp

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 20 Mar 2021 18:46:35 GMT
via: 1.1 92eff4f17f8a434975f912a39f575296.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: DUS51-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=79c471335c24696c7554&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AQvitULC92R0c60NOE3zI3kEsrSnVoM3fHO9xIxAfsnkw2gPiwu4Igfb28RKwImELR_YK3gK3h8asBdKZMfni0Kp3LLcnbtSBpsp
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: Sp8vxK9co1fzgwmD407vxrl997-GoWFE189QWn9qdLqQD_7SsHkzYQ==

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame CAE2
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEPoDX1f7tnu8DHmVPo5AjKQ&google_cver=1&google_push=AQvitUJhVNGtv9fq06H32rEVDXS7k-AV96IuCSf7Bi_zv1weRZFoMrmdFzGgVh0xdScvWnG5a4WHnMS8kfTwnn7t0eScDs...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEPoDX1f7tnu8DHmVPo5AjKQ&google_cver=1&google_push=AQvitUJhVNGtv9fq06H32rEVDXS7k-AV96IuCSf7Bi_zv1weRZFoMrmdFzGgVh0xdScvWnG5a4WHnMS8kfTwnn7t...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=TGERbEdTRECE9aizJNvxEw&google_push=AQvitUJhVNGtv9fq06H32rEVDXS7k-AV96IuCSf7Bi_zv1weRZFoMrmdFzGgVh0xdScvWnG5a4WHnMS8kfTwnn7...

170 B
190 B

70ms
70ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=TGERbEdTRECE9aizJNvxEw&google_push=AQvitUJhVNGtv9fq06H32rEVDXS7k-AV96IuCSf7Bi_zv1weRZFoMrmdFzGgVh0xdScvWnG5a4WHnMS8kfTwnn7t0eScDsfyKfVj

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=TGERbEdTRECE9aizJNvxEw&google_push=AQvitUJhVNGtv9fq06H32rEVDXS7k-AV96IuCSf7Bi_zv1weRZFoMrmdFzGgVh0xdScvWnG5a4WHnMS8kfTwnn7t0eScDsfyKfVj
date: Sat, 20 Mar 2021 18:46:36 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame CAE2
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEALhzRHdUPsltApIinqfBE4&google_cver=1&google_push=AQvitUL0Xy0w7tTiQgIyqkWNO8mtGjFqFiFW5YAXa-nzRaw6CI4MIgKwTld59OY65bwvz_pQwX3-h1QRZi34TulST4UphNBL7etN
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjU5MjY3NTk2NTM1NjMwNzAwMFYxMA%3d%3d&mn_hm=MjU5MjY3NTk2NTM1NjMwNzAwMFYxMA%3d%3d&google_sc=1&google_push=AQvitUL0Xy0w7tTiQgIyqkWNO8mtGjF...

170 B
190 B

64ms
64ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjU5MjY3NTk2NTM1NjMwNzAwMFYxMA%3d%3d&mn_hm=MjU5MjY3NTk2NTM1NjMwNzAwMFYxMA%3d%3d&google_sc=1&google_push=AQvitUL0Xy0w7tTiQgIyqkWNO8mtGjFqFiFW5YAXa-nzRaw6CI4MIgKwTld59OY65bwvz_pQwX3-h1QRZi34TulST4UphNBL7etN

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjU5MjY3NTk2NTM1NjMwNzAwMFYxMA%3d%3d&mn_hm=MjU5MjY3NTk2NTM1NjMwNzAwMFYxMA%3d%3d&google_sc=1&google_push=AQvitUL0Xy0w7tTiQgIyqkWNO8mtGjFqFiFW5YAXa-nzRaw6CI4MIgKwTld59OY65bwvz_pQwX3-h1QRZi34TulST4UphNBL7etN
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html
Content-Length: 154
X-MNET-HL2: E
Expires: Sat, 20 Mar 2021 18:46:36 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame CAE2
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEP8jjuXueMRzcRDJPUI95tA&google_cver=1&google_push=AQvitUI6IW0_iq2UqfOcmQnnekfmwyS_G0meWMvfb9zvOHiOcqDGwQG91hlxN_NJ8TQ0jovBvX...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEP8jjuXueMRzcRDJPUI95tA&google_cver=1&google_push=AQvitUI6IW0_iq2UqfOcmQnnekfmwyS_G0meWMvfb9zvOHiOcqDGwQG91hlxN_NJ8TQ0jovBvX...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS00SjRYV2Y5RTJ1SDFVWGdNRHdEdHpfTk5rVDVFek52WH5B&google_push=AQvitUI6IW0_iq2UqfOcmQnnekfmwyS_G0meWMvfb9zvOHiOcqDGwQG91...

170 B
190 B

70ms
69ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS00SjRYV2Y5RTJ1SDFVWGdNRHdEdHpfTk5rVDVFek52WH5B&google_push=AQvitUI6IW0_iq2UqfOcmQnnekfmwyS_G0meWMvfb9zvOHiOcqDGwQG91hlxN_NJ8TQ0jovBvXzEnB4I3dISRtS_pzP73lL2W6ds

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS00SjRYV2Y5RTJ1SDFVWGdNRHdEdHpfTk5rVDVFek52WH5B&google_push=AQvitUI6IW0_iq2UqfOcmQnnekfmwyS_G0meWMvfb9zvOHiOcqDGwQG91hlxN_NJ8TQ0jovBvXzEnB4I3dISRtS_pzP73lL2W6ds
Connection: keep-alive
Content-Length: 0

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame CAE2 0
16 B 76ms
76ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J8Xodgur_rRONlCcSIEKbj8qMdzoPzxhCiaZowUxeHFpjNwNXglsSZ07fTnhxGyENvcd4VEg

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 container.html Show response
3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 48BE 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031701.js?31060521

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Sat, 20 Mar 2021 18:46:34 GMT
expires: Sun, 20 Mar 2022 18:46:34 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame DC9A
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEEKqUmQPWBXwcrFNQgc_j7k&google_cver=1&google_push=AQvitUIIb5svAEdbEl6raV9nKs-B-XDDyKQpWirit7hnR0buxgqc2fjPQolzog8ztEXHvDn0G9uBvNXniVh4EE_rvBnrR8PgL9SV
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Q2lBczdHZW1CREtDdk9sTURFTldZQQ%3D%3D&google_push=AQvitUIIb5svAEdbEl6raV9nKs-B-XDDyKQpWirit7hnR0buxgqc2fjPQolzog8ztEXHvDn0G9uBvNXniVh4E...

170 B
190 B

64ms
63ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Q2lBczdHZW1CREtDdk9sTURFTldZQQ%3D%3D&google_push=AQvitUIIb5svAEdbEl6raV9nKs-B-XDDyKQpWirit7hnR0buxgqc2fjPQolzog8ztEXHvDn0G9uBvNXniVh4EE_rvBnrR8PgL9SV

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Q2lBczdHZW1CREtDdk9sTURFTldZQQ%3D%3D&google_push=AQvitUIIb5svAEdbEl6raV9nKs-B-XDDyKQpWirit7hnR0buxgqc2fjPQolzog8ztEXHvDn0G9uBvNXniVh4EE_rvBnrR8PgL9SV
date: Sat, 20 Mar 2021 18:46:36 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 243
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H/1.1 200
OK us.php
c.eu1.dyntrk.com/adx/ga/ Frame DC9A 0
215 B 88ms
87ms Image
text/plain 51.178.20.139
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEOCMby_Wl5Z7xqyGtDtZHzc&google_cver=1&google_push=AQvitUKTjARO5tQ9ZWt-nrAMv5fFqqgCN7RqCAkdbSQJl7A9LodE1JlSchEb6nK0sovU1DpyWAFgpZ0YMs1Rf59HL2SvsOVnwoxY
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.20.139 , France, ASN16276 (OVH, FR),
Reverse DNS: proxy0393.eu3.dynfactory.com
Software: proxy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate, no-transform
x-rc: 10
server: proxy
content-length: 0
content-type: text/plain

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame DC9A
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESENety-rNC_4kN9ha5faszLA&google_cver=1&google_push=AQvitUL_-AlbOpy7dVw41bwJyq_R04WH7Jyey2l9EspYH853xRm_RnFF5TrAPB3zzxCvFN17gE-f3H6HS9oqwXB4a_8HLmd...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUL_-AlbOpy7dVw41bwJyq_R04WH7Jyey2l9EspYH853xRm_RnFF5TrAPB3zzxCvFN17gE-f3H6HS9oqwXB4a_8HLmdQxT3U&google_hm=NzM5OTAzNjY5MDA1NzE3NT...

170 B
190 B

79ms
79ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUL_-AlbOpy7dVw41bwJyq_R04WH7Jyey2l9EspYH853xRm_RnFF5TrAPB3zzxCvFN17gE-f3H6HS9oqwXB4a_8HLmdQxT3U&google_hm=NzM5OTAzNjY5MDA1NzE3NTEwOQ%3D%3D

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 20 Mar 2021 18:46:35 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUL_-AlbOpy7dVw41bwJyq_R04WH7Jyey2l9EspYH853xRm_RnFF5TrAPB3zzxCvFN17gE-f3H6HS9oqwXB4a_8HLmdQxT3U&google_hm=NzM5OTAzNjY5MDA1NzE3NTEwOQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050 200 dot.gif
s0.2mdn.net/ Frame DC9A 43 B
67 B 46ms
43ms Image
image/gif 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEA4uCq1LKhgJHR_adJZwhMc&google_cver=1&google_push=AQvitUL9ZAG7dUJ_SQzPf44uztGc8y6qkzhIWmZchUvZvZ-10w6mAoDDyXCAImwYnptOwd6UPG1V6mkAJm7uWT9eOEG6FCb-WMWT

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Sun, 21 Mar 2021 18:46:35 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame DC9A
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEE41RIwiuQI7bVX2nHHrZgs&google_cver=1&google_push=AQvitULtM6XxoZQRyzU3yOXz2hspk-6r6piv9R6AGKAh9Ntd3i4ZQ334JyS4ZBwdp8NABty8TtER2w05Hva_oci5bNa1mNTGgfg2
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjI2NzI5MDIwMTgyNjMwNzY1Nw%3D%3D&google_push=AQvitULtM6XxoZQRyzU3yOXz2hspk-6r6piv9R6AGKAh9Ntd3i4ZQ334JyS4...

170 B
190 B

77ms
76ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjI2NzI5MDIwMTgyNjMwNzY1Nw%3D%3D&google_push=AQvitULtM6XxoZQRyzU3yOXz2hspk-6r6piv9R6AGKAh9Ntd3i4ZQ334JyS4ZBwdp8NABty8TtER2w05Hva_oci5bNa1mNTGgfg2

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjI2NzI5MDIwMTgyNjMwNzY1Nw%3D%3D&google_push=AQvitULtM6XxoZQRyzU3yOXz2hspk-6r6piv9R6AGKAh9Ntd3i4ZQ334JyS4ZBwdp8NABty8TtER2w05Hva_oci5bNa1mNTGgfg2
date: Sat, 20 Mar 2021 18:46:35 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

204
No Content

pub
cs.chocolateplatform.com/ Frame DC9A
Redirect Chain

https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEPUg8z_HvJT_pp7mjOE-eak&google_cver=1&google_push=AQvitULkgaHYP2s3bMu5ppiC7Gb_RYP5SWbBdme7fYD2f1RvLzcAFpri1XYlYGY7RoHd_J1-JEjBvDjkXsrFtN...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=TGJMQ1JBNEw2Vw==
https://cs.chocolateplatform.com/pub?pid=ebda

0
116 B

2269ms
138ms

Image
text/plain

34.196.174.57
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.chocolateplatform.com/pub?pid=ebda
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.174.57 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-174-57.compute-1.amazonaws.com
Software: openresty/1.11.2.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Sat, 20 Mar 2021 18:46:39 GMT
Server: openresty/1.11.2.4

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cs.chocolateplatform.com/pub?pid=ebda
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 242
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 dot.gif
s0.2mdn.net/ Frame DC9A 43 B
100 B 42ms
40ms Image
image/gif 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEDs3mH1Ct6K1Er2TmLOKyeE&google_cver=1&google_push=AQvitUIyW06rVF0aQqKNCxnu7sboCaQrAFJOk1MGTyWm4VJOq1_0adJeud53gMCpE199occ4lX_sAzs8OB3i9TZmSps68a9vM5xyDQ

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Sun, 21 Mar 2021 18:46:35 GMT

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame DC9A 0
16 B 75ms
73ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IBsvfAll5EWuGI2HLZz1Kkw_JlUBwkPtibNPgLcF4P7MX-XeuwcIqMjDqP5pCPmEpWo2XgMQ

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame DC94 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:43:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115376
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 10:43:39 GMT

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3AA8 1 KB
750 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 20 Mar 2021 16:59:40 GMT
expires: Sun, 21 Mar 2021 16:59:40 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 6415
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame DC94 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55f6414bf1547a0f0dad79379d601b3d9ee1293175989925e95e054af758d1c7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame ABC7 42 B
479 B 72ms
59ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu_16_C6fXMwWqrbxNOi1-Z6HZpmqRjxUpE9c_wEHSQq8ssR1ygrGvYeF7QQ6TitE7n1hRh8FkpLC-zkEX7un8MecyCG66_Z3ZJxfSt0GZKScevF9ZTQBcndmg&sai=AMfl-YTB-xYOuYwu5gS5vOGScXcAzdWCeo_9xhD-qXQZnnRSYT31Kn3jekHP35ZWyn8BFTE5Ef6JwCDifN1u8i3eR5nbzp4HwBFQRDZO12OyDmpnsZCbBsp9k52ARMVS&sig=Cg0ArKJSzO9rb1-43zpdEAE&cid=CAASEuRofnIquaftkLPHmAHqBolp8A&id=osdim&mcvt=1105&p=15,315,269,1285&mtos=0,1105,1105,1105,1105&tos=0,1105,0,0,0&v=20210317&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=4014636662&rs=4&met=mue&la=1&cr=0&osd=1&vs=4&rst=1616265994408&dlt=67&rpt=1&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame C466 21 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DKC7FLAOfrIASV9b3cF3aB61VQpB_SghRl0zDYZ3hv22k7ZcBSwvllOR-i7K08cRl8QKuHwCCutmjWd0wmFP_cHc-w2WhxJKHQXnCkqJuSbGVGCWpHmYvXr89bZoguzk2x3ggC0gdPesV0wr1zVjuixc9-IA&dbm_d=AKAmf-Cmocc3tBl0HEsf7tZSfosBOfUgJFqsYhIo3Fsw7ncEHdyrNg_Itx0O9_maiwT8eO0seP2Wm_1C8h5ce9sYAOkHfJ3Ne7z5ggp8Kir2mZPvt6YC6UF0_Vr_eT1utz7O89g0mVRONkbDeBwv_YOireqK8p4rEdxP27uFgK7uTGLOS0l0eOSWzJfzXyeobQzqMoB8_6LZVhhxQ6mJ0aPDyhRsuCUd4LqR1gcXd2jXsJu0IDBSuduwdYIKy-mjcDLs5u02ySklEoSBpoLs5JHPBM3_Sx49_fzmpNuoaYGXKtBLPxM0I0ifYOQVGAbkmfvG0JUkz0K-m8HaAA8di79S9DozRxAYdPy0_Fhr3aE6pcOcz7NIOHfRlOl7sE77_YVFlygqSTY8OTRl1SUbvrp60S11oZsqw-nVnpzz1nP4imN6zUVeyqI0_ge2s1x84Jv_57o1bwKArBcTt7D6pBDvz5Iy_EvO38PmJk9Tgx_NJ1RzGrJ6VNY3pTS9yb3ZoKsQyGAirgXioZsuzO5KrmrQwSrnp6YuAkv-jevhybn27a_Wq-1GViTljeJlzv4BFVHitwoAiMcm9YSaIuM6n6_auKzY4ZNNmDsvmiF4SvO2YViwk8lHxnpVQWP73RhOSFXAwpters59QrwOIwlL7sQv7b5X77HaFylQ0Yq44mfmHIwVtzfrO4PSxqQlVd4yeMXz4Fv-xJ8v2rakakaA-mWwDrrTcPVLkJEGUaziVptjZLratcLj8kquDGSAad-qr7OUpQK0z58kGAEPuwaYz-AzQW-qgqJj9jKDGegB9P35u_95nev61vyUm2osjSiQprt0i3y-rMUzAK0W6_PN4ZZ_jS8rMhoL0A13EDhRkc5t73sS7o_xOPfEMJRNl1ZLwoADPkKePjEw7XFsr96QVEYz1MERtCm8zMrTTlHFSpSLl4yBivJQor-8VPUQBMOO9Hfz_d_2YeulUcj4qcG-XjjpVAwp4rfoe9xBz2bc-PayvbIrRQlpjkk6DB2uQ_sRcTQXNL37VnCMM6FM_E02SDd05t1gPw85G-qMePfkEiFTo99y2eU0Danvp3ckQv2eq2BvNa-Pn5z4tsVfHNhscueU9RaaFXuEUaNPtlYthcDp9ByAdhsPAs90Bn8Qkw2lNQ7YAV-JhwYAQql6n25Dzy7J1fWO4DH96deD8bv_TtNagHcQXQnG3ST_34J39Sq28Ie7BTQ4KBttnJIPQg_V_BFskD5VBWp4SatdePspnRF1_0B-ZX2nj20i_w8AtXLqCtXIEarcL0WRIK5e34mfBpM0AQVTmWnKL1H8zAWY9MqqY1M7D6KGwsfIRYPVWDkiTcWiIycUWhF2lE-1udyXB8RVszXi_n4rGpBCDpe3j9YU6dOxLtRMNZZJrBiCaE6O9lmrCPiPTEEsANYG4EtKJHvN0dWJHT5dedA_QVaHYcHojiJMxkPURdbux-NSbevHpKLghn3RT1gcSx6UU2KQXleF7BJg7lCGG3Qv7HKjt_5dsMBk73JKPlJbUhcUiPpSEyoJ_Be31dLzXWv0FDA7DtlSzQryrXKUK1kmEPH3NJWegaDYf5MIDGoiQQdTtMQioeh-vAyCzK238oseVBuWhjCRr1UNhoctyKld-NWMuQtOdPNaWkK3nMuhusTBKHbIchMtwLF36aztIcmPtpVAbknbqRNl4hbhn3rGcE3jC_pBH5xeNQw7-dQq69fsx_AfyF9MmOwXmQeQ7B3_DFDZyphBbl0EpH6mtyMyxNvKpbGcg-4Fw2xXKo2JDtZuOenRJ9ArtHVE8nPVFY5Am434Q9y2Ocp5WI9S4gCvIUNbhHwUkwEg61x-ElWH6NdGcRj6OQrUCVUnGtwrMHqGZwye5g-IIRLk1TKukRkp7TzihqPm_7c6XCeoBKBQd069H1qSGl20mTh6nbPamaoM29zx217q-yYpRaYj7bSRJzj74L7ihuHfYvkPqql4-ECj_uXDaxTAfxsuI1y4u5PGNlrOTkJ-mZVx1LNuWokRF7Rflp0cO1pO8kY0rjLP2eG_AtJf-smUUDhNZ4c1xbeZKNE5FpUk9oK9ZHbOCWStQ99JChfOfQ_b8mQlTMZPfLHu_ptxx4ZYGjdYh3dDzkGb1xV7bXCAZ4PDOrfL8MMLRY_VmPijpLtW2imIckl5d__SIyvGSHl_RV_BSK8iAzdmY-5SL_Ar8qPcNawnT3Ve_yrQ1Ekc21qKgfqZTME6iS3rYIfYCJZdMoRey030QJle30AknjKuNU3u9AQP8P3lwbusFF02YM8gAU407lG_6ceP7mWCGyZgln3M3MksN5RJvRfYmquU69AGTwuL-gyEWqn981hxVLufQCcI7_ZNH9UGcCJNVULjKixzadDnpKbcN1drdrsgSiqv02ySv7RQdRJv24K-5UIsofXPTizMDXYTLghjRaZD_feHd-8M-KKL5FHqaRKCuYAvnT1Bt64ddOlOPUXR5WhvBTTZo1ZF4TnRMIU1DvQI2JseyQPm3RfGG_38kqvwEJwsVyMEVVvM9pQXn2F_3FRvaG5egEzuaA5A8FVEMf0WjtjP8kBq2CRTlqYpVDdv12UrqpzSrDJcsAOGoqna_3tLMw_Vdh9qW5Kp-BCbGSQuRu9_ImZZBsK8-3lyBqwksAqH__qZIU0NNBpoRtga-A6C-JsGsuP0ENClsZw2HKqtFJrfB_bxhH0ua-E_hKu28awQK-15x6jIGJKrz8DbvpDdF0JOyqgEUis9Ak7_m9yU0E5ZO6GKFkzcirxIj6IveuvcPO20C5N1VGl23lKqKnR0Z5TApKL7EA6-vkP_aDXpziaRtRsoLTYiJRxc20fVjmxSRTlUCuag_KR5VOCdYv1cHxi7wasFDIHyPIvwg9JqSNp_TBoUBHBb7__IClh3H-Uq8RDuw7hHx5iWlQLrEvjjRTGF4zv9aaHx07-h2wOEKH-2FhNND7ecJmi0LzHYBbWdCuQhXYcKsqvMkxO7LXHGV_wYxS_fsLkQqixJsbk-vQxAcxL5jmPbgWUiPueW_qoeSdnJGdZgirM6pjgOARdQrtTUHrQEzv2Athq2dH1WUhU9bx2sMASYuvxSmoW6DWede4GLIA&cid=CAASEuRoujWd4ma9r9D4g8448QhRBA&rfl=1%2Chttps%253A%252F%252Fsubject.com.ua%252F%240

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70d82c6075989e0082b4917c6685f5f6bec1e673d0a80160eac61b3f1cdcb1a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8471
x-xss-protection: 0
server: cafe
etag: 753583566593306265
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:46:32 GMT

GET
H3-Q050 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/ Frame C466 8 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 213
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:43:02 GMT

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame C466 0
28 B 105ms
104ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvRUNeNRILgajJkfQZ3UxWQ6UZSVgPBCT24KF85N3gwVCc8Q-deFm55YGpblVOBXm4lLYJgeRun-SJ31dnFkrSHj8uG9IuhnZgT8LyTtjT79JlsBuRX3h4vBU1sogJDNuyyd-rM37bK5IEExHdZVRgM-e5qAkJaYS2dTTtxaI_uvCyXeY-kDO_n7vxHGmUDUTrW5y3hxFNN1uQRWbJO--hkCJ4KhrbnpeSaGGlgFf07U2waNjh8DKQYpF-XbphK-rkBCSz6mDNTRlWI4LcnzUdRGausbhSVWJtYDFY2xXXfa95xgy2RYcLwBAxDsFWqRay4YJa49E5NmrflMdKNEP57ThCNhwKL6glqoPfghAHHYR6e8-F4Uq2jRcUJGVsfzbLRVCzLYUKMUg56AVYllZ4ZCApCi7VLNe4T6O2eGyRol1wZCgV2ySeYFcseVTJuM9_zLEJyeRrQHOEHWboC4ZP_fsDZUWa68wWq5Oli2DvOkBn81SiqXfxGoNxUJ6bT0uhBPV7sXwgxpv8GdPJ8--PdxMah1NhFNPbosZ2SWByooh44A8uo1JFB5H3Py08mBMp1TM6gASZFKpZLn2MzOAL2yEyycnwrboUX2p1A1IkigGoqLgyyfwQjYmGKjkoab1bQV_alOQjD_tf-0rk5A53O7XOgmkUsxc-QSEUP2CGod6YEHVCc1yPmJdDdtGEC-LpLuo0R5eyqZn9CrMZfgskPLthBxgIMr8a-e9gwx84PJzkQZtIs2JMAFvwKgNPkNhzdDhxk3x0v1CGaltd3T81H30j-Swv0ZJ6a07TOUVKQOIC0uIKvr5inNZM4PF_3CFAA2iR1kIFyPzFpVsQNkegbrH8MXdVH6OEqJwaCTaYXm2Txs8Czl7Y_gKhqJRX7C2TArOf9svB6mobb-0_ZDVp3QZmtmGk6bFk9wB23qwyfktr8FFIqKSMQCc8O6wI6Ft5prBooIiBxA1Bh73Dc8YxaNIp0LATisR40-s_APxsdCoN2O8wJDXr0u3MdI1kjeAcfXdTJ1G6aWFfizNSdZsLx9qP4KbFHB-_5rEMfSFbQZmlJmO9VB2zELTLNRFsEYMQCT85_x5ibSj5NTJNdypVyxhEnB3nQtLbsqjlmrBkPV4k5ViGgQy8w7z2cNZixRP4H_c2aQDnU3LyqR6QLNBB1GJjMlrLbceJ5cjtI86rHqGpEadlTb4056-pIHLKeldT_Hn5hpp9TC6IzEifSY1W_v2kdsOBkz_w&sai=AMfl-YTtnBmxyQpmrINY7k24OY4zo28rsiP2831bWPMBTkrByXGOIwxn4qLFoqtHqe3rwuvpn64Jyb6N5MZ5IhY1BK89y97ipWmZyQW-DuRk11QqSrXbNt3zo9O0xIJqcnC6rEf3g7-lPd8YXhTfa-EbxTCMXF3UXQ&sig=Cg0ArKJSzOZkGHj0l1vjEAE&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210316.17894&adurl=

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 20 Mar 2021 18:46:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C466 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:43:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115376
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 10:43:39 GMT

GET
H3-Q050 200 123RF_2020Q2_DE_Orange_728x90.jpg
s0.2mdn.net/4646536/ Frame C466 39 KB
40 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4646536/123RF_2020Q2_DE_Orange_728x90.jpg

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8b8965acadb680b3563e6fb9fe12e1ab9089c4dadf90eb46b37d2af6efa747c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 23:09:20 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 09:15:24 GMT
server: sffe
age: 70635
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40436
x-xss-protection: 0
expires: Sat, 20 Mar 2021 23:09:20 GMT

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame 090C 0
27 B 99ms
99ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
777 B 45ms
31ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=subject.com.ua

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 16ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=subject.com.ua

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EED0 42 B
66 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvgJkSa0ONZAxTYBX9XINAE7ccvgiZIQxG-i4CGg6sqfC2LsAvWWedJSimGphmYKkcIBY1404Pr4cLw9kt-jhwK4uzFdYXbaEepBaORzGUj3RSPm4GG-QMQZ6I&sai=AMfl-YQkLy880IG9PucGHqy_aaB-m_36v25igRNzTSVaKafwuBJhKTdv4ro7tjNfU-gY5R9OUH-gqOBLRtQa-D_myN33UDTFarnDnn-w5V-qUZ_ycXhN340k-zi0oSXI&sig=Cg0ArKJSzFJLU2kl_4QVEAE&cid=CAASEuRomdZTvRMCN-OSLgnFCfBNKw&id=osdim&mcvt=1074&p=362,1551,402,1592&mtos=1074,1074,1074,1074,1074&tos=1074,0,0,0,0&v=20210317&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3789431497&rs=4&met=ie&la=0&cr=0&osd=1&vs=4&rst=1616265994471&dlt=14&rpt=0&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 15B3 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 19 Mar 2021 10:43:39 GMT
expires: Sat, 19 Mar 2022 10:43:39 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 115376
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 pixel
cm.g.doubleclick.net/ Frame 9FA4 170 B
190 B 71ms
70ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMY9oWTCzAB&v=APEucNXxUH96H-QuSL0RxFBr8tS6ibJ-O7CTpJF3i8CyYhJTKB6ZpAJNocT3VPIcX2J2VOZE6uBE9_do6QWk-7FuJHK8I9cKQQ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9FA4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1

43 B
1014 B

69ms
69ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMY9oWTCzAB&v=APEucNXxUH96H-QuSL0RxFBr8tS6ibJ-O7CTpJF3i8CyYhJTKB6ZpAJNocT3VPIcX2J2VOZE6uBE9_do6QWk-7FuJHK8I9cKQQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:36 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9FA4
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1

43 B
894 B

67ms
67ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMY9oWTCzAB&v=APEucNXxUH96H-QuSL0RxFBr8tS6ibJ-O7CTpJF3i8CyYhJTKB6ZpAJNocT3VPIcX2J2VOZE6uBE9_do6QWk-7FuJHK8I9cKQQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:36 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame C466 0
50 B 94ms
93ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2E0D 478 B
252 B 18ms
17ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQx7uPARiO-d2WATAB&v=APEucNW9DoWC4mns-o8nJSkc3z18v4jYixTQCRAnkX3WmdPUwLxtdw7e4BGPtYfRvIytVGH4FS4vRP8gPg4xcz80T0MyJX8Gsw

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CMXlgQEQx7uPARiO-d2WATAB&v=APEucNW9DoWC4mns-o8nJSkc3z18v4jYixTQCRAnkX3WmdPUwLxtdw7e4BGPtYfRvIytVGH4FS4vRP8gPg4xcz80T0MyJX8Gsw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUlioT9ACMCfk3lMp6vQ89y3kzogCMLl9X21NdHXbXjO26qUHFdYLT1lKQbpF94
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 20 Mar 2021 18:46:35 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 get_page_signal_url_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/ Frame 48BE 4 KB
2 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/get_page_signal_url_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

858361d285ad5b0369469afc26ff28e975019a3b3a25ad4748e95178eae88192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 16:51:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6914
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2074
x-xss-protection: 0
server: cafe
etag: 10027585619949027602
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 16:51:21 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 48BE 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:45:18 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 48BE 117 KB
36 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:35 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 48BE 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:41:57 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 48BE 0
0 17ms
15ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ4KhVju2jwO-81f4OAine-VykWWA7RartqAEBZkuahrwaXEzwnRYS88lPd8rsDjHi-dpjLxJjjjzuSb7Rs-qtkowZgEQ
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 48BE 42 B
65 B 41ms
39ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BeS0FFEjwWSUVIf6m1yxctzocniSUMwNHkvAbtob18IyAZzWlKhthyd_heoyZTSYEuxsV1Z1pq2FMcCtH44c0gwdr2RBO3_M4bSzAcNGCFSimssdw

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 6569 110 KB
38 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61660420/20201218090239950/index.html?e=69&leftOffset=0&topOffset=0&c=7kVpP2nLkf&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61660420/20201218090239950/index.html?e=69&leftOffset=0&topOffset=0&c=7kVpP2nLkf&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 11:49:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24997
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Mar 2021 11:49:58 GMT

GET
H3-Q050 200 createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 6569 186 KB
48 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61660420/20201218090239950/index.html?e=69&leftOffset=0&topOffset=0&c=7kVpP2nLkf&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61660420/20201218090239950/index.html?e=69&leftOffset=0&topOffset=0&c=7kVpP2nLkf&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49100
x-xss-protection: 0
last-modified: Wed, 16 Mar 2016 13:51:35 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Mar 2021 18:46:35 GMT

GET
H3-Q050 200 201214_Retargeting2021_de_300x250_Rectangle_Vorsorgen_nachhaltig.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61660420/20201218090239950/ Frame 6569 41 KB
28 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61660420/20201218090239950/201214_Retargeting2021_de_300x250_Rectangle_Vorsorgen_nachhaltig.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61660420/20201218090239950/index.html?e=69&leftOffset=0&topOffset=0&c=7kVpP2nLkf&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51fd4444961573073fb7c9da334a434fe518749ee27dedbc2ff03428815a1a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61660420/20201218090239950/index.html?e=69&leftOffset=0&topOffset=0&c=7kVpP2nLkf&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 08:04:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38537
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28505
x-xss-protection: 0
last-modified: Fri, 18 Dec 2020 17:02:40 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Mar 2021 08:04:18 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C2A5 0
23 B 41ms
41ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B3RWZCkNWYOHCIYvO7_UPsbCU6AIAAAAAOAHgBAI&bg=!iomlic3NAAbUo7L91KM7ACkAdvg8WjJ1_g3Stq1OQOlMm_21nLHP5Z5I76pO-TumIKi6J85_qPUSpAIAAAIHUgAAAItoAQcKABPc2bxQVb-l3Mnfvh-5svoM457RmQJhWO_UXh8ROk4Fptjws8n5fyar3yNzPhbY-X_4YYjVbftrVs_q67oikPAnr1f48oggr_ArI2L_tlM8LUrh_NJDGShHKwKUxUEPJwDA3Go5nXo2f0Mdem-9-7bjwcHeIyeKXkmYKGB_01oC32gixtfF4SPDV1YbvkLTVXqsLdMfrBHYct-b7SK6ayfAZvu3T0dfUyPJ4AQj4Y_ZNLVGYy87-GRXdY0tTlAtaACVQX-Gy2vq6qiUZldmK0o_SC8GLxV4K5QTiUS2lVQo7iPxclR6EQEPd1fCIoTj7qX8gsTa1fEQfHT6Tnf-xYEG2w1QQyzj3CHmVvyKe9QzVSF0uM9ymDPbphMUhsvt2Nn8AHLoZUsEWolWQsFVQeSlmNgkILzmJ5YZaj5pVXp-kpE9hbTBFGIeUf9nXztQfYhNbjcFmQFvzEGjphJhPwGvYW2829WR5imeKkC2x3gS6oUmRgPz_pSVXTO2tHiGGOzS8g-efBnHjCIQba9Qu-vTAE7CqaNTqWyONDGvKPlcxCKs0YePqsfcQfVS8Ikw-3qNaiIEIxE5NcU1wMTCQY5Q65b1we2sOSuhFSW7EE6jrnfOp5L_YxpqcRtgQY4aCj_YcbGiqs_AwZDQnY55qsecfk511q1PRl9-qzheL__3ITILYOpC2g6N_83--AQpvBzPlJVWKcVyx3J2yd4l5CBN34_un4DGZ-gVxz1GuLwO8Dy2GCHwH3l4jROVDGh5rDDAVwuv-kdEyANDidSWw59uVFmOCLT1V-oa9CxrK5WeclF6aa-6LUQxBwqc4nTyll0nw7bHW-iS

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 233 KB
233 KB 143ms
142ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: 90225c8456a96a73e431ece4e40bbb502906967cae661b706a3831130b64f960

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=343852-582047

Response headers

Date: Sat, 20 Mar 2021 18:46:36 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 343852-582047/161125964
Connection: keep-alive
Content-Length: 238196

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 146ms
146ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:36 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H2 200 sca.17.5.1.js Show response
static.adsafeprotected.com/ Frame 61BF 82 KB
22 KB 83ms
83ms Script
application/javascript 34.247.220.143
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.1.js
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.220.143 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-220-143.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 134bdfef6b19c84bcb7dfc55f32065853ffdf1b05a8661caf172e56edacd427f

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:36 GMT
content-encoding: gzip
last-modified: Thu, 04 Mar 2021 17:39:07 GMT
server: nginx/1.16.1
age: 4
etag: W/"793767aa29c23c195c863f01f1e83e06"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame 090C 43 B
216 B 86ms
86ms Image
image/gif 34.241.165.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=925113&advId=1499141&campId=46347355&pubId=1&placementId=328742660&adsafe_par&bundleId=&dealId=&bidurl=https://subject.com.ua/&adsafe_url=https%3A%2F%2Fsubject.com.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-37%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:9f680a74-af9e-2e7f-b844-e26d23bdd2b1,c:7qTJ76,sl:na,em:true,fr:false,mn:app20ie,pt:1-5-15,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,fm:sse3p08+11%7C12%7C13%7C14%7C15%7C16%7C171%7C172%7C18%7C191%7C192%7C193%7C1a%7C1b1%7C1c%7C1d1%7C1d2%7C1d3%7C1d4%7C1e1%7C1e2%7C1e3%7C1e41%7C1f*.925113%7C1f1%7C1f2%7C1f3%7C1f4%7C1g1%7C1h1%7C1h2%7C1h3%7C1h4%7C1i1%7C1j1,idMap:1f*,pl:,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:577,oid:98942dd3-89ac-11eb-b6e6-02467abe7cd0,v:19.8.175,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.165.231 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-165-231.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
x-server-name: app27.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 43A5 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 13:05:00 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 106896
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 13:05:00 GMT

GET
H3-Q050 200 160x600_D_EU_Lantern.jpg Show response
s0.2mdn.net/creatives/assets/2373736/ Frame 4D3D 24 KB
25 KB 7ms
7ms XHR
image/jpeg 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2373736/160x600_D_EU_Lantern.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_CH_polite.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a58d4b9efe9392e21622aac0f89ac0a68bd6a6515711154e6ca17ec3ee0d7e20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With: XMLHttpRequest

Response headers

date: Sat, 20 Mar 2021 18:37:18 GMT
x-content-type-options: nosniff
last-modified: Tue, 10 Sep 2019 14:48:13 GMT
server: sffe
age: 558
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25047
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:52:18 GMT

GET
H3-Q050 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C5DF 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 19 Mar 2021 10:43:39 GMT
expires: Sat, 19 Mar 2022 10:43:39 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 115377
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 92D3 156 B
136 B 125ms
124ms XHR
text/xml 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-video-pub-2403018226404213&slotname=subject-v-pre-1&ad_type=video&description_url=http%3A%2F%2Fsubject.com.ua&max_ad_duration=66000&videoad_start_delay=0&vpmute=0&vpa=click&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&sdkv=h.3.447.1&video_product_type=0&min_ad_duration=0&sz=800x450&adsafe=high&hl=en&ca_type=image&unviewed_position_start=1&output=xml_vast4&osd=2&frm=0&vis=1&sdr=1&num_ads=1&t_pyv=exclude&video_format=43&is_amp=0&u_so=l&mpt=videojs-ima&mpv=1.8.0&sdki=44d&adk=4096054978&sdk_apis=2%2C8&media_url=blob%3Ahttps%253a%2F%2Fsubject.com.ua%2F9aaec262-f893-4163-95b6-5f8156761aef&eid=44736621&url=https%3A%2F%2Fsubject.com.ua%2F&dlt=1616265993239&idt=1531&dt=1616265996051&cookie=ID%3D28778c1da5901396%3AT%3D1616265994%3AS%3DALNI_MaSem3v6tjfk7lNJp5LOmQ60ZOsqQ&correlator=764814679235045&ad_block=1&ged=ve4_td3_tt1_pd3_la3000_er0.0.0.0_vi0.0.1200.1600_vp0_ts0_eb16491

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.447.1_en.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://imasdk.googleapis.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/xml; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 45F7 0
0 100ms
99ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CsGq_CkNWYOe4GbWorAS50qaABbjSiZxh9ZnVi_0M2LeDvJcfEAEgquzAI2D1lc6B4ASgAcGU5vECyAEGqQKFLjNT9g-yPqgDAcgDmwSqBNoBT9Bm85tFbf1LQfJyzZ3Il9iBjrX8DSHtk-C-GMKKaim10fE95VW8B4ihCo0PXy3WzBncg477MdBZuDtNSelgP-B86JlMMa8Lu1sL4grt75pL2CqwRTspU7P1Xd5KgImrJEbzeEHU6WgrpJ9eMbK2mBnEesKnTpuZGrSNMOj0DOa9dS5NWl_XfTMIdYLRUzbn3izqIP_aFzxNIfbiWYSUCZQYOcIjhR7HzLlAM3vdsjYfm4vyBm0RQOiXtMd3UysdL36mWKtBu2D8midFCUl5lnOHPJz6j6CV0KTABPSCo9m0A-AEA4gFjaq8ty2SBQYIAxADGAGSBQYIGxABGAGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBjeAB6frmY4BqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RvYBwHyBwoQlL5tGNPh-5oB0ggHCIBhEAEYHfIIG2FkeC1zdWJzeW4tODQyNzA5NzYwNDAzMjIxNIAKA8gLAbAT4ZqtCsgTwbGeCdATANgTDYgUAtgUAZgWAbIXGgoYCAASFHB1Yi04MzA5NzczODA4NjYxMzQ2&sigh=V70yblqLdo8&cid=CAQSPACNIrLMdU3wvLizi5syIHWaAAiCLu3HRSWebmHFlEBdauwGGG68jfYtJMZZurymxDXd1EQMACztUMguSQ&template_id=509&vt=10&cbvp=2&vis=1
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 ad
googleads.g.doubleclick.net/dbm/ Frame 45F7 42 B
99 B 27ms
26ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B2cRYaALvVkNWCUfnYKoyCpwr3MKdC4z01TFy5RJv4YWTQyuD8LGEwOFTKPp_iby4uo1_qbM7brwaNnVHQ9nKStjx50Bj859oOuHRZMATtaJhsQSd0U7Eyl_F7UdGfbh-HIgvS0vsisuv7wp3jz5rjvpta4A&dbm_d=AKAmf-AnxWgyhnzJdAYAAvHPDGb3mFud5Dc7oe706Hk9SRPKFG010DVYwcBgX2kIpA1RaM8PPOtD6ch_MJD4lLIxgw0icD_FWVTUhJEcU4jMTISjR7M4KMuqlXOHDPH-dHsSwGC1QV8dH2QZ5beMjKFOs_eGUAgGpmwBbK2_tZVEYledCecI7jWWpBBq66Qy61JBK7ihmqbdkyCGgJhOw2Qg2tL4GHKszTwyQMvFx4QJJVwomvHD_gRoVShinqXnrQAQt_E_NAqg29V3kO4KxSsz0qEI-DuM8iltwAeac0yxk0wmsMjJgiUJ7N-bziA55C5h8QJSNqBz-sEBAYebN2VN9RxvHZG0s0d_ejJVHYRvimMS_YSy-2egvviJAD9S251BWnLQoMRaIZw4zMWoyMjZ6ITC0nI9VsROE3Rnwix6T8ydvfKzagy2AC6rrmVLj2d8F7xRFvymf4pxMJWS5mYCFQ9wGyvOMzRW_XMGTVsFwUxdDMMgpra1e1NWi2tU3L_XRW3xiEHwgr16uafhV5HgtC1eW2hqIExLA238QpcLRvi7E9e4qU73V0DR6gayogjoSh-DQfO5Z6RojoQqolBLuYMopLkJyuTRwxOBh_ZDX8E0qocZ1iOUwYUQHOMQBMsYayTKcxp_1RN2R5XYUpVASl9t71CVgHCEXrNrjlDffkcPVOU6uPaHFRnkwtt2Bg_2T4gURA42jn8wQwYdCk4CrcX_ce31tT2ONh8m_LSEcZx6NU7AhukFnhyyBjXhWygGPFyKax7mPSGzlMkfirdtyFoRAO4PAiPMf-lPYaLFCR3085otSPvq8gEDLsYl9hSUR01uG8GByPrTk82-486ofsFKme2F-7cUzY9bICeu9MnGM8aaEEmWfXSffCExlVlxXuf_V7W62g12zzviGK6Egs6-tkLoHWqkt1veN7PQyvqLE97Gom-ehkOWsQwIppEX-xSxXUaXakFBX4VjB64kC_k8XmDnzusQ6KBh1JHah6gsJ6ESDgL3n2KCwFSlOhFzvstn46qlVLDu4RiH-bSW7jupw9y5QtFoSVHNEJA6st1D6YObEcUOGg6PukmxSDT1XhZQLRrpz1AmOasAY2olHqt1KDK32BSQAfqCULhJTMQrapUc5uWaXWx8kckfo983QpdlVzqJ44N6d2aC-ZlEf_evJyWm13KAuXPk4vxM0Hje_HdDiLCKdcadeykSF-4i1OwEs3Ad9J2QuOXirjM2IHKALKXrsxzenH80H6IZ4Lzp79AfsoNEQ2fiobZwJOjvBp97LBM7uFnk8hP4_xUrPs38VOuOYLfrEss2TtGf43a8UgWw87M-74VPNUG86Ubt3_jv9NfLjTDwOy23k9IrH2aKNHmtwkuwOHVMx-WYxzBv4aqWDDO3xFxuIdLqC9XOdtELcqK_Vuv8eK9w8sQ_6o-xhoYFKQtY6Mg-EvGlvk-ojatUL-Mo2zXZFZDBqiFz3zXBEu4wnMSR2Ct7P4BD-AhX_9o69E5Gbrs6Ebtz8QcKsQt9yjigyiipF3Uw0Dx0eT84t6LhhhxOQrCQyVImD6nMPhR3ro_R2Q3--81NQfRORg-DzmocI9e3mXA2NuxgzoFGzWw_IKGFton02abco5kKx3kmURnf6SUNa23Z-3xUTgv5WlcplD223FcKUt5PlGUXLky2KGhxqmrq_5nEPV_AwBu3CBLYT1zbEQFUAqBBGxsQoXUZWNI-omBEgBC-3eF8ccqO2uKG2QGoNkC99Tu2XLPvkXxQP_9pH_3PBR2zGsAessbpnJc341VINRg49kANSd9zCmJL6O98ISLC1Ei_P52ZU8nekPp0tde3ooD_ErRai8CqXXD1pXj3UZE92OERi4wXVYPtKNsr0qHJTz_q82RrV-1suEEZNm5nIHpDQWNpMRMY7ct8PnV7xO__SxzNCttlJaBscKN5vV3XwgJTSdO3UPFcUgYvZPbCxugv6dwsibauwqVDXRfiYd3UWcUTQwCak4CRojigXrn1tsEakUjxTZiJPydf1nYjrWqrmfbLJfYVPVuXxrSAsSun0Auad7HEzaDAEOZbXVe7UBoKAv2xZ2KiDhCCWeCv9OYiEKPUI5ycocvvoxrmsMzk34pOl0yaZquTNFVrzo3yQgiz1hCQzt09EkD5ZAsozmfcl7OuHYbgloV22hiXDXQQVhFUNKe3Hmw8zqjuIzA9iAhtb94HeLQRV7a882Had_X2b_iLqMnbLrMInvTf4wIJbvWbd5NLbYHr3V5QzUDIJoNcL4IbGt2gmpDlDX4mb_aFAqsjxEjX3uefaf1LW0W63ppw7itH8_8bPWxP9Sl54m6a-BEQtydfMJX66bmr0_2RNQyUYE5_eBw_REkDWVAMvwalrl56wYwThu1s34HA6-527WEZxoo0IIZHbttE4bpKGI1X75m-gcafNR8FNTfFiMx1avhdNFQAiHlBB8AIKLnhaTevlFdT_8Gqje7ecxgwDP4fsyrBcL3qTjKU8JdjwW38w2DaU_l1XBiLOqM4nml8A2_BuYO-qnsJCMogxvxRDvMEJMkDg-1mWtiK3jK14wV1XdP8QRqGS-odZUKwnIgXU-aGT1PaQohGlCCHloXrsVITg2TVOwtLmDGnRVukCQOAFydJsKQrad1hw6lx0HR-y9d5-hNk6WvNkQ_s7BCR8Aw-7AMMlWEDXyg8_iBuEENuMmo9AncbHgCfSoSSTyCXmw7JYyu5Co2IqGyVq5jPe2KTpxM35zu7gaNukLpps0-NNBGi8kx-xRuUXeM2cu-StkZlYAb-FO7gmYX84SWJ5i0Ey4eHUYkIpMQG82dX4gG5q5VtZWaOhzhsdFFcE1EFHmwBBFA04X2fO3T6OpWDjDoNmDkr8UUeu9xGaeD_eUWsx2OTNEj6ZZ77d3oIzeZQ9DhAu10Afobd0NcNrKBEQUhDlK3Orof0rVOAtCRGklXgAmsNd1bpLjjTAvxQ7hB61bOdN4m90QhKUJV0GFuHKwJnDCEk8MzwdGv1Xw4erceQSQcVi-X_ePZ6_wuLod-IoZnZAvggbSFXrNvC9x8wMm_hjFEh16EMcvHnlOwVXKZ-g3b4boT-8n86N8hcQX3Q8S8OwxNYsybYedaoWraJoc_WjKKpJpU3cEoGuvSEaHMeNdQ93epluimPfUq_tJKbzUxtALGh26v7e1fsNVFsq2rULYUGkearLvXYNVK_r8xyAzMKA1Uux32NHGxVlDL690aabg0OZeom4NbuGrrYb5Tp9y01z0NH20nsjtu5objkBax2Ey6ef5tyB8VKbkndqkhAVuM0WT3KPJJE_j5oKAn-l2aPWy8HAknVkQHZzyPIKtAvUlNstVsE0y021h4H3CJpsMTXcu3ZcLb2SJDQWUU5rdybElLgXZb5NQyOBczjZvhD93v7yr5Tk9GV0KIVb43I9FB0AIc1BBqNUF23W_kpJM4dW0K62d0yn74z5hihnP3kC-APAtGJsGGOhvVTCrH18tGHwZOTwdvgj3akqOilSyfDs6pT2jxpjDnhblcMs7lRBQIQGlmv5CUchhGgDsYzWj4ok0jyfTeFULsdmjkyVLf73vWTOpBhDPhVg7K5X_M-vcM1eGiUh025ViQva7yVN1LoM-hQToNXPUNkby4Jq624vehPRVHH9b_ptEOzbZnyqnt9fcxxERETXMgr60ntlhtLIA_RgiWqqlthZKI3FEkEwYX1vyn5j0t-WFzyNs_XYPjD1hlbBbMCHLVGdK2h7y2zqtWdQ32Woniek8pAV4AwBLRedlR70lFOz7p4Kmctuitc8QSnCF7PL_Kx0Wfbp0D9RR-iuG59k4UDlyGkTrdhanLou3h9XYoz0DHbyg_Ry6KSzngLkpQ0NTjczhgRF9kinuJZFGcqcjHaouqO7eAkZSZNEs2dsWY1MbxaIrlrqy0_WQJzRyctZM4glo9EpBMyk80peAJSDf9vlqTVrTE1FyPKnonV-51izpJWXnVjh_xsAT1f3JNk_CvOFM4H0SIxQtl2bO945-j-jISS0odzygJ_SpdnLUCgrojXSzQtYViPDyySneYfSyqh56LU-Zaqpu8FwVyMPB9hSuOhLcrA8Wn38UOSI1QRusESdhhcIO-ohu2Q-tAFU1P9qOKnzFlBFrj4NQHqaPk1mVGzXw6xL1MSc9RtCbO8w9iwXzycM1rNyLxS45rmbG4PuFepPhbcqb7M1pJ-fjeExNzsq0FgUbZNckvK0NtcCTO89vgRTheRRYaw1oXeNerWIEXrFVLVL3QYDUd_UQXifxuahVLDmtnBZ_cBqqo2RuGhM2nmiuHHz44qLha83g7xaDjM9aFdqo90PpEfXYvcNX9FeHzv48eb-JO1vIePYb0f4JuBbCJkCyjs1cFJzzbjdBl99nZHaUf5KX67W-3GFolhs7_h5v03DZW8tPpZ9xwZ-ZnWJXFP0k79pDS9JnZBQgwsRDcQc-mqOE8IpglmVIXbsZPV5aeHmWZ5T7U2J0g4xKvwDHsEGJC65NxoGL5gFyF_-Q69Q8nuYZK84nwyfy5sJO5O1rLfWthjfpQB_YkvObIWn2xZ4jsl3C_c8zAjAB3vHQQUIaNcH-26CFj_-MYe4eY35OLNHBNODQiitCNnevOtdnspMRwNitodaYkio7pUNYXxcOHdjc0d04wLdOImJHQjEePcJ9bvOgdXK8vCBj6PuvrdyoO6cR_sL4_fMmI2Hz3nq_e0bHJvx5xOKc4MsUKCYWeXp0HQF042z78Gl2Vjk5X-0WFDpWgrv1vy3cXXnMW4eYRvtnoKspQTqAmo52m6UW6_up52b3zvGEDQZ_XoUckVH1qWJLS7Pjh0N8QulxzHrGQuwoceQ_LA3kKLqrq_J0UPpQwBYB3VPkE_WvAFcIRnqyXbiop5YBH0WgNaGG2N8WXq1SQ6a3GV1SOvAw-iVCfLmxJ-5wxX2IL-YNAoojVx-PuIJzh8YS9UxRe0JGWS2mBvPzmmZPocTp8igmAxsJ06hPO-KXNDcpgq0TCUv0JVQwO-CVpSYH-P7Zgf6EUhz4KLQg5RBlY_Kay8pKBVf1DSwHLZsQ2PyNB2P-13s0hAjjAL3bTJYyiYChznS_HmrKb_BeEBlEvZVBYA9uKdUxg5uLSDlI0HRVs6vt5_RvOe7ci4daQO8yMwX0UfiolcblVnil7IvWuSvwKlGAqvzS63jUKl3zkJU3lPJS-CANpZ5L4T3p3MTjtTXwSHU4rP-ip_FAjq-fpcSVquicv-l71cQGbfyXi4rYQs3Qv8M-L1o-60sujz6JbrBO3aRdLcKtaD3aIpkuPAOC8mtGXy27289Ey9tAxamMkuEcfzj9o_HINThiWTP4REpe8vSM_8LjGA_EELuLfV0mrzVkRZMwSTuoaK_9WBbAH2XypciVfdZsnY9MA-vDmmzQ0TGNmS4wUwj_NGkbmdtXjYFvVL0Z7S91e8txndX-DyC7xZlu9-KHqa7olK3MbPu61RqV90JjJDOykKPpLup-zeIJ3Pxd7XH_SLfxN-vhOD9rqI5Y_rPmx4SWMcK0GsymylEtI9CqNsulQXX6oQzEQqv2iUZvLeWR_DqsBzdzJJjOAElgdDQy8ZxV1MncpJYE9TnejG9lPoEN4SXmcQ4d8AXJeq0uRptj7lvABXPippZTWbbob7mwlS62cvL0VBsnulLj9cq1sl3VvYnmKwakA3tQpRo3j73YEkeZ33eNXvGydErne7dX4_fy1KBIjOvOwvcnrVZ3ZJ0Ds8c1Zq65UO_PR4Qq8O5yNy-ogjf_JLWQfgHPGiIo620MMD8QT04UcvhSKspu-vd9js7iTUsJ5g5vpfTsgrrhqI3gH7TJYtk4SBGxrPFjj_rvs-OGW76cvDAJvMx4GR1K1hWFtwuFXUqEk&cid=CAASEuRocORuyfucEoYDmwrYx0-JmQ&cbvp=2

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 45F7 0
0 100ms
99ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cl1ZjCkNWYOi4GbWorAS50qaABay374FevevDsOcK3NkeEAEgquzAI2D1lc6B4ASgAfmv7ccCyAEGqQKFLjNT9g-yPuACAKgDAcgDmwSqBOwBT9C9q0w_MO_JWhMQEPbRUMzwRQ8tg7pBTvdqtLHGilNvIIQWxGvo1o5dNquizxb9nRUlFW5EH_pTVGWymZOqyl9u2i_QMM1knjbuXQ6VP9YY96A7vu52oNrZaRtGejCwetdDH2lOyZApLeRtxJmJ7ByRHbTwEfGAVP5h46zNr-VdoOb3Z4UJEDreLlexMPB2_rMNLVT91Va0MhQlrabv8HeCZernHbbjAqaR6XTQut_jFbh6s8Dyx_nwmm7PP11efiFgn5_wdcuTyYoES2gQvRqsuniNhN-PC4VVAO-3ZzrWcPYigL1GPS6ApOXABOGh0-66AuAEAZIFBAgEGAGSBQQIBRgEoAY3gAfvz5K4AagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDy0AHSCAcIgGEQARgd8ggbYWR4LXN1YnN5bi04NDI3MDk3NjA0MDMyMjE0gAoDyAsB2BMNiBQGshcaChgIABIUcHViLTgzMDk3NzM4MDg2NjEzNDY&sigh=ZFTpQdlOSHY&template_id=492&tpd=AGWhJmvaxD33m3vqvnsq5JfdDTXyqNKw8tcd4JLmEXw6ERURIA&cbvp=2&vis=1
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 45F7 0
0 101ms
99ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CjP15CkNWYOm4GbWorAS50qaABfrfkt1g0rDuyfsMj4ObgsEiEAEgquzAI2D1lc6B4ASgAdHyisIDyAEGqQJ5I_1pDvmzPuACAKgDAcgDmwSqBO4BT9Af7t7yc3w9px-gDBj6ej_tUT1TrFMjsWVLTxMqg-riEI1eCOgXqIl22eFpeee2gMIOR-VKUeZi0Own9hZhFsACHkpPu_HCiuDp22G7_8SenhrgXYGr8TvfBYvJgimeF1bprCgddBYNQW39qwUwcPqOP33GqRP_xaxV8K8Jh_QJYUGuo7GoQ3mzP_Eq_n4AoTrSU9pNYkSbsCNpvfnZJ1FhvR6K2SOVGA-BT86W2_eaXOgaMor8kxnYJD055aiZYb3l1T3QWI9yYsXQZjGQkmSI5OJEEp1jaK-M0_pEpSe3JsKMcZtCos4jZMAkt8AEybmoobED4AQBkgUECAQYAZIFBAgFGASgBjeAB5eN9T2oB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQyL8B0ggHCIBhEAEYHfIIG2FkeC1zdWJzeW4tODQyNzA5NzYwNDAzMjIxNIAKA8gLAdgTDIgUAbIXGgoYCAASFHB1Yi04MzA5NzczODA4NjYxMzQ2&sigh=sHoWx0k8gUE&template_id=492&tpd=AGWhJmubj5ePqxGcTr9qgn0mvakVmOoz15miD8lqy9bsY-Sxwg&cbvp=2&vis=1
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 45F7 0
0 102ms
100ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CkrfvCkNWYOq4GbWorAS50qaABc_M79hhuvuz-8kNmvKC4bMJEAEgquzAI2D1lc6B4ASgAaux-dICyAEGqQJ5I_1pDvmzPuACAKgDAcgDmwSqBOYBT9CtNPhJ9sAG9HYiMVPjTN7eZ6u3gKwfaFcdkSvz0SZNMaHcuNYEoVCJ1T9KUypZ9_dAwCsSCzJ2M2tvTyq0R54eirBTZQPFK269rbRtYCX2Y0JmfR-4DRLDiUrCBeBCxRUKG1a-xfe-EdWN2Da3Znn4Sx7cmIHBL3KcobpR__XqJhHp9ZX9LE1LRacYdZDv9wqvz_8KzXu61YGSx_-rzJQoxdJGnlU3zsX-s2Js2TdNAPN-Xg3rxN4dXH5cB66apDFpS28sFL5y0k4KKxAEyy6BMFiwhp-UJ6bPh8S0JdIMJaTGiGTABPSB8_zMA-AEAZIFBAgEGAGSBQQIBRgEoAY3gAfN95m9AqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBD9qQHSCAcIgGEQARgd8ggbYWR4LXN1YnN5bi04NDI3MDk3NjA0MDMyMjE0gAoDyAsB2BMNiBQCshcaChgIABIUcHViLTgzMDk3NzM4MDg2NjEzNDY&sigh=7bZ-n5Uy0qY&template_id=492&tpd=AGWhJmubH0kCwo0urlV5KoZ71EzUZ_6Xoz9Fo8iUGEzXFMu26Q&cbvp=2&vis=1
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 45F7 0
0 101ms
100ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CzodbCkNWYOu4GbWorAS50qaABb-v7ZJbua7JotoBua_klbIHEAEgquzAI2D1lc6B4ASgAf-p0t0DyAEBqQKFLjNT9g-yPuACAKgDAcgDmwSqBOgBT9CKzY0VZoALaSV4kZhG6CIVfRia72UECn6LD7jHEFnUiLixJn8BefM2WjjUC6CY5VMaRY85VatBkscCwfUEATDp8vsUzdaWWKfWef6C9wvVn7MoU84v_OdhzHi29UVoTz6WSNlDh6X0E2fF_ZfoBMoPtyL633c5Ji3Tn5D44MMzBT_Y7oWa3Nm27lsdf1dQy4TnXE-ya7S_UDujzfb6p-Zj9o6goDXQELGGmYgbNZFuiUPYfHr88rpHKJtJk0cErmN3CMq6aSsdoX79N2UyztWsmIH_LIeGdrb-KSsHA1okiR_A82seLsAEwcea-jTgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAYAH6dWtIqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDxlQHSCAcIgGEQARgd8ggbYWR4LXN1YnN5bi04NDI3MDk3NjA0MDMyMjE0gAoDyAsB2BMNshcaChgIABIUcHViLTgzMDk3NzM4MDg2NjEzNDY&sigh=inOrdE1lndg&tpd=AGWhJmtAa0wA_Tfg9mTCFuS0x8dLksR7C6SwFuKITSGv05mH0g&cbvp=2&vis=1
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 45F7 0
0 103ms
102ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CScS4CkNWYOy4GbWorAS50qaABdna3tdh-IjPlrAN3NkeEAEgquzAI2D1lc6B4ASgAYnQj_MDyAEGqQJ5I_1pDvmzPuACAKgDAcgDmwSqBOoBT9AuyIkusdzwqCU-SLuQ-yn3RR_wRy4AI2Yk-GEAxUMxLp2XXuf9HKNjx85CNCpLqKinzii1TFroym2ZjRetNXU9D84YsFYeyRy8yrHeP2q7ixei01lVu9LVFXu3Ab0k1KFmAbvmP6U8ijJV65UArr2aP0cVrb9JZmV44NjE9p455PFMuHVXZNDYQqWeAzg7RnpeBeDEq4OKTMl_W1EYFX23qNBdPqrJLFiJa-QqelQTuSMqRzQiUpybE5bQGv8WolunkjvPMcelTJ7Ywk55TZFFNuOrR8eeKuBAnNvtTXDORBKM860KQMDowASdjrn1qwPgBAGSBQQIBBgBkgUECAUYBKAGN4AH36_wDKgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBCnggHSCAcIgGEQARgd8ggbYWR4LXN1YnN5bi04NDI3MDk3NjA0MDMyMjE0gAoDyAsB2BMNiBQBshcaChgIABIUcHViLTgzMDk3NzM4MDg2NjEzNDY&sigh=eD6Veg9RrIM&template_id=492&tpd=AGWhJms3f8uLwexV6lzJoNl3MTR3_pGbq14pEDXE5WuNY-HSqw&cbvp=2&vis=1
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 45F7 0
0 102ms
100ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CrKiuCkNWYO24GbWorAS50qaABeLqx_1d5pzSkIYG9MK1q64BEAEgquzAI2D1lc6B4ASgAdi1ov8DyAEGqQJ5I_1pDvmzPuACAKgDAcgDmwSqBOMBT9ApQtN73UNcU37E4MSaLsaPEQVgX2psxPQ1Mpk7sp0B43OI_TU_RLn3wO6k6ys_46d9GY3rTAyOW67fsbhhmdbvHjGklfAw28eUsGVWE6e6IalHMVKz4tKL1HLHzfbSEdR6A0chaQneJGxnSAltdPmE7O_OrZ3L2xpIZ39XyGvZwQ2WJ1WNB3FK398MV6BwXgkUm2jypqaQxmfomJIBmJTcWls134H9to9Cnp9YQ_fgxliebCk-Orrte6oPlYfLnhz2_hrotZQlDWX9YDuJ_HGR7EuLGJvt0FZ9KhSqy4XUf9jABMTDqONN4AQBkgUECAQYAZIFBAgFGASgBjeAB5DKXagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBCokgHSCAcIgGEQARgd8ggbYWR4LXN1YnN5bi04NDI3MDk3NjA0MDMyMjE0gAoDyAsB2BMNiBQBshcaChgIABIUcHViLTgzMDk3NzM4MDg2NjEzNDY&sigh=vjtMb5Pb3RI&template_id=492&tpd=AGWhJmv50zcs60GErrDZGq5ACQ9lIU23NQbC1sRKR9hTMNpoxQ&cbvp=2&vis=1
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 45F7 0
0 102ms
101ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CkWb5CkNWYO64GbWorAS50qaABdSwz-VhsNGkmeANitGj7b4BEAEgquzAI2D1lc6B4ASgAdrQt9UDyAEGqQKFLjNT9g-yPuACAKgDAcgDmwSqBO4BT9CMV50dIvvodAC1RHYr9xZ1YnPiQ1VKPbeAayACBUsHi9MyaVzhQsZI6LYOFDPN87ER7yEpzc7Ph_etemAIcKi_rwtKxcZ-Bg_qqU-Yr4s0Yxh-bMEueoigusULOcuEqoo4K05gX6wMOhAjDHRjjUnjx1XVi7SAan2AMjZpPAIdNfhdE9QIEyiRr3oCVbXo3EUbHMPdduFWb1j-Dh-QCTmsRgEeem56BE8RAK-kdoIsInhPYdI9hPNREnkNi1WvS0BmeJ0rTL09YFqgpHpgU0NOXMlKMUlKWlGzN5vkzwUoMqmzc16gkyojhoWmRMAEmciotrkD4AQBkgUECAQYAZIFBAgFGASgBjeAB46vyCqoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQypgB0ggHCIBhEAEYHfIIG2FkeC1zdWJzeW4tODQyNzA5NzYwNDAzMjIxNIAKA8gLAdgTDbIXGgoYCAASFHB1Yi04MzA5NzczODA4NjYxMzQ2&sigh=6u2unjR67vk&template_id=492&tpd=AGWhJmu8JzmCzGd5n9NDW4mEEGoe3xHY10J5d8YhAt-WX_RNiA&cbvp=2&vis=1
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 57FD 1 KB
754 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 20 Mar 2021 16:59:40 GMT
expires: Sun, 21 Mar 2021 16:59:40 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 6416
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame C466 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bdfe3ac0041f79d8df7f6b398345449b734829f9c198bb922fd4a71a191c1049

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 3AA8
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEIHhr1L9OTH0aNvRVkA4VX8&google_cver=1&google_push=AQvitUL1ibsEcmNrriJZCSRXSd3AzOkYrL8n3TP5hfJJVeHhB5kvcyx1FwwpT8uLyejffKaLswpKw8ePnap87rTIfhqSqyWe-R8
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=REpEVk9BT1VBUkc1OXVpcURFTldZQQ%3D%3D&google_push=AQvitUL1ibsEcmNrriJZCSRXSd3AzOkYrL8n3TP5hfJJVeHhB5kvcyx1FwwpT8uLyejffKaLswpKw8ePnap87...

170 B
190 B

59ms
58ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=REpEVk9BT1VBUkc1OXVpcURFTldZQQ%3D%3D&google_push=AQvitUL1ibsEcmNrriJZCSRXSd3AzOkYrL8n3TP5hfJJVeHhB5kvcyx1FwwpT8uLyejffKaLswpKw8ePnap87rTIfhqSqyWe-R8

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=REpEVk9BT1VBUkc1OXVpcURFTldZQQ%3D%3D&google_push=AQvitUL1ibsEcmNrriJZCSRXSd3AzOkYrL8n3TP5hfJJVeHhB5kvcyx1FwwpT8uLyejffKaLswpKw8ePnap87rTIfhqSqyWe-R8
date: Sat, 20 Mar 2021 18:46:36 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 242
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H/1.1 200
OK us.php
c.eu1.dyntrk.com/adx/ga/ Frame 3AA8 0
215 B 74ms
73ms Image
text/plain 51.178.20.139
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEC1UZEf4p1NLSDEm42spTNU&google_cver=1&google_push=AQvitUJuddH7qpKFS9Mc4HB9F2GCjk02eo8JEIfsy-upFzkl5E1UBuUK-xrTbluA0l_QFElwBBeNFu_4HnOkvwfBM-e_awZOkUw
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.20.139 , France, ASN16276 (OVH, FR),
Reverse DNS: proxy0393.eu3.dynfactory.com
Software: proxy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate, no-transform
x-rc: 10
server: proxy
content-length: 0
content-type: text/plain

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 3AA8
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMaUlQaLdkQE6uV1pWVAO08&google_cver=1&google_push=AQvitULWhU34De4Bh4g1V8l8yqXKdDgJI8rv0zDa-mxnrGgotkPtkWGQ4CyjXhpqanlZgQMPkn3neTggCxthSWEQzdO_0-f...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULWhU34De4Bh4g1V8l8yqXKdDgJI8rv0zDa-mxnrGgotkPtkWGQ4CyjXhpqanlZgQMPkn3neTggCxthSWEQzdO_0-f_1jg&google_hm=NzM5OTAzNjY5MDA1NzE3NTE...

170 B
190 B

64ms
64ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULWhU34De4Bh4g1V8l8yqXKdDgJI8rv0zDa-mxnrGgotkPtkWGQ4CyjXhpqanlZgQMPkn3neTggCxthSWEQzdO_0-f_1jg&google_hm=NzM5OTAzNjY5MDA1NzE3NTEwOQ%3D%3D

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 20 Mar 2021 18:46:36 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULWhU34De4Bh4g1V8l8yqXKdDgJI8rv0zDa-mxnrGgotkPtkWGQ4CyjXhpqanlZgQMPkn3neTggCxthSWEQzdO_0-f_1jg&google_hm=NzM5OTAzNjY5MDA1NzE3NTEwOQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 3AA8
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=7OvZBoIVTPuGnWe2PLopqg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
190 B

58ms
57ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=7OvZBoIVTPuGnWe2PLopqg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJTKYwrUeyjNwqqV2o1zbIvtS1f-cPUz3NWNNSQvM2DpP58bCbI_2dMXyBeTNgmkUto6O2Cd5jKyFbnA_kGpWqesEkG9hU

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=7OvZBoIVTPuGnWe2PLopqg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJTKYwrUeyjNwqqV2o1zbIvtS1f-cPUz3NWNNSQvM2DpP58bCbI_2dMXyBeTNgmkUto6O2Cd5jKyFbnA_kGpWqesEkG9hU
Date: Sat, 20 Mar 2021 18:46:34 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1

204
No Content

pub
cs.chocolateplatform.com/ Frame 3AA8
Redirect Chain

https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEKISelvT7Qq6RA4PMHOB-Vw&google_cver=1&google_push=AQvitUJmzBBmv99ERnIweKqx1cAXP8aJK2bFh9IrewM0MaqZlUICd6VbA9ZkBOr1EgLdCschPpwCnppogfqfrT...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=RzZUaHMwRFUxcQ==
https://cs.chocolateplatform.com/pub?pid=ebda

0
116 B

218ms
136ms

Image
text/plain

34.196.174.57
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.chocolateplatform.com/pub?pid=ebda
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.174.57 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-174-57.compute-1.amazonaws.com
Software: openresty/1.11.2.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Date: Sat, 20 Mar 2021 18:46:39 GMT
Server: openresty/1.11.2.4

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:39 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cs.chocolateplatform.com/pub?pid=ebda
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 242
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 3AA8
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE_JdtZ5CG66D_Ud-UnRKhA&google_cver=1&google_push=AQvitUKDT6AmLF5-MlFtW_Jqz2i9TDwTP0QSL_fqBqv1keiEZpJlaRAU...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE_JdtZ5CG66D_Ud-UnRKhA&google_cver=1&google_push=AQvitUKDT6AmLF5-MlFtW_Jqz2i9TDwTP0QSL_fqBqv1keiEZpJlaRAU...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE_JdtZ5CG66D_Ud-UnRKhA&google_cver=1&google_push=AQvitUKDT6AmLF5-MlFtW_Jqz2i9TDwTP0QSL_fqBqv1keiEZpJlaR...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA5OTViMjcyYS04OWFjLTExZWItYTA2Zi0wMmMyZTcxNzcwNzQ%3D&google_push=AQvitUKDT6AmLF5-MlFtW_Jqz2i9TDwTP0QSL_fqBqv1keiEZpJlaRAUMEyj71sLpV...

170 B
190 B

65ms
65ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA5OTViMjcyYS04OWFjLTExZWItYTA2Zi0wMmMyZTcxNzcwNzQ%3D&google_push=AQvitUKDT6AmLF5-MlFtW_Jqz2i9TDwTP0QSL_fqBqv1keiEZpJlaRAUMEyj71sLpVT0Yens3wZ8LVuJQO7ujqQIafz_QO-NaRbb

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA5OTViMjcyYS04OWFjLTExZWItYTA2Zi0wMmMyZTcxNzcwNzQ%3D&google_push=AQvitUKDT6AmLF5-MlFtW_Jqz2i9TDwTP0QSL_fqBqv1keiEZpJlaRAUMEyj71sLpVT0Yens3wZ8LVuJQO7ujqQIafz_QO-NaRbb
Connection: keep-alive
Content-Length: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 3AA8
Redirect Chain

https://google.ops.beeline.ru/p?ssp=gl&google_gid=CAESELDYP7bim8v0NS44P1VGQoY&google_cver=1&google_push=AQvitUJ2OJ5NfIZp-V-VPmsswcLtrrgkqbYfubW72a3QMSbY-93W0dCSVlHOluUyE_2cAzDFhZvj35IJpvn1q91PZkCOW...
https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=Y2EyODg0OWItZmQxNi00Zjc3LTg1OTctYTgxY2NjODU3NDU5&google_push=AQvitUJ2OJ5NfIZp-V-VPmsswcLtrrgkqbYfubW72a3QMSbY-93W0dCSVlHOluUyE...

170 B
190 B

70ms
69ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=Y2EyODg0OWItZmQxNi00Zjc3LTg1OTctYTgxY2NjODU3NDU5&google_push=AQvitUJ2OJ5NfIZp-V-VPmsswcLtrrgkqbYfubW72a3QMSbY-93W0dCSVlHOluUyE_2cAzDFhZvj35IJpvn1q91PZkCOWRCUYT0

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 20 Mar 2021 18:46:36 GMT
x-route: http://upstream_cookiesync
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=Y2EyODg0OWItZmQxNi00Zjc3LTg1OTctYTgxY2NjODU3NDU5&google_push=AQvitUJ2OJ5NfIZp-V-VPmsswcLtrrgkqbYfubW72a3QMSbY-93W0dCSVlHOluUyE_2cAzDFhZvj35IJpvn1q91PZkCOWRCUYT0
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS, GET, HEAD, POST, OPTIONS, PUT, DELETE
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true, true
x-host: 192.168.152.38
access-control-allow-headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 3AA8 0
16 B 67ms
66ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KbeOZCMRx_obDtZ-cdhMqq8b27Dgh1nIj_6D66GHpgJaARUX2zVlAvA0iw164fZj5U8dRGnKo

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK submit
b53.s407.meetrics.net/bb-mx/ Frame DC94 43 B
291 B 233ms
81ms Image
image/gif 136.243.5.16
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b53.s407.meetrics.net/bb-mx/submit?/4C5eBeAAA/whFtBo0F0wFz6BvvAzjEzxAm3Bw3A0kEwlE1hExjEkyBiwB22A5xAy2A3zAz4Aj4BuzEhmFlmFyhFtlFunEvvFnsFlzF5uFkpFjhF0pFvuFujEvtFvzEhmFlmFyhFtlFvxAtwAtzA3vAo0FtsFvjEvuF0hFpuFlyFuoE0tFsBF2pyFo0F0wFz6BvvAz1FiqFljF0uBjvFtuB1hFvBE+k2FoywAywAtwA5tAy5AtxAz6A11At4A32AwzAwtAyuAxyAwuA0tAymEz0A32Az3Aip6Ft2AwBEsp3Fx2Ax2Ay2A15A51Ax2AxBEjwtFuvFulFkqnFluFtVETBFL2wFBLl1FCp2iFuvFfwFs1FnpFuzF/2xFZCylFx1FlzF0mF1sFszFjyFllFugBm1FssFzjFylFluFluFhiFslFkgB3pFukFv3Ff3FliFrpF0zF0vFyhFnlFpuFmvFg3EpuFkvF3fF3lFirFp0FjhFujFlsFhuFptFh0FpvFumFyhFtlFg3EpuFkvF3fF3lFirFp0FylFx1FlzF0hFupFthF0pFvuFmyFhtFlgBjzFzfF3lFirFp0FgjEw1FfxB2gAyhFtfF4BELlnFB/k0F9BxgAwqFpkF94A32AwzAwmAhkFj9B5wA43A1xAxmAjwFpkF9yA1wA1wA55A1mAwsFhjFl9By4A52A3xA5yAwmAhwFi9Bz1A14At0AtwAtxAxmAzpF0lF91AxzA3wA30AmjEpkF90A42Aw4A25A33AmzEp6Fl9BzwAw4Ey1AwmAjiF9zAw5A0yAx5A13A3BEUkzFpBFAAAAAAsE6D6DAPAAAAAAAAAOAAAAGAAAAAAsE6D6DABPVAAAAAAAAB6KHAZGAAFAx8Ez8ExBEFAy5Az3AwBErcjrAPAAAFAA6KHTcjrASksFjGgAAAAAAAAAAAAEAAA6KHAAAAAAAIAy1Aw1Aw5A51AJAy4A52A3xA5yAwBEHA1xAz3Aw3A0BEHAzwAw4Ey1AwBEJA04A2wA42A53A3BEHA5wA43A1xAxBEAAAAAAAALAz1A14At0AtwAtxAxBEdAAAAAAsEA6DAFAAAcjrAAARCo0F0wFz6BvvAzwBuyAtkFuuBulF0vBhkFzvBypFjoFtlFkpFhvBz0F1kFpvFvwE2yBv2Ax2A2wA0yAwvAywAywAxyAx4Aw5AwyAz5A51AwvApuFklF4uBo0FtsF/lE92A5mAslFm0FPmFmzFl0F9wAm0EvwFPmFmzFl0F9wAmjE93ArWFwQFyuEMrFmmB09BxmAylFukFlyFpuFnUF5wFl9ByBECANSFAAAAAAAAAAAAAAGAJGFSBFNFFQtjF6oRoWA
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 136.243.5.16 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: nginx
Content-Type: image/gif
Cache-control: no-cache,no-store,must-revalidate
Connection: keep-alive
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:35 GMT

GET
H/1.1 200
OK data
b53.s407.meetrics.net/ Frame DC94 43 B
308 B 311ms
78ms Image
image/gif 136.243.5.16
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b53.s407.meetrics.net/data?/4C5eCfAAATkzFuZCAAFAx8E18E5BEFAy5Az3AwBEru1yAPAAAFAA6KHTu1yASksF/HdAAAAAAsEA6DAFAAAu1yAAAyEkhF0hF6pEthFnlFvwEunF7iEhzFl2B0sApWFCPFS3FwLEHnFvBFBBFBOFTVFoFFVnFBBFBDFzBFBBFBXFCBFNBFBBFDyFszBpBFBBFBBFCsFCNFWFFVBFBBFErBBjFpXFtaF6XFBBFBBFBuFSTFUsFNBFBwFpkFyCFRBFBBFC4BTVFSCFWCFqUFiaFFCFEvFBnFEBFP3BIvBUvByxBYXFNxFwoFVYFIoFHEFjBF3sEHLFvvErNF3GEtDFL5FhyF4oFhJFIwFyKE25E44ANtFrVF22FTxB02FjlFxpEZuFrQElHFriFxJEGNFODFLzFKOFh0BIvF2iF2VFl6FH3F16FPJFVvBw0BjEFvPF3zA3HEoPFIzF0pE10EwBFJrBK5FphF3vFllFH4BxUFzIFxzA5MFqMF2QEW5BI4Bp1BCjFvrEONFaIFBBFBBFBFFsGFUrFT1FRtFDDFCANSFAAAAAAAAAAAAAADAEJFWBFQtjFu/E/SA
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 136.243.5.16 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Cache-control: no-cache,no-store,must-revalidate
Connection: keep-alive
Expires: Sat, 20-Mar-21 18:46:35 GMT

GET
H/1.1 200
OK data
b53.s407.meetrics.net/ Frame DC94 43 B
308 B 382ms
70ms Image
image/gif 136.243.5.16
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b53.s407.meetrics.net/data?/4C5eDgAAAl2yFuvFfhFwpFLktFDTkzFARksFAQtjFfdVNSA
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 136.243.5.16 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Cache-control: no-cache,no-store,must-revalidate
Connection: keep-alive
Expires: Sat, 20-Mar-21 18:46:35 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 090C 43 B
216 B 436ms
136ms Image
image/gif 34.206.10.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=9f680a74-af9e-2e7f-b844-e26d23bdd2b1&tv=%7Bc:7qTJaH,pingTime:-2,time:799,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:533,beZ:534,mfA:1081,cmA:1083,inA:1083,inZ:1088,prA:1088,prZ:1103,si:1110,poA:1111,poZ:1121,cmZ:1121,mfZ:1121,loA:1155,loZ:1157,ltA:1331,ltZ:1331%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:l,w:160,h:600,t:576%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:0,n:799,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:576,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:-1,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B247~1%5D,as:%5B247~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:jload,dtt:0,fm:sse3p08+11%7C12%7C13%7C14%7C15%7C16%7C171%7C172%7C18%7C191%7C192%7C193%7C1a%7C1b1%7C1c%7C1d1%7C1d2%7C1d3%7C1d4%7C1e1%7C1e2%7C1e3%7C1e41%7C1f*.925113%7C1f1%7C1f2%7C1f3%7C1f4%7C1g1%7C1h1%7C1h2%7C1h3%7C1h4%7C1i1%7C1j1,idMap:1f*,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:220,readyFired:true%7D&br=u
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.10.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
x-server-name: dt35.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
BLOB 200
OK aeb7fc44-725a-4e0f-b898-a2ccad3865b3
https://s0.2mdn.net/ Frame 4D3D 24 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://s0.2mdn.net/aeb7fc44-725a-4e0f-b898-a2ccad3865b3
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a58d4b9efe9392e21622aac0f89ac0a68bd6a6515711154e6ca17ec3ee0d7e20

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 25047
Content-Type: image/jpeg

GET
H/1.1

206
Partial Content

file.mp4
r2---sn-4g5e6nle.c.2mdn.net/videoplayback/id/58437fe2e062ef93/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3752758121/sparams/acao,expire,id,ip,ipb... Frame 6569
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/58437fe2e062ef93/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3752758121/sparams/id,itag,source,ratebypass,m...
https://r2---sn-4g5e6nle.c.2mdn.net/videoplayback/id/58437fe2e062ef93/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3752758121/sparams/acao,expire,i...

405 KB
405 KB

62ms
43ms

Media
video/mp4

2a00:1450:4001:50::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5e6nle.c.2mdn.net/videoplayback/id/58437fe2e062ef93/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3752758121/sparams/acao,expire,id,ip,ipbits,itag,mh,mime,mip,mm,mn,ms,mv,mvi,pl,ratebypass,source/signature/63EC50458C7458C449F4AF0889045D71A60DB805.679223396E78689FF5780C06970DC16297F1B00F/key/cms1/cms_redirect/yes/mh/nc/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nle/ms/onc/mt/1616265630/mv/m/mvi/2/pl/47/file/file.mp4

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61660420/20201218090239950/index.html?e=69&leftOffset=0&topOffset=0&c=7kVpP2nLkf&t=1&renderingType=2

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:50::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

3776be5a1848c9c4bebc3684fd7a0ff143a2161993bab39ad9619c6357d2a8ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:36 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Sep 2020 07:03:23 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-414622/414623
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 414623
Expires: Sat, 20 Mar 2021 18:46:36 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r2---sn-4g5e6nle.c.2mdn.net/videoplayback/id/58437fe2e062ef93/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3752758121/sparams/acao,expire,id,ip,ipbits,itag,mh,mime,mip,mm,mn,ms,mv,mvi,pl,ratebypass,source/signature/63EC50458C7458C449F4AF0889045D71A60DB805.679223396E78689FF5780C06970DC16297F1B00F/key/cms1/cms_redirect/yes/mh/nc/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nle/ms/onc/mt/1616265630/mv/m/mvi/2/pl/47/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 681
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 48BE 40 KB
19 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CsX5xOCKC18Xp2oLHDbKGfn-YElXxIYb7kCKqESvX1rKhJPT4MXJ9HNfYV2JfMGRRadFaaKyHjS9efz8hYxj6dvB8Bq4lGeKJUGIxvIG272pqkYnKrEdIfuZp7HQiKgUfSMYdbakixlESsgB7ThPTg6ijrtA&dbm_d=AKAmf-CSG4T1Kr-bGik8HsmKn7HHy-IR9M6_XG9cctYA0KRgiHfnu_0_rZ_y5rYlMn_yQnp8bidhGXC6saMCV29xc5Q8rY7r0WjwLKsCtxlHzCKvxdWzdaey4dSya0nt1XLQ9W4c8x735DxOeTej4qOInIPixulTdZB1WnoYoioQLcpvSHy1pH6RFDKdOv_4I1LuMH9wqdWBi7ytUPNbcWE0s0VGRiwUIFeiFp9UWM8mlSgR3DSKyybGtFB2Gd13Rp4r4wwM6VFWX8A8ywgCtyMqtTS-4kaU7CCpIBwvA1KuOvxquKyZZsFpDXSsopBt1J-v8UIaPMgfn9-DcxXtQ-aMCvLmiIfo0LbZAoLQ5hKlODd2MEc2hU98uHQSMe428bg6ks5LdJ36Zw1pvIiXfdAsogZh9NUBBbiN81HVOVzt5KxIyApyrneedjb1vTAocL3fVioFduDDMGGf8tK6-mEKmtWsPZDQzsuV17bN3d4Ep_rcfofmAhszO00KYM0PUEXFHzncB0ZiR8AVntnGUEtNuZttYb51gpvegK-QpHtj8gLDlQ3SPuy2ndO2-hrtlbFrIPG6KmQX-iKan3cHubvSJHFMwpei1vhJ_zuCw685vr_RTUnEhR04j2gECBZv7SBW6L-SYGspHgnU6ez2sRMfRTulpC7JcY3S1NwmJrBrCJx-JuXYjev7-Z6Z6tvgzKfkwmd_1__jSqmyEmsNGoe_76nvX6dtGFKyb83k5rEKOhldD2PG2Vu5DAFrm-Z49-Qxn_nBPXjGDHA61sN-u4VDy3YHimXMMyeNzqqfgScF0in0PkQxEtvtEIaY5JTo_ycqFke3AEi7xexUPhDAaGKpwuh1-fLqF7gWijZc0eJNBUCoH2mndxwAXm9SZO-9xnPOrVvIV5Z0k3wijAVL-Mowartb2aJWfE_GHLdlM7XI4wycpbHCqeoqyFzkwhoDkGqMwGqQV42gt8R5rtepKP4BNsTJkYnCP91tgYj4kJ3rAPhT_vg17jwW7H6KEwSaKFhwnYUZnwCZixB6bZ4LlOoMTDD1RHHKwzGamtU0RB6WsGLAPy4tL0dYOLxnli0-DThuT1eL1eHELTdJ5R600hPQcM2x_XawjVKBi8G_3SGlffq_TteelJCfzRAbhDVxZ19xFfbMJDaUjwuFb5BPzTNS9-Yk7L11nu6TWj_e2naIN1-FDgszvgx6fXxy3ADDcMra6rmqPMOzPTOiesXkW99l0eYBXZ6md3rnqYWtHyNc6LpMOi6jvIYHTisLGbrA5USIVrdR-4A4kxtcTYX6PczUZRY2UKa6d0MfIbjflR7jjp26W2Bl6s2vbkcMv_yOsjEKG_aPLuP5q6BFEBXzZt81CN9goBFcXcE5FENTpKdigCH5tY9JWyagFqyHBfErKRnTfL2vBH1qcoPdl_uzWjuSIoJiT9w0dAQ46GuvTgo92GeVgjAlD4pPfs_pbQuMUzJAFHZXoeJPOzR72wa4O8UVcmJf7nMMTaCFwaelSZ2Swnhisc9Xu9P294HsCpGsut8VWLgfJGkIyx6fFo5GgYvAkAAa0jxTBLDvVMhtaAVmn0v8iT3DpijOY0QmEZO1hO1n1GoQnlC0YZxk9q4TqHapl539XKrHtoGUcHInPXC913VblIynGbO6PSY20y_N7Z9yKUflumGvuQRaZxLy-VwqQlZCYaoRWD59V01DlMbSEx9SRc1gk7dTmipiI74n2y05dnKOyx5vIe4wjO0-GmEE_rim6kP5XpTFN2w-DDYX7noiM4MOBfpKMxYU0EGvXLOLinaIrMJjOfy2gFakILz7HYoUSm6npVqgGZSBDgrBq_nyAHrbKj02DBWzdzXj488iJYWaebzNW0xSaiQGvbiH6UdAV_WjeGpw2DgT99Zb19yUQ2ojy7cyFuAGRC5LAwbvJo5oz-hfUiZuH70W60iLWtA_1CESq8ykv4CxwNh8t8SafxwuQz9dmzaGWDIPhb-NmGkK-dEAzOh0Bd9oNaxnejeLpRFrLqekSkUdowJWhoyML9N0ATy0HTaoGpCKUXrB_EGX1RKbD80utNI-MGxCJAeQTFUe5J6a-HrM0JzouKfB477aaclRH5uEc6uWpzOpn18x5i6QljeLaMaDgpz1RWM6zOIxVQvvdgIpvTdwSLKbFzcz_tH4FCHsCzdGeMTtq459X5uNh6pfs0pq_31ZXEmdz2TZkDiy-6TyRcrMzyL5VtXZLKnl44WEWAljg6YjtYhwegjSA5tWxxc8Cm333ptrTVu6As-w0Im6yDWt-kuugDYdZ5vlhgbCNgY_u_kKM04RdBT8qTA5e6i6GGp74CsR1CE3_w57eJyt0qBpVfOATWT6cnoWFK6UN2JRPwNuoxUqirRSaBbVNdP0czV_iFxBbncLw8A4o1q-V4XPls8b-vANWN7v0MYmZ-hRvxAe4g-IuUi5vWBZcNvoM89CjceeQkCQ1R8xnyGyFxT53MSoZCy8W07RIRZMrX9cOfhxE23NQIF6XTDcJcn07qLrUgfmSvwKZeLcopVW4HOjId-aZsfV_HNXVcCo3z_DlutIZEW7ry-nuyuAjuj_pliLB0bCCzOsNOeQiCc6hHGskXk3DyZhNamPMcWDGC1HbHCjEe3FJfBSV3H7uP5cd4mpHrNjaOMT3uLwh3clwiX_AmE_KEst1WNNT3oBJoC_LdlNfUKmcYb0wAVY1yes7DedOfKJkL7ZiMRjKD0p0PpaI-9JJu8PzN1kc5HCdvT2mj_Lk46B929may3IeRipw14xKDjyMXqPFkLfHplW1bo3pTeCDIT_1IgqP3lRDNd8YSWbeg_zmFGAtRpuMEC5OjoYVip7YV5lh9WxNtoRWTEMF7bmV_GunHRkXHfYZ6xIbGsE9gz3qnkSj927c04mUlw-Rr7ABwb03Iq6D_zNRcTXPS5rWEQKG_lerlwf00PMSbnJ0L6HRIxnf1ol8TUrN96KJD7908p9x_0P86RQK3swsXUxtFAHuOVlk75MkdvHz9K8SreTRpLholrnuNkrMk0lX8JoBdIc8whF-pI8z8gfiVUDTMJXQiG6Vtiec6ZpByJMnwIAZJ05bFq89kpZ2FdU2fN9AADl9GMZOBIGrC4-0W8UCSwzHby3_-SjLkRgkYgEsMA7MTbeQfkgydQ8fi_-sfORkTKuZEv35iAhgu2CkdyxW8JhAbX_r6c3YiXREXeaaq52SJSUIQwyFepOyVSYI7yVsriTfkImJZeU1ym-klh4-CBPX-5smSbUwRK4A42aXVusALvWJUF5TFmfLgrKp-zX0Ax5la7AmahpS7LA6x-Q5zIUWO6y53xpV-WGP7hI6X3_QrY0Mv3Rd2M8HumnhegStdbOf3cpckycAVIMzBZWjJEpS4wi-NGY9g06yyajFF40qUylglGCtaM3nzGp0dGBzPeLTIFYyIlMmxJPiXjUYozD2R4v4QFO8rsDj3bLspXrCqTw79qxRsOvuj_HnMitVliMZ2iCxZNU4iPs2IdRmcJcH3FN7erhmcdO2TnGKWcZUGnH&cid=CAASEuRoVVdQYeyhvmrXwBTIqi3udw&rfl=1%2Chttps%253A%252F%252Fsubject.com.ua%252F%240

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7e7c5651b7daf1f470d93b444c108577c992a55b12cf9b6c2b39e1aca6020f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19568
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 pixel
cm.g.doubleclick.net/ Frame 2E0D 170 B
190 B 76ms
75ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQx7uPARiO-d2WATAB&v=APEucNW9DoWC4mns-o8nJSkc3z18v4jYixTQCRAnkX3WmdPUwLxtdw7e4BGPtYfRvIytVGH4FS4vRP8gPg4xcz80T0MyJX8Gsw

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2E0D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1

43 B
894 B

52ms
52ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQx7uPARiO-d2WATAB&v=APEucNW9DoWC4mns-o8nJSkc3z18v4jYixTQCRAnkX3WmdPUwLxtdw7e4BGPtYfRvIytVGH4FS4vRP8gPg4xcz80T0MyJX8Gsw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:36 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2E0D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFZDCiR1UnH4-BHqPlI-UwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1

43 B
894 B

56ms
56ms

Image
image/gif

104.75.89.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXlgQEQx7uPARiO-d2WATAB&v=APEucNW9DoWC4mns-o8nJSkc3z18v4jYixTQCRAnkX3WmdPUwLxtdw7e4BGPtYfRvIytVGH4FS4vRP8gPg4xcz80T0MyJX8Gsw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.89.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 20 Mar 2021 18:46:36 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFegFx2iABmzlsZO-tH53Pc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
242 B 153ms
153ms XHR
text/html 144.217.66.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.66.206 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns535844.ip-144-217-66.net
Software: nginx/1.19.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: nginx/1.19.2
Connection: keep-alive
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
146 B 15ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=subject.com.ua

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 16ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=subject.com.ua

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H/1.1 200
OK data
b53.s407.meetrics.net/ Frame DC94 43 B
308 B 182ms
52ms Image
image/gif 136.243.5.16
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b53.s407.meetrics.net/data?/4C5eEbEAA1rvFo0F0wFz6BvvAz1FiqFljF0uBjvFtuB1hFLruFBLkqFFlqwF43A2wAzwAOprF+3VDOqwF+3VDlqwF43A2wAzwALkmFBTkzFkQvDAAAAsEAYAAAANEAQAAAAAA6DAXAAAANEARksFAQtjFerhQSA
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 136.243.5.16 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Cache-control: no-cache,no-store,must-revalidate
Connection: keep-alive
Expires: Sat, 20-Mar-21 18:46:35 GMT

GET
H3-Q050 200 de_CH_imageanimation_D_EU_Lantern_160x600.js Show response
s0.2mdn.net/creatives/assets/2987685/ Frame 4D3D 36 KB
21 KB 41ms
40ms XHR
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2987685/de_CH_imageanimation_D_EU_Lantern_160x600.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_CH_polite.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a57b06f182e42103335b3ca74fdb6133fb9140935a3bf432fa833ae1ebec3a01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With: XMLHttpRequest

Response headers

date: Sat, 20 Mar 2021 18:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21329
x-xss-protection: 0
last-modified: Thu, 19 Sep 2019 05:15:43 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Mar 2021 19:01:36 GMT

GET
H3-Q050 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame 48BE 21 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CsX5xOCKC18Xp2oLHDbKGfn-YElXxIYb7kCKqESvX1rKhJPT4MXJ9HNfYV2JfMGRRadFaaKyHjS9efz8hYxj6dvB8Bq4lGeKJUGIxvIG272pqkYnKrEdIfuZp7HQiKgUfSMYdbakixlESsgB7ThPTg6ijrtA&dbm_d=AKAmf-CSG4T1Kr-bGik8HsmKn7HHy-IR9M6_XG9cctYA0KRgiHfnu_0_rZ_y5rYlMn_yQnp8bidhGXC6saMCV29xc5Q8rY7r0WjwLKsCtxlHzCKvxdWzdaey4dSya0nt1XLQ9W4c8x735DxOeTej4qOInIPixulTdZB1WnoYoioQLcpvSHy1pH6RFDKdOv_4I1LuMH9wqdWBi7ytUPNbcWE0s0VGRiwUIFeiFp9UWM8mlSgR3DSKyybGtFB2Gd13Rp4r4wwM6VFWX8A8ywgCtyMqtTS-4kaU7CCpIBwvA1KuOvxquKyZZsFpDXSsopBt1J-v8UIaPMgfn9-DcxXtQ-aMCvLmiIfo0LbZAoLQ5hKlODd2MEc2hU98uHQSMe428bg6ks5LdJ36Zw1pvIiXfdAsogZh9NUBBbiN81HVOVzt5KxIyApyrneedjb1vTAocL3fVioFduDDMGGf8tK6-mEKmtWsPZDQzsuV17bN3d4Ep_rcfofmAhszO00KYM0PUEXFHzncB0ZiR8AVntnGUEtNuZttYb51gpvegK-QpHtj8gLDlQ3SPuy2ndO2-hrtlbFrIPG6KmQX-iKan3cHubvSJHFMwpei1vhJ_zuCw685vr_RTUnEhR04j2gECBZv7SBW6L-SYGspHgnU6ez2sRMfRTulpC7JcY3S1NwmJrBrCJx-JuXYjev7-Z6Z6tvgzKfkwmd_1__jSqmyEmsNGoe_76nvX6dtGFKyb83k5rEKOhldD2PG2Vu5DAFrm-Z49-Qxn_nBPXjGDHA61sN-u4VDy3YHimXMMyeNzqqfgScF0in0PkQxEtvtEIaY5JTo_ycqFke3AEi7xexUPhDAaGKpwuh1-fLqF7gWijZc0eJNBUCoH2mndxwAXm9SZO-9xnPOrVvIV5Z0k3wijAVL-Mowartb2aJWfE_GHLdlM7XI4wycpbHCqeoqyFzkwhoDkGqMwGqQV42gt8R5rtepKP4BNsTJkYnCP91tgYj4kJ3rAPhT_vg17jwW7H6KEwSaKFhwnYUZnwCZixB6bZ4LlOoMTDD1RHHKwzGamtU0RB6WsGLAPy4tL0dYOLxnli0-DThuT1eL1eHELTdJ5R600hPQcM2x_XawjVKBi8G_3SGlffq_TteelJCfzRAbhDVxZ19xFfbMJDaUjwuFb5BPzTNS9-Yk7L11nu6TWj_e2naIN1-FDgszvgx6fXxy3ADDcMra6rmqPMOzPTOiesXkW99l0eYBXZ6md3rnqYWtHyNc6LpMOi6jvIYHTisLGbrA5USIVrdR-4A4kxtcTYX6PczUZRY2UKa6d0MfIbjflR7jjp26W2Bl6s2vbkcMv_yOsjEKG_aPLuP5q6BFEBXzZt81CN9goBFcXcE5FENTpKdigCH5tY9JWyagFqyHBfErKRnTfL2vBH1qcoPdl_uzWjuSIoJiT9w0dAQ46GuvTgo92GeVgjAlD4pPfs_pbQuMUzJAFHZXoeJPOzR72wa4O8UVcmJf7nMMTaCFwaelSZ2Swnhisc9Xu9P294HsCpGsut8VWLgfJGkIyx6fFo5GgYvAkAAa0jxTBLDvVMhtaAVmn0v8iT3DpijOY0QmEZO1hO1n1GoQnlC0YZxk9q4TqHapl539XKrHtoGUcHInPXC913VblIynGbO6PSY20y_N7Z9yKUflumGvuQRaZxLy-VwqQlZCYaoRWD59V01DlMbSEx9SRc1gk7dTmipiI74n2y05dnKOyx5vIe4wjO0-GmEE_rim6kP5XpTFN2w-DDYX7noiM4MOBfpKMxYU0EGvXLOLinaIrMJjOfy2gFakILz7HYoUSm6npVqgGZSBDgrBq_nyAHrbKj02DBWzdzXj488iJYWaebzNW0xSaiQGvbiH6UdAV_WjeGpw2DgT99Zb19yUQ2ojy7cyFuAGRC5LAwbvJo5oz-hfUiZuH70W60iLWtA_1CESq8ykv4CxwNh8t8SafxwuQz9dmzaGWDIPhb-NmGkK-dEAzOh0Bd9oNaxnejeLpRFrLqekSkUdowJWhoyML9N0ATy0HTaoGpCKUXrB_EGX1RKbD80utNI-MGxCJAeQTFUe5J6a-HrM0JzouKfB477aaclRH5uEc6uWpzOpn18x5i6QljeLaMaDgpz1RWM6zOIxVQvvdgIpvTdwSLKbFzcz_tH4FCHsCzdGeMTtq459X5uNh6pfs0pq_31ZXEmdz2TZkDiy-6TyRcrMzyL5VtXZLKnl44WEWAljg6YjtYhwegjSA5tWxxc8Cm333ptrTVu6As-w0Im6yDWt-kuugDYdZ5vlhgbCNgY_u_kKM04RdBT8qTA5e6i6GGp74CsR1CE3_w57eJyt0qBpVfOATWT6cnoWFK6UN2JRPwNuoxUqirRSaBbVNdP0czV_iFxBbncLw8A4o1q-V4XPls8b-vANWN7v0MYmZ-hRvxAe4g-IuUi5vWBZcNvoM89CjceeQkCQ1R8xnyGyFxT53MSoZCy8W07RIRZMrX9cOfhxE23NQIF6XTDcJcn07qLrUgfmSvwKZeLcopVW4HOjId-aZsfV_HNXVcCo3z_DlutIZEW7ry-nuyuAjuj_pliLB0bCCzOsNOeQiCc6hHGskXk3DyZhNamPMcWDGC1HbHCjEe3FJfBSV3H7uP5cd4mpHrNjaOMT3uLwh3clwiX_AmE_KEst1WNNT3oBJoC_LdlNfUKmcYb0wAVY1yes7DedOfKJkL7ZiMRjKD0p0PpaI-9JJu8PzN1kc5HCdvT2mj_Lk46B929may3IeRipw14xKDjyMXqPFkLfHplW1bo3pTeCDIT_1IgqP3lRDNd8YSWbeg_zmFGAtRpuMEC5OjoYVip7YV5lh9WxNtoRWTEMF7bmV_GunHRkXHfYZ6xIbGsE9gz3qnkSj927c04mUlw-Rr7ABwb03Iq6D_zNRcTXPS5rWEQKG_lerlwf00PMSbnJ0L6HRIxnf1ol8TUrN96KJD7908p9x_0P86RQK3swsXUxtFAHuOVlk75MkdvHz9K8SreTRpLholrnuNkrMk0lX8JoBdIc8whF-pI8z8gfiVUDTMJXQiG6Vtiec6ZpByJMnwIAZJ05bFq89kpZ2FdU2fN9AADl9GMZOBIGrC4-0W8UCSwzHby3_-SjLkRgkYgEsMA7MTbeQfkgydQ8fi_-sfORkTKuZEv35iAhgu2CkdyxW8JhAbX_r6c3YiXREXeaaq52SJSUIQwyFepOyVSYI7yVsriTfkImJZeU1ym-klh4-CBPX-5smSbUwRK4A42aXVusALvWJUF5TFmfLgrKp-zX0Ax5la7AmahpS7LA6x-Q5zIUWO6y53xpV-WGP7hI6X3_QrY0Mv3Rd2M8HumnhegStdbOf3cpckycAVIMzBZWjJEpS4wi-NGY9g06yyajFF40qUylglGCtaM3nzGp0dGBzPeLTIFYyIlMmxJPiXjUYozD2R4v4QFO8rsDj3bLspXrCqTw79qxRsOvuj_HnMitVliMZ2iCxZNU4iPs2IdRmcJcH3FN7erhmcdO2TnGKWcZUGnH&cid=CAASEuRoVVdQYeyhvmrXwBTIqi3udw&rfl=1%2Chttps%253A%252F%252Fsubject.com.ua%252F%240

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70d82c6075989e0082b4917c6685f5f6bec1e673d0a80160eac61b3f1cdcb1a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8471
x-xss-protection: 0
server: cafe
etag: 753583566593306265
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:46:32 GMT

GET
H3-Q050 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/ Frame 48BE 8 KB
3 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:43:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 03 Apr 2021 18:43:02 GMT

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame 48BE 0
28 B 95ms
95ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstumNrShLTF82yzEMB6KEgxR4vaAAXf3IqkyZiWnCMqxmOfHvt7iQI8LnGRCiKjzYVtxCN0Z2K-u6XvjzN6qgnGfFAilZ3Vqi2gnLW2l0b5b_eMcNhyLwh01ZBIQvfAKL0h7ocQjaYDuYKLEg_0lQOT5mkMI0sD1JBQRUYRPpliMCuBh9xWSLn2Zl0q0Y8HEtXx0vvgt5UAMo99tHnIvIKO446nsWDsIir-QlCekJp0rny33oL3FNupC7OKqXMYdimaycGCd0nHzuw-zmZwPp3XGK7gnj6X0i5qbBAfSZHCcdr1ou2c6n9GD7dc655_NwQ-kuqh-_Vu3SIP5St3lo3ifVsnuqDLW3-mJ1NKBb6SGDDLHmUqiCLTrOTRQqYmYTsjWV6m0K3EqpsHlmsTy0YsjQIBxF8oKgWglU-SwGVxxVnTUFMC7ZqLEtMYsmsbNFgGukuQZmov7OpBNoP0fVxB0QF38OEN10agQLMIQsdqk1nNVqBPU2YiOikDd1bYBdQ8kxyE6PCSwQkYwosKyvKs00Vd0OVslE-_5uTTa5R8G90DtPC6hrbOtAkN_lEBH-B0GdjzNjF2NHMGEeLieDJ79CQ5NJmf4Q4BbNcFQcnVpBSNdVxdg8YdAHu1G-mco8J6wFSFZgQPJyFFIYIwcoA8HoqxXN2IoAYAUdcWIRaMaasNYiQut7iS9H74QM8N7sEWx71vGyNSRWK03TeQ4l2kgySgMQEtAdhTHppO-0PJc7lSRlsoiOTTizcVVajpUx1rJrbnLg9U8GVdWsYo45rUbYTXwm9FU1oSRDiLgbqsr6rpcU1kXCQvJynCCcVjE6RacO_tvxANoeNZggF9b2IJJZ-rIYCZpPrB43FvdVNmO_omuSKSyzzKaiAYeTfWVcLaxT4ybgeq0Ol8qfIYzj_yhZFlmGyHzrS0IYIfFfrcQMFlUoTFa-n1KmvQoNPCx2u9T-vHQJxiybRfCHlmUT8DuDFIzScFgAN7MyZQNtMXa-qAxCRdMHhRTe1c1SKSqsEdmVHsRB4Mrfv6sFQ2cSnLRlK7zkjqEirExLniXu94xP2YWX54fdBYBvak99TtQbfi4ale4kkChj9iTkK0_u0ES9q6DQwRa5e2fxa5NcP3vo_Kf4m2kqkKqmEU7Oodq9cWezcjJIPfzGPE5o14dCZ_NlHHtNzYHFu1mi-JTk5nc1QqWi0HLfo2n2rX20l8ow__f4OdHTtzSJgMJJX0T1LxLiAPRosH7pv1xh1ezexOoTU&sai=AMfl-YSTRw54T7A02_NQGhuIhI5GRndC7D2YJ4cgndrxaWqj75c8CXegQtoy7RYUzPUVJqq9XnhSq2R-aKWwx88yBwe89Eud2WTv1iSVM42whpXpbvlfCSK58Jlu5H8F01w0lfp2Nu6OK3z_-yBhNYif4pNk7TliEO4OBkXX-X-5NbOl96ye75XoVw&sig=Cg0ArKJSzIb9PiyQj32nEAE&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210316.30894&adurl=

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 20 Mar 2021 18:46:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 48BE 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 10:43:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115377
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Mar 2022 10:43:39 GMT

GET
H3-Q050 200 1D_Shop_Digital_Natives_728x90.jpg
s0.2mdn.net/8259769/1221755425646427/ Frame 48BE 18 KB
18 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8259769/1221755425646427/1D_Shop_Digital_Natives_728x90.jpg

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c01437949da02915692d17331466619554fc86c2944a6c8b391775e04037e301

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 07:05:07 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Nov 2020 11:07:23 GMT
server: sffe
age: 42089
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18412
x-xss-protection: 0
expires: Sun, 21 Mar 2021 07:05:07 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6569 5 KB
4 KB 20ms
16ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f40088a91901fdc90f9c695cb2049beb1a76d67c39e225ab20209a4bbc6ab1bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4164
x-xss-protection: 0

GET
H3-Q050 200 prod_studio_01_245_videomodule.js Show response
s0.2mdn.net/879366/ Frame 6569 13 KB
5 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_245_videomodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

236888a9bde0a1cabbd288498b6ba4fb3f4ec7119d2d06666a5a48a82f51f042

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61660420/20201218090239950/index.html?e=69&leftOffset=0&topOffset=0&c=7kVpP2nLkf&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 03:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54198
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4849
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Mar 2021 03:43:18 GMT

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 15B3 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 13:05:00 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 106896
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 13:05:00 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 92D3 156 B
136 B 133ms
132ms XHR
text/xml 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-video-pub-7094677798399606&slotname=subject-mid-2&ad_type=video&description_url=http%3A%2F%2Fsubject.com.ua&max_ad_duration=66000&videoad_start_delay=0&vpmute=0&vpa=click&sdmax=99000&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&sdkv=h.3.447.1&video_product_type=0&min_ad_duration=0&sz=800x450&adsafe=high&hl=en&ca_type=image&unviewed_position_start=1&output=xml_vast4&osd=2&frm=0&vis=1&sdr=1&num_ads=1&t_pyv=exclude&video_format=43&is_amp=0&u_so=l&mpt=videojs-ima&mpv=1.8.0&sdki=44d&adk=4096054978&sdk_apis=2%2C8&media_url=blob%3Ahttps%253a%2F%2Fsubject.com.ua%2F9aaec262-f893-4163-95b6-5f8156761aef&eid=44736621&url=https%3A%2F%2Fsubject.com.ua%2F&dlt=1616265993239&idt=1531&dt=1616265996490&cookie=ID%3D28778c1da5901396%3AT%3D1616265994%3AS%3DALNI_MaSem3v6tjfk7lNJp5LOmQ60ZOsqQ&correlator=3245531602792200&ad_block=1&ged=ve4_td3_tt1_pd3_la3000_er0.0.0.0_vi0.0.1200.1600_vp0_ts0_eb16491

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.447.1_en.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://imasdk.googleapis.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/xml; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0

GET
H3-Q050 200 js-animation_de_CH_imageanimation.js Show response
s0.2mdn.net/creatives/assets/3389262/ Frame 4D3D 65 KB
17 KB 7ms
6ms XHR
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3389262/js-animation_de_CH_imageanimation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_CH_polite.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a44212e58f8f04f0081cac0f0969f04b90cc940defebbdcee923ab2c1df9db9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61404961/20200309023020409/index.html?e=69&leftOffset=0&topOffset=0&c=2VCye0akVy&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With: XMLHttpRequest

Response headers

date: Sat, 20 Mar 2021 18:37:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 548
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17622
x-xss-protection: 0
last-modified: Sun, 14 Mar 2021 21:59:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Mar 2021 18:52:28 GMT

GET
DATA 200
OK truncated
/ Frame 4D3D 14 KB
14 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 19ff70e284646d02fc1e21d6fc9f1bb2586cf2153807480af67b46b389c76ed6

Request headers

Origin: https://s0.2mdn.net
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame C5DF 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 13:05:00 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 106896
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 13:05:00 GMT

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame 48BE 0
27 B 79ms
78ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 57FD
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEL8Wk3DgixNxhENeKms2FHI&google_push=AQvitUJkoKfTKlVLkeTWzlHYEk6CYnQA-qVxZ09so95TjOGdKz1Msza0Uz...

170 B
190 B

70ms
69ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEL8Wk3DgixNxhENeKms2FHI&google_push=AQvitUJkoKfTKlVLkeTWzlHYEk6CYnQA-qVxZ09so95TjOGdKz1Msza0UzKpyOd-HTra5QdeAiz3GuGuxpXg4jbz8EQ53-hyvs97

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
via: 1.1 varnish
server: Jetty(9.3.8.v20160314)
x-timer: S1616265997.651450,VS0,VE97
x-served-by: cache-hhn4031-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEL8Wk3DgixNxhENeKms2FHI&google_push=AQvitUJkoKfTKlVLkeTWzlHYEk6CYnQA-qVxZ09so95TjOGdKz1Msza0UzKpyOd-HTra5QdeAiz3GuGuxpXg4jbz8EQ53-hyvs97
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
x-cache-hits: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 57FD
Redirect Chain

https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEFF3MJZobYfD6-Mwq0PUE9Y&google_cver=1&google_push=AQvitULVfbrBB0FBgLI8pAeEPkW8_Qg_pLiEOUsYE6V9tbOMRT2NUOgDo5l9gru_OcGTK...
https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AQvitULVfbrBB0FBgLI8pAeEPkW8_Qg_pLiEOUsYE6V9tbOMRT2NUOgDo5l9gru_OcGTKdUm7VUp4e_yfb44PkUYzk6qHDLdF2I&google_hm=QXd3THlzNXc3S1VnTXEwWG92e...

170 B
213 B

2043ms
2043ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AQvitULVfbrBB0FBgLI8pAeEPkW8_Qg_pLiEOUsYE6V9tbOMRT2NUOgDo5l9gru_OcGTKdUm7VUp4e_yfb44PkUYzk6qHDLdF2I&google_hm=QXd3THlzNXc3S1VnTXEwWG92em9wRmc=

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AQvitULVfbrBB0FBgLI8pAeEPkW8_Qg_pLiEOUsYE6V9tbOMRT2NUOgDo5l9gru_OcGTKdUm7VUp4e_yfb44PkUYzk6qHDLdF2I&google_hm=QXd3THlzNXc3S1VnTXEwWG92em9wRmc=
Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 57FD
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEAnFVp6-HVxuK4zDBb-EQN0&google_cver=1&google_push=AQvitULVvppCUOYyVVzBvcjYd-mQehAaQr3Vrt5Hko8hziixV72AbivvauEwvIGMLP4LLS7zDGC-xN-sP-omy...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEAnFVp6-HVxuK4zDBb-EQN0&google_push=AQvitULVvppCUOYyVVzBvcjYd-mQehAaQr3Vrt5Hko8hziixV72AbivvauEwvIGMLP4LLS7zDGC-xN-sP-omy...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitULVvppCUOYyVVzBvcjYd-mQehAaQr3Vrt5Hko8hziixV72AbivvauEwvIGMLP4LLS7zDGC-xN-sP-omyL9EOsEKbjY6COYI&google_hm=aW1SamVEUV93NFhPR1Z4...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitULVvppCUOYyVVzBvcjYd-mQehAaQr3Vrt5Hko8hziixV72AbivvauEwvIGMLP4LLS7zDGC-xN-sP-omyL9EOsEKbjY6COYI&google_hm=aW1SamVEUV93NFhPR1Z4...

170 B
213 B

44ms
43ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitULVvppCUOYyVVzBvcjYd-mQehAaQr3Vrt5Hko8hziixV72AbivvauEwvIGMLP4LLS7zDGC-xN-sP-omyL9EOsEKbjY6COYI&google_hm=aW1SamVEUV93NFhPR1Z4OTZoZ1c=&google_tc=

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitULVvppCUOYyVVzBvcjYd-mQehAaQr3Vrt5Hko8hziixV72AbivvauEwvIGMLP4LLS7zDGC-xN-sP-omyL9EOsEKbjY6COYI&google_hm=aW1SamVEUV93NFhPR1Z4OTZoZ1c=&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 425
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 57FD
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDv4M73XOkgrAViwcgbX0o4&google_cver=1&google_push=AQvitULsKJikeH9bX08dovB5QK5QjwcE-nkKgOf9lxpBAyMpRWYrZEGBb7kr20Gd-03ktSKg5II...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01JMzFNWTQtMjgtMlEwUA==&google_push=AQvitULsKJikeH9bX08dovB5QK5QjwcE-nkKgOf9lxpBAyMpRWYrZEGBb7kr20Gd-03ktSKg5IIG7NYhTArRTWqSLwJCJcdUf9rK

170 B
190 B

62ms
61ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01JMzFNWTQtMjgtMlEwUA==&google_push=AQvitULsKJikeH9bX08dovB5QK5QjwcE-nkKgOf9lxpBAyMpRWYrZEGBb7kr20Gd-03ktSKg5IIG7NYhTArRTWqSLwJCJcdUf9rK

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S01JMzFNWTQtMjgtMlEwUA==&google_push=AQvitULsKJikeH9bX08dovB5QK5QjwcE-nkKgOf9lxpBAyMpRWYrZEGBb7kr20Gd-03ktSKg5IIG7NYhTArRTWqSLwJCJcdUf9rK
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Expires: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 57FD
Redirect Chain

https://google-sync.rutarget.ru/sync?google_gid=CAESEGKYIDNXqMl2i_q-vXs6bk0&google_cver=1&google_push=AQvitUJb7kzPjjP2tygfw7qEqThGoh1d_POeyDuajhqp64_cXn2d40n8tsHgPiAN0WwmIxLekMjYVou2JRmt-vUBvNnc6OZ...
https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=ZWh6WlhQMjJqRTBH&google_ula=2046794&google_push=AQvitUJb7kzPjjP2tygfw7qEqThGoh1d_POeyDuajhqp64_cXn2d40n8tsHgPiAN0WwmIxLekMjYVou2JR...

170 B
213 B

135ms
134ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=ZWh6WlhQMjJqRTBH&google_ula=2046794&google_push=AQvitUJb7kzPjjP2tygfw7qEqThGoh1d_POeyDuajhqp64_cXn2d40n8tsHgPiAN0WwmIxLekMjYVou2JRmt-vUBvNnc6OZfgok

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=ZWh6WlhQMjJqRTBH&google_ula=2046794&google_push=AQvitUJb7kzPjjP2tygfw7qEqThGoh1d_POeyDuajhqp64_cXn2d40n8tsHgPiAN0WwmIxLekMjYVou2JRmt-vUBvNnc6OZfgok
Date: Sat, 20 Mar 2021 18:46:39 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 57FD
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESED...
https://sync.targeting.unrulymedia.com/csync/RX-57259296-7f71-433f-8361-73c5ae6ee27e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUKzhk_t7QHMttukhq2uG...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKzhk_t7QHMttukhq2uGuVxr3YbmIOn14QQWR8OUabdGQBAlrN0k81niIx29GHNftt_BsI6jjddRJovV18JEbcWblvt6p_n&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4

170 B
190 B

66ms
66ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKzhk_t7QHMttukhq2uGuVxr3YbmIOn14QQWR8OUabdGQBAlrN0k81niIx29GHNftt_BsI6jjddRJovV18JEbcWblvt6p_n&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: Tengine
ETag: RX572592967f71433f836173c5ae6ee27e003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKzhk_t7QHMttukhq2uGuVxr3YbmIOn14QQWR8OUabdGQBAlrN0k81niIx29GHNftt_BsI6jjddRJovV18JEbcWblvt6p_n&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4
Connection: keep-alive
Content-Type: text/html

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 57FD 0
44 B 5900ms
291ms Image
text/plain 18.179.240.58
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEF3fJ9BijiMUWpjjiHSjgmY&google_cver=1&google_push=AQvitUJaXJlxR7D1rg86UthSBK260febLZ4suUdfnuqLxnV5kvwDoIbflQwox0stDx6xtMY2I2uNpYJY38C6Vp5bbkrMbkOCkIMs
Requested by: Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.179.240.58 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:42 GMT
server: awselb/2.0

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 57FD 0
16 B 51ms
50ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jxx5veRXbGCv5eMM8Qm8nThoRIjIif6FHxdS16KrUqG_PWgtNq0C209J9fLQuOEdGYP98Z

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 27BA 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Fri, 19 Mar 2021 10:43:39 GMT
expires: Sat, 19 Mar 2022 10:43:39 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 115377
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2EFE 1 KB
750 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 20 Mar 2021 16:59:40 GMT
expires: Sun, 21 Mar 2021 16:59:40 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 6416
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 48BE 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fc141c1ed8430d8a7706cca30acf437b0afc1650ce6d5a9211c9f0233e28c9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 D_EU_Lantern;strtype=2
ad.doubleclick.net/activity;src=6478009;pid=295089156;aid=488157140;ko=0;cid=130151284;rid=130133051;rv=2;stragg=1;&timestamp=1616265996620;str=LH/NULL/183/amadeusBestPrice/ Frame 090C 42 B
537 B 187ms
82ms Image
image/gif 142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;src=6478009;pid=295089156;aid=488157140;ko=0;cid=130151284;rid=130133051;rv=2;stragg=1;&timestamp=1616265996620;str=LH/NULL/183/amadeusBestPrice/D_EU_Lantern;strtype=2

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6569 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:36 GMT

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame DC94 0
27 B 78ms
77ms Other
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 293 KB
294 KB 146ms
145ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: 8fa5e6babaad1c27ca828b66bbeb735590e7b698d301ae97ebf631e436c55814

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=582048-882471

Response headers

Date: Sat, 20 Mar 2021 18:46:36 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 582048-882471/161125964
Connection: keep-alive
Content-Length: 300424

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 135ms
134ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:36 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7ED2 0
46 B 41ms
40ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BvSojCkNWYIvHNK_O7_UP2qmFuAwAAAAAOAHgBAI&bg=!UlGlURXNAAbUo7L91KM7ACkAdvg8Wjb5oeC78-b0oBytnVr0mqsuDQtoQYq3_tOZRuWAQw8YGyk2qgIAAAKuUgAAAGpoAQcKAHiO-lLsSDpbrq3kmpXYTFtEpgeHR9xVgGIT9amKfXLIc5OwCuFXa7BtjcX5nSuwkYK5tGsRGREaNSDGPHlYzUaTJ64G3mRPOikLkNb2ZcWud4-d37IM3DEuSdIwqHWq-TLxhUcLctQz-UU6hWL6vWptXyo4ZLEsdPiZAlkS9GZFcX8ywTIIGtBp7Ezuc_ERrhy7KBcQS4adHk4Xfd-cw4yruic9mJ12z0iD0AaNCT5zyD4IFT-KKNu8ptZu0NflAXLlakox5sp_812o061TIf3MraeBmb37HBmuFT084OQ0oRLV4xmzSVYOCPXg81RAH7r8BqZ0vhq7TkRXOnuq6kTRD9itwN1gryEaJqdyzpEZAcyTvqaJJqcK2HNCex4bZsA60GMcUaYkeApBWweDZtZp8EWpxzlkH9QcjeOyJ6vYs6K9POOa-G35ueTrklj2hclwdx0k8QPDIts_fZE5IYgHEfABpZvQQEuNIkHxmT8Vo-h-Gx3VchEZTuRPcP6X1YY9vqlUwSksrNWoKpQwkidA5-KMjgRAxDXvxb3uv_dtf6_-upDt7eT-M7FZZGxmqoYLiYm2v32h-REH6H3A-pE2FpUq7-iqQ6U6Qt7OLQgkIlSEcvaT5pvVDvlvvOkTmvg3byrMp7mOJXvo_npNEW9oKfnLaDf_TXd9kSRSo46TcvX_nmb_0ryymLtu7ZDmPbK0oeRhyYErKLeRZA5hDAPXHnDbmbZjkBXkQDV1IwtAMz5sqHXdWzlnPtsuB-aUYuStyiWYI85HVQ90Mh1dXlFTScsks1MdfBN2ckVEd7jVCZ9I3FeY1mSx6tc37TpwWDUXE2y39b3jGoHnl_dTxBBY2LVqBZ5x7YDzFv6kgWmNUuZyf28yDBnM0JiKXXC1xD3T928ziT-tk1VJ0HjgObSsRs7-rR1womIcDJorhB6XXVcoK51uuhF9PP37baNypllyeDOA

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 090C 43 B
215 B 143ms
143ms Image
image/gif 34.206.10.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=9f680a74-af9e-2e7f-b844-e26d23bdd2b1&tv=%7Bc:7qTJjd,pingTime:-10,time:1327,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.5.1v220002022000220000022002222000022220200000222220222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222222000220000222202222202222000002002002222222222220022202200022002220222202,sd:MTcuNS4xdjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNS4xdk1vemlsbGF8fE5ldHNjYXBlfHxufHwxNnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fC02MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzg5LjAuNDM4OS43MiBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,asp:1616265996770%7C%7Cf6175606ed8df92e151becf16e9de2f0%7C%7Cf34e96995ddf3ff5eb1bfde138cfe29c%7C%7Cf55aefb455f6e3eb678d3cf7aa3aff8f%7C%7C511983d7b50eea20efe6fdbf85e29aa3%7C%7C7daf487d87be5937fc67471169a49cd9%7C%7C16db17a7e25a9d5be74fd8a54fafd00d%7C%7C950b761229b6255bf963450cf7bed4b7%7C%7C1614879537%7D
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.10.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
x-server-name: dt36.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
123 B 15ms
14ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=subject.com.ua

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 15ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=subject.com.ua

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 optad360.js Show response
serving.stat-rock.com/player/ 302 KB
95 KB 2175ms
2037ms Script
application/javascript 144.76.128.227
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://serving.stat-rock.com/player/optad360.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/e630b43e-4175-11e8-9881-06048607e8f8/plugin.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.76.128.227 Remscheid, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 4ca8ee087d2ab929975531c89f721db12ccf2de9f3184174ae9cc80e046c026d

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:38 GMT
content-encoding: gzip
last-modified: Tue, 02 Mar 2021 13:49:28 GMT
server: nginx
etag: W/"603e4268-4b67b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=600

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame ED98 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 13:05:00 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 106896
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 13:05:00 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 92D3 156 B
159 B 143ms
142ms XHR
text/xml 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-video-pub-2403018226404213&slotname=subject-v-mid1-1&ad_type=video&description_url=http%3A%2F%2Fsubject.com.ua&max_ad_duration=66000&videoad_start_delay=0&vpmute=0&vpa=click&sdmax=99000&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&sdkv=h.3.447.1&video_product_type=0&min_ad_duration=0&sz=800x450&adsafe=high&hl=en&ca_type=image&unviewed_position_start=1&output=xml_vast4&osd=2&frm=0&vis=1&sdr=1&num_ads=1&t_pyv=exclude&video_format=43&is_amp=0&u_so=l&mpt=videojs-ima&mpv=1.8.0&sdki=44d&adk=4096054978&sdk_apis=2%2C8&media_url=blob%3Ahttps%253a%2F%2Fsubject.com.ua%2F9aaec262-f893-4163-95b6-5f8156761aef&eid=44736621&url=https%3A%2F%2Fsubject.com.ua%2F&dlt=1616265993239&idt=1531&dt=1616265996907&cookie=ID%3D28778c1da5901396%3AT%3D1616265994%3AS%3DALNI_MaSem3v6tjfk7lNJp5LOmQ60ZOsqQ&correlator=3292594344071635&ad_block=1&ged=ve4_td4_tt2_pd4_la4000_er0.0.0.0_vi0.0.1200.1600_vp0_ts1_eb16491

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.447.1_en.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://imasdk.googleapis.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/xml; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0

GET /
google2waycm.netmng.com/cm/ Frame 2EFE 0
0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 2EFE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WUZaRERBQUFBR0R1Y1N6cg==&google_gid=CAESECcKXoEN6z9R-7Xsm5g-F3w&google_cver=1&google_push=AQvitUIS6MnFpWTkkR68P77T--ThD6WlHS...

170 B
190 B

2009ms
2009ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WUZaRERBQUFBR0R1Y1N6cg==&google_gid=CAESECcKXoEN6z9R-7Xsm5g-F3w&google_cver=1&google_push=AQvitUIS6MnFpWTkkR68P77T--ThD6WlHSxrtIjA8DOKG6PYtCXjvOiY0ZqLs2ubsDmSOCc9-_7vttCy0YcfpLId2MvySy2huao

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:36 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1616265997.950198,VS0,VE0
x-served-by: cache-hhn4031-HHN
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WUZaRERBQUFBR0R1Y1N6cg==&google_gid=CAESECcKXoEN6z9R-7Xsm5g-F3w&google_cver=1&google_push=AQvitUIS6MnFpWTkkR68P77T--ThD6WlHSxrtIjA8DOKG6PYtCXjvOiY0ZqLs2ubsDmSOCc9-_7vttCy0YcfpLId2MvySy2huao
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 2EFE
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESENBDIWdgooFNzryl9_CyF68&google_cver=1&google_push=AQvitUKBSTBcT3Rv1d4NIbCUDwNMtM1AE3BcIri6XVSvdI8DUDqMqHTGSKh0kwd_BoqTLxpuLx7PNVG...
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESENBDIWdgooFNzryl9_CyF68&google_cver=1&google_push=AQvitUKBSTBcT3Rv1d4NIbCUDwNMtM1AE3BcIri6XVSvdI8DUDqMqHTGSKh0kwd_BoqTL...
https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUKBSTBcT3Rv1d4NIbCUDwNMtM1AE3BcIri6XVSvdI8DUDqMqHTGSKh0kwd_BoqTLxpuLx7PNVG1o0cwN2xSpoSg-PTo4IA&google_sc&google...

170 B
190 B

48ms
48ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUKBSTBcT3Rv1d4NIbCUDwNMtM1AE3BcIri6XVSvdI8DUDqMqHTGSKh0kwd_BoqTLxpuLx7PNVG1o0cwN2xSpoSg-PTo4IA&google_sc&google_hm=8AL-Sh6nRPSIf6qzCaKJimBWQxA

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:41 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUKBSTBcT3Rv1d4NIbCUDwNMtM1AE3BcIri6XVSvdI8DUDqMqHTGSKh0kwd_BoqTLxpuLx7PNVG1o0cwN2xSpoSg-PTo4IA&google_sc&google_hm=8AL-Sh6nRPSIf6qzCaKJimBWQxA
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 2EFE
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEIBnQZpP6xjMFGfmHoKfPzE&google_cver=1&google_push=AQvitUKHmkOMumI9rZrdxCJEbeEwEvRWs0RPGHBcVBGwQwUBYkLvfQRBcmSMSTrmiyoPC6naN6bbEdALvf-PIl50jWlD0fY...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEIBnQZpP6xjMFGfmHoKfPzE&google_cver=1&google_push=AQvitUKHmkOMumI9rZrdxCJEbeEwEvRWs0RPGHBcVBGwQwUBYkLvfQRBcmSMSTrmiyoPC6naN6bbEdALvf-PIl50jWlD0...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUKHmkOMumI9rZrdxCJEbeEwEvRWs0RPGHBcVBGwQwUBYkLvfQRBcmSMSTrmiyoPC6naN6bbEdALvf-PIl50jWlD0fYN-Pw

170 B
190 B

57ms
57ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUKHmkOMumI9rZrdxCJEbeEwEvRWs0RPGHBcVBGwQwUBYkLvfQRBcmSMSTrmiyoPC6naN6bbEdALvf-PIl50jWlD0fYN-Pw

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUKHmkOMumI9rZrdxCJEbeEwEvRWs0RPGHBcVBGwQwUBYkLvfQRBcmSMSTrmiyoPC6naN6bbEdALvf-PIl50jWlD0fYN-Pw
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 2EFE
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEBW8CeNnqPKCWwXaX9SnlZ4&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFZDCiR1UnH4_BHqPlI_UwAABGwAAAIB&google_cver=1&google_gid=CAESEBW8CeNnqPKCWwXaX9SnlZ4&google_push=AQvitUJRopolhPszh6wLdd5s8xOTpaUemz8Bd...

170 B
190 B

1996ms
1996ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFZDCiR1UnH4_BHqPlI_UwAABGwAAAIB&google_cver=1&google_gid=CAESEBW8CeNnqPKCWwXaX9SnlZ4&google_push=AQvitUJRopolhPszh6wLdd5s8xOTpaUemz8BdW-P-epnT_vPzoTiYUAETPcRUjTg6AGM0juWGEL9dtwGD4RecAWvBMhT72W5itI

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YFZDCiR1UnH4_BHqPlI_UwAABGwAAAIB&google_cver=1&google_gid=CAESEBW8CeNnqPKCWwXaX9SnlZ4&google_push=AQvitUJRopolhPszh6wLdd5s8xOTpaUemz8BdW-P-epnT_vPzoTiYUAETPcRUjTg6AGM0juWGEL9dtwGD4RecAWvBMhT72W5itI
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 459
Expires: Sat, 20 Mar 2021 18:46:36 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 2EFE
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAQvitUL1z0zPSUH6aT7wULZcSA8isKR2tfHIdeckBaZ7lLw3ERvWXQPMYJAGDiHPLblUEc1IpkkqrkcZFK...
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUL1z0zPSUH6aT7wULZcSA8isKR2tfHIdeckBaZ7lLw3ERvWXQPMYJAGDiHPLblUEc1IpkkqrkcZFKoHLo9jLUazqCItVoM&google_hm=5a2cc297-c910-4849-a01...

170 B
190 B

56ms
56ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUL1z0zPSUH6aT7wULZcSA8isKR2tfHIdeckBaZ7lLw3ERvWXQPMYJAGDiHPLblUEc1IpkkqrkcZFKoHLo9jLUazqCItVoM&google_hm=5a2cc297-c910-4849-a013-bf537a3591c2

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:39 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUL1z0zPSUH6aT7wULZcSA8isKR2tfHIdeckBaZ7lLw3ERvWXQPMYJAGDiHPLblUEc1IpkkqrkcZFKoHLo9jLUazqCItVoM&google_hm=5a2cc297-c910-4849-a013-bf537a3591c2
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 2EFE
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEM...
https://sync.targeting.unrulymedia.com/csync/RX-57259296-7f71-433f-8361-73c5ae6ee27e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitUKGa8UJNJ_5bHtH5wRqh...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKGa8UJNJ_5bHtH5wRqhS6qdyakbuWToouqvvVvk6s4OoFzK_W6qabTmMAJMneiEk3XzTrpXbAG5TmCL8xzwF7F9QC9s1M&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4

170 B
213 B

50ms
50ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKGa8UJNJ_5bHtH5wRqhS6qdyakbuWToouqvvVvk6s4OoFzK_W6qabTmMAJMneiEk3XzTrpXbAG5TmCL8xzwF7F9QC9s1M&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
Server: Tengine
ETag: RX572592967f71433f836173c5ae6ee27e003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitUKGa8UJNJ_5bHtH5wRqhS6qdyakbuWToouqvvVvk6s4OoFzK_W6qabTmMAJMneiEk3XzTrpXbAG5TmCL8xzwF7F9QC9s1M&google_hm=A1clkpZ_cUM_g2Fzxa5u4n4
Connection: keep-alive
Content-Type: text/html

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 2EFE 0
16 B 54ms
53ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IjUxvtDil-El4tLEFgY7fpeiqhBoXLmZ3XbdsETSbAZDv1-7uzqcgy045wrH-bcSjF2ulx

Requested by

Host: 3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
URL: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:36 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 27BA 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 13:05:00 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 106896
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 13:05:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 6ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j88&a=396961267&t=event&_s=8&dl=https%3A%2F%2Fsubject.com.ua%2F&ul=en-us&de=UTF-8&dt=%D0%92%D1%81%D1%96%20%D0%BF%D1%80%D0%B5%D0%B4%D0%BC%D0%B5%D1%82%D0%B8%20-%20%D0%92%D0%B5%D0%BB%D0%B8%D0%BA%D0%B8%D0%B9%20%D0%B4%D0%BE%D0%B2%D1%96%D0%B4%D0%BD%D0%B8%D0%BA%20%D1%88%D0%BA%D0%BE%D0%BB%D1%8F%D1%80%D0%B0&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=video&ea=view_time_complete&el=subject&_u=KEDAAUABAAAAAC~&jid=&gjid=&cid=820006831.1616265993&tid=UA-113932176-30&_gid=1579695637.1616265993&gtm=2ou3a0&z=980337038

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 12:04:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 24149
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIjoGShMS_7wIVA-O7CB0C9gPuEAAYACDo27BEQhMIzIjyg8S_7wIVjPJ3Ch16RQrd;met=1;&timestamp=1616265996940;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=0;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;
ade.googlesyndication.com/ddm/activity/ Frame DC94 42 B
498 B 3172ms
78ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIjoGShMS_7wIVA-O7CB0C9gPuEAAYACDo27BEQhMIzIjyg8S_7wIVjPJ3Ch16RQrd;met=1;&timestamp=1616265996940;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=0;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 43A5 0
46 B 41ms
41ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BMMLkC0NWYM2tBOGZx_AP8f-T2A4AAAAAOAHgBAI&bg=!OTqlOn7NAAbUo7L91KM7ACkAdvg8WrOqrba6QYgxCXKX8H4NyjRXwLaaDrQkTPh5Eoi4FMfMElGwWwIAAAIOUgAAAFhoAQcKAQj95BXdaJJkqL-5a2qNf5yTuysRHTOEFG-_Qcw0a5Dw3L08eDrLyh9A3j613oZjlE-2EC4VjgzIk1CBseGgz3hX9nJRJ0h7qoLBHb12K-6RHlDbsHaf3CORCPtIBIv7tKeLOW-OcjJS4BC-S2GCy0WbapAQYKyi0LFigFRY-XnRu4tYQ6y11l6yGk2TGwwIlImEY3sgUeBuVWbiTUvQbp0ekRqUhZ3ua4XSzal0yvR6rU-XEB0slNnx3yEEYBl4YcvcQJW_zGtqshFk2il_xeD4aDL7M2z3yizKsOIYpxkKtKV7PTyCYx_Xbs0Z1fysWdaWnETAM5-pAEjKMztWrsQQsvhOjA6QfPaZAmMIvTbXVSuQL-ZilEqSwk7vxyK33yPRcZjO05rv9gI2Wnm41COi2CKxqcM18H2T1gT2L64gIZ6lgfXy9L0kkxUffOxJGFFXwklmerzzPsbaVs-JvmJWQbM8k9Z8CukMdSeeNaSdymFLE4zjeoqkxWcv5QvHpv591Z0TsS91lDwREJ86p5o0c0Yf3311XEFgsmX3svAzpBmgLHrNM_jesk1QjWJkXI89TXgvjCUVCg3XMZ_dCbJpg0R9F4ijn-nWhYxCvsvecP_8OuswysLW0begOIt0JRk3ZuBLL9d4ZYsCXdMLmvnfckcjuuZyz9oFyKESpGlmSoF8fKiXkdTF8Ifg6g8uq7p8txJm7EQMAXpeZC_4ARfb4T1Wdvr7HGG4uAi4w_ZXhE4jFLIt2CbFiIDh3hfz3ZIZdinVN_2R64-B5yVKVAwP55B5WnEOayBWw31ZvE3l3lzzVAsuSPyseGgrxeFR8VhziyHBgZlPFV8r9PfdwwNZ9blC1ZKHxZXdetuAGfSY72m2MPdqaAIeeYB4dxaWIhW1IiZQdbTlxzEgKlcRFGQanslLwdrXoUBoo4pXsJWS64Ld9GT0j1yZvc3hahrMJvraw6_zUygheTSvEeT9do-qv4BPa8ZhzqsZJHsWHtTDXdfFJ8gSNvMx6OBfwgfcRxXEIVbOBh4mNBz_kyw4ZEgMbYTIeSTgE8zRRKqsjCjXi_a-7Pj-w4TSTnFyE__P6PBpknGNN3a5KT4uqSsfoNh22MyPIOngryUerkuWVOeOar1c10kAWlfqHX0MROJhiq6bzXqrV26kKpPr2Cu-BA

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
146 B 16ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=subject.com.ua

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 16ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=subject.com.ua

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 92D3 156 B
136 B 150ms
149ms XHR
text/xml 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-video-pub-7094677798399606&slotname=subject-mid-3&ad_type=video&description_url=http%3A%2F%2Fsubject.com.ua&max_ad_duration=66000&videoad_start_delay=0&vpmute=0&vpa=click&sdmax=99000&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&sdkv=h.3.447.1&video_product_type=0&min_ad_duration=0&sz=800x450&adsafe=high&hl=en&ca_type=image&unviewed_position_start=1&output=xml_vast4&osd=2&frm=0&vis=1&sdr=1&num_ads=1&t_pyv=exclude&video_format=43&is_amp=0&u_so=l&mpt=videojs-ima&mpv=1.8.0&sdki=44d&adk=4096054978&sdk_apis=2%2C8&media_url=blob%3Ahttps%253a%2F%2Fsubject.com.ua%2F9aaec262-f893-4163-95b6-5f8156761aef&eid=44736621&url=https%3A%2F%2Fsubject.com.ua%2F&dlt=1616265993239&idt=1531&dt=1616265997164&cookie=ID%3D28778c1da5901396%3AT%3D1616265994%3AS%3DALNI_MaSem3v6tjfk7lNJp5LOmQ60ZOsqQ&correlator=3433592088799699&ad_block=1&ged=ve4_td4_tt2_pd4_la4000_er0.0.0.0_vi0.0.1200.1600_vp0_ts0_eb16491

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.447.1_en.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://imasdk.googleapis.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/xml; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 15B3 0
23 B 41ms
40ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BKiVMC0NWYM7PF4PG7_UPguyP8A4AAAAAOAHgBAI&bg=!U1ClUBTNAAbUo7L91KM7ACkAdvg8Wi7pigZkPFbZSZuuKY4sNn0LgSJvmPLnOagou_hkDpuesyaE_AIAAAISUgAAADtoAQeZAm8qkeMh8JJGQc_fTo3Y39KRzPCZnKYVZmJvu9lVRRBoUZozDiGsgpjwUr3biDIO6j3sdQpo9-Kf7Xo5RmhL1teTTPkjajJbrraO63JLTtHqRBcYwZPGHqoYsNn_77_bUZigIX9hGETRflj9-9sgMqgvL8lvePHh6H5ZAb1D1Q-X-fWd7P8QSLWl4P6_hLCYWZpFwZBSaXcKtOnhSAaLCDdWmXVCT0CankdcaKJCoFxwnKJSaBUYUDKv3d4lxrBV69lgNLAc8XP0xlZD4-L7wm1zwWr1614Z4DpYUa6bcmMN6VfAAZMcntNTYgfsm2KRiV8uaWP4votxaVeWczzGV9HEVerGM3aCDS3ZbirLpCLG5hPke-RGi-ybSV_azoMI5eFHLdDB24W3WhahndO5gcNHgp5TlKcJq1irJopqc_lC4X3DpRlbeocDrDwDYiKAmuVDYrd8gPFo8_rRNMSrtq9ZmdWVR46F6HLxpwL1fnLyJwpOdskPuojEP7iDjyKjeaekQ_y_c2RxjnG2opXUSHXHe8n2P77XB6wGo7tnZB35bIDwobdrFK60U-ZGrEQEunk9GB18EE22jYhBckffLXDwMGXmeC3BQsYJt56dRw0pyZegWqLT65UWEIGc53B-nx7MS05sCT-8YowpbBihV_5LXFFaOmf6vvcbicWxe0V8rGC83WEBEiT-ksJVkzwxX1ZskswjiXIh5nwNGuyuvG-tZ89kIMmRmej_5wOq8hR3eLxSJZwXSyRKRp7MXBY6JN95argRsV2OavAnVX0KlUTO1ph4UHpNk3ND3FO37GSQlhGSGIsuzJcjApg1BF1gKA

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C5DF 0
23 B 40ms
40ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BwHAGC0NWYIPbKevV7_UPqp6JsAcAAAAAOAHgBAI&bg=!jI-lj8vNAAbUo7L91KM7ACkAdvg8WmyUrRSvRJ50eU0MoTwF1nHnw6vm0HRDKNCgRp7KvOAlfObQUAIAAAHwUgAAACpoAQcKACk3bx7FgyOJV3U47kEacgHDs9wjJM4UkjO79Llwvr2lPsjIeV9PPFPQxZkCde-E7Z-RtCIAAkbXrhOgBDYUO5BM184_Vd2J9QF5_17rxBDxaAm4ZRa-hjtlJ2Dl5wAhniTxBj7QqZ1lm4JO_v4E5trqx2tr1hFm0KjQTAanylSfrHNf2r3vQZN0g_JzRdN5y1M-ZkyA5t72gBmAhwzQgwITdN4pK-XAnJHQROU72hoO7PY_7iKaqLkVDXKwi2cN91OuZg9TjhtbgDShq9FCp-reqger5ESqBSbW2G7Vgha7ymGtzUS60f8FKRfbiozCWKW4-AOI1EmTzZ-O72VvLmLlTjYXNFuhPzs8wfPnl-qMlap3ADnsMhY3TXD2BwMpYqJsHXZbx-We1IUx1UMlgElLs2fZjpOtORjdusbskrhy1DXjMAoxVxeFEychT2tMfXuQBwuhfpWOn9XviQYAiNqmiT_aU97yDWo524VFU4xpzulUfRjAPF9PeorOwgt8XEJ07ksZfTC0UKZ9I664qiqLWLgvWxC12i1XunXCVoyAdpSTCZKK5LguGLvZksa4mx9LblgfFyse8XU4CSsQW6KiMpdbhkW9_zJIph4Np3HEJooJ1jKV_9ENlgPYfUQuTOehilcsbXZa2FmOJdWDfXZEj8haf28gVBQFqOqYHd0nj6Y-YAJSIQuzCY3UzZDZ1ECHUrB-F31zlDgDOTYoZ6oMlWxQigqt-mOM_HgC-8sZlNNQBctjJSEh-wVZYVuln89LNOvX4ixewEAUCij-rTr2vmwwCt5MyTvvlKez9Dmo5O5dlMKbaEZ67fbYOko-NJ-yiimXleB0VxLLAB12WC8A001m6S1szZMuPt92Gusaludc0ZVQimHE8UHPDBoRlbIg

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 27BA 0
23 B 43ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BIDddDENWYMHpFMSU3gPdxK2QAgAAAAA4AeAEAg&bg=!29il2JzNAAbUo7L91KM7ACkAdvg8WmQqLALPQWBk761MtQhMOz9_pM7KrdNOaVAMrvHm4B8p4UoB0gIAAADrUgAAAAxoAQcKAOD67Ugtr4li-B3u4azNeDV9dEVfM5RjDN3PFTMZbHeoxtZZ2wQ4zBU7aYLJSg0cyY4XDDULNailyEAuJphunQYIQCVDhHSiJQ_Uc-sHjtFxi9np1iC7AL5b8TR2QeUrz7ed1USCEw5mlZfbTymwatoW4p9z65HNUFrQLSaX5wwv7tL33WYa-VxkWDReLrH8H7v8C1FVA93bDe2Go14hMvXRLd9EbHdx7ENXYHDQxZeVU6XhSX3RtrtIZw0CpDlBpc5JmzqZFVmq3j2qrmLLbw0iVev5Uu5KIMt_DrTXni-tHJkCcuv5ictmEZORGMud1B9IpYWjD69ckE2fotVFxr8YdIgZYQZ-GrMj05xXa-XhFMKY8Nj2XYCmSsxgTjCMyk8CZdzONdm_V_3Hd5c-6D-SFHnuE8kuaYA6aYsEKt3sDpqVzsMlce4xInBGhGAKXlvgKGZmE3Q3O0xoWmE-p76m-uVpQX5F2LFm6VzDRQDUYwtsOMVg9Zu1k27e0eVqawtsg1PNWOuoxt5pJHVTf0m2b4LGt5X62vKUp9UAtDV2-NobH-Tc-mB5-0621d2OdmKMe85WjUfgZMqzcybcSLWP-pAaWO9jh5iLckwAJzx-ggDYykhGz5dcLSC9WJtpW8bnTBBGNc2l_CTFkNJfW1G-ywdJUlraoCemvWGOXVn9FnMm5L5XExZKtOI0KW2B5QO3CVdV9-RZUbCYDPC5gjhm-6y3IMQuNimMBeejljR6iHQc9ieoKHAEHDxD1ynyb2Iu-d42i4DrhrMiK2rVWT6u3CnfAYNcoNDgwrJZnBVuevwn9W0Odk1vVRx5Mxs9MFELMRW7KvUIXrg3I9KOe9qITYuqSVsmlMGRpe5WSeD5dKpQFUjPdnV8kivOKgX9kb3H4BmE-z5vdNp6XPDcwDI6OQfRnl-iiAJA72vY2WzJXXFy9s1qXyPpdzHE_Qrv_y1Z8k4jsEjpp1DWnlyQjKUK1DO80vVJpMfTtSCrTHe8Q9C6wMV1gbl4lDPFKh_VqR9GG9Ao2eVVjTNrFQOh2TeGKzoqjKrAQ7O-TtgbNGf8jR0_JEK4qsUD6umWNT57F3NRRQn7l54RhQBEh6BD-F6lD23cjg0sq2eKtE9L0MusL9aZ3ncw

Requested by

Host: subject.com.ua
URL: https://subject.com.ua/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
123 B 15ms
14ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=subject.com.ua

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=subject.com.ua

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 92D3 156 B
136 B 116ms
116ms XHR
text/xml 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-video-pub-2403018226404213&slotname=subject-v-mid2-1&ad_type=video&description_url=http%3A%2F%2Fsubject.com.ua&max_ad_duration=66000&videoad_start_delay=0&vpmute=0&vpa=click&sdmax=99000&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&sdkv=h.3.447.1&video_product_type=0&min_ad_duration=0&sz=800x450&adsafe=high&hl=en&ca_type=image&unviewed_position_start=1&output=xml_vast4&osd=2&frm=0&vis=1&sdr=1&num_ads=1&t_pyv=exclude&video_format=43&is_amp=0&u_so=l&mpt=videojs-ima&mpv=1.8.0&sdki=44d&adk=4096054978&sdk_apis=2%2C8&media_url=blob%3Ahttps%253a%2F%2Fsubject.com.ua%2F9aaec262-f893-4163-95b6-5f8156761aef&eid=44736621&url=https%3A%2F%2Fsubject.com.ua%2F&dlt=1616265993239&idt=1531&dt=1616265997328&cookie=ID%3D28778c1da5901396%3AT%3D1616265994%3AS%3DALNI_MaSem3v6tjfk7lNJp5LOmQ60ZOsqQ&correlator=2363448118574587&ad_block=1&ged=ve4_td4_tt2_pd4_la4000_er0.0.0.0_vi0.0.1200.1600_vp0_ts0_eb16491

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.447.1_en.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://imasdk.googleapis.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/xml; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 48BE 42 B
89 B 46ms
45ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvWXXPEij_n18XG2T-cOcHBbjWxOOyJoeZ791X6W1ctpPKeJwGFCMImgGAJR-f5XYe8Nh2A2KM6PiAQUKGo3Wfe9QXQBXfU6Bn7_yDkxPHvSs-EEqX3-BdXh58&sai=AMfl-YThRQrRQ3eNOA-PNQo9U2La67-trwMzStFd5Tq5jfE7wbdX8i4hMvSxagDpGC377bChDoHPlFjmsC9-sQNyqWWktg3ed1Iv9dpSbyr0FH6bXGMdZhDq4O-0Eok&sig=Cg0ArKJSzAoJEiHjmMPZEAE&cid=CAASEuRoVVdQYeyhvmrXwBTIqi3udw&id=osdim&mcvt=1000&p=633,412,727,1140&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210317&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=2506017926&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1616265995708&dlt=100&rpt=1&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK data
b53.s407.meetrics.net/ Frame DC94 43 B
308 B 1330ms
1329ms Image
image/gif 136.243.5.16
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b53.s407.meetrics.net/data?/4C5eF+XAALl1FDLkqFKtkyB43A2wAzwA6wEylF0pFtlF2qoFx2Ax2Ay2A15A51Ax2Ax0AhzF32Bp4Bh4BsBFTkzFPPEGAAZAwSAcAAAARksFAQtjFtr7OSA
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 136.243.5.16 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:38 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Cache-control: no-cache,no-store,must-revalidate
Connection: keep-alive
Expires: Sat, 20-Mar-21 18:46:37 GMT

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame C96A 37 KB
14 KB 385ms
45ms Document
text/html 104.75.88.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/rtb.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://subject.com.ua/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=ECEBD906-8215-4CFB-869D-67B63CBA29AA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=117230
Expires: Mon, 22 Mar 2021 03:20:29 GMT
Date: Sat, 20 Mar 2021 18:46:39 GMT
Connection: keep-alive
Vary: Accept-Encoding

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 131ms
131ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:39 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 218 KB
219 KB 228ms
228ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: 3466b7656d00411e08dd5ecac2648710967dd6cd41bd84fc07181cbadfb05d45

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=882472-1106191

Response headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 882472-1106191/161125964
Connection: keep-alive
Content-Length: 223720

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame C96A 5 KB
6 KB 66ms
65ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=47795612&p=159175&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 0d743e7b1b7e01734d567884b48a0c872059e9f04e95b4acb0d4515c66fc6e10

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:38 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 598F
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=3293944949779761977

42 B
769 B

84ms
58ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=3293944949779761977
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=47795612&p=159175&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=ECEBD906-8215-4CFB-869D-67B63CBA29AA; pi=159175:3; chkChromeAb67Sec=1; DPSync3=1617408000%3A201_227_226_221; SyncRTB3=1617408000%3A56_7_22_220_21_13_3_8_54_161_71_166_81_55%7C1618790400%3A203%7C1617062400%3A63%7C1616803200%3A223_2_15%7C1617494400%3A35; KRTBCOOKIE_153=1923-HdrZFB_Z3EMGj95BSdrBGhLYiBIG3ohHSt2jhs3V&KRTB&19420-HdrZFB_Z3EMGj95BSdrBGhLYiBIG3ohHSt2jhs3V&KRTB&22979-HdrZFB_Z3EMGj95BSdrBGhLYiBIG3ohHSt2jhs3V; PugT=1616265999; PUBMDCID=3
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Sat, 20 Mar 2021 18:46:39 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 42
Connection: keep-alive
Set-Cookie: KRTBCOOKIE_336=5844-3293944949779761977; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 19-Apr-2021 18:46:39 GMT; path=/ PugT=1616265999; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 19-Apr-2021 18:46:39 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 18-Jun-2021 18:46:39 GMT; path=/
X-lat: lhrpug020:0:363
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=3293944949779761977
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame A64C 43 B
284 B 154ms
53ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=47795612&p=159175&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Sat, 20 Mar 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1180
date: Sat, 20 Mar 2021 18:46:39 GMT
content-length: 43

GET
H/1.1

200
OK

redir Show response
rtb-csync.smartadserver.com/ Frame 0A30
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFc3RFN0FySVlBQUJFMm90NUJyZw&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAEstE7ArIYAABE2ot5Brg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAEstE7ArIYAABE2ot5Brg&pid=558502&do=add
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAEstE7ArIYAABE2ot5Brg&pid=558502&do=add&_bee_ppp=1
https://rtb-csync.smartadserver.com/redir

43 B
163 B

137ms
63ms

Document
image/gif

185.86.137.110
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb-csync.smartadserver.com/redir
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=47795612&p=159175&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.110 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Host: rtb-csync.smartadserver.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Sat, 20 Mar 2021 18:46:41 GMT
content-type: image/gif
transfer-encoding: chunked

Redirect headers

Date: Sat, 20 Mar 2021 18:46:42 GMT
location: https://rtb-csync.smartadserver.com/redir
Server: nginx
set-cookie: bito=AAFu2k7ArIYAABHlot5Brg; Domain=bidr.io; expires=Tue, 19 Apr 2022 14:46:42 GMT; Path=/; SameSite=None; Secure bitoIsSecure=ok; Domain=bidr.io; expires=Tue, 19 Apr 2022 14:46:42 GMT; Path=/; SameSite=None; Secure checkForPermission=""; Domain=bidr.io; expires=Thu, 01 May 2008 00:00:00 GMT; Path=/; SameSite=None; Secure
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H/1.1

200
OK

Cookie set Pug Show response
simage2.pubmatic.com/AdServer/ Frame D3C0
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6941809590163601555

42 B
771 B

210ms
58ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6941809590163601555
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=47795612&p=159175&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: simage2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=ECEBD906-8215-4CFB-869D-67B63CBA29AA; pi=159175:3; chkChromeAb67Sec=1; DPSync3=1617408000%3A201_227_226_221; SyncRTB3=1617408000%3A56_7_22_220_21_13_3_8_54_161_71_166_81_55%7C1618790400%3A203%7C1617062400%3A63%7C1616803200%3A223_2_15%7C1617494400%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Sat, 20 Mar 2021 18:46:39 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 42
Connection: keep-alive
Set-Cookie: KRTBCOOKIE_1101=23040-6941809590163601555; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 19-Apr-2021 18:46:39 GMT; path=/ PugT=1616265999; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 19-Apr-2021 18:46:39 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 18-Jun-2021 18:46:39 GMT; path=/
X-lat: lhrpug020:0:366
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Sat, 20 Mar 2021 18:46:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=6941809590163601555; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6941809590163601555

GET
H/1.1

200
OK

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame C96A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=7OvZBoIVTPuGnWe2PLopqg%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

8 KB
8 KB

33ms
33ms

Image
text/html

104.75.88.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "1300708-1f78-5b232eb4914bb"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: max-age=122599
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 2654
Expires: Mon, 22 Mar 2021 04:49:58 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:39 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame C96A 95 B
596 B 52ms
32ms Image
image/png 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=ECEBD906-8215-4CFB-869D-67B63CBA29AA
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:39 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 63311ac11a6d9730-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 08f28f0cae0000973089a74000000001

GET
H/1.1 200
OK info
uipglob.semasio.net/pubmatic/1/ Frame C96A 42 B
253 B 171ms
61ms Image
image/gif 77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=ECEBD906-8215-4CFB-869D-67B63CBA29AA&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 77.243.60.138 Aalborg, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
uip-response-status: FallbackResponse
date: Sat, 20 Mar 2021 18:46:37 GMT
frontend-id: 3
content-length: 42
routing-server-id: -1
content-type: image/gif

GET
H/1.1

200
OK

Artemis
aud.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=ECEBD906-8215-4CFB-869D-67B63CBA29AA&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=ECEBD906-8215-4CFB-869D-67B63CBA29AA&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=ECEBD906-8215-4CFB-869D-67B63CBA29AA&addseg=31

7 B
147 B

370ms
40ms

Image
text/plain

185.64.189.249
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=ECEBD906-8215-4CFB-869D-67B63CBA29AA&addseg=31
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.64.189.249 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:40 GMT
Connection: keep-alive
Content-Length: 7
Content-Type: text/plain; charset=utf-8

Redirect headers

date: Sat, 20 Mar 2021 18:46:39 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=ECEBD906-8215-4CFB-869D-67B63CBA29AA&addseg=31
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 135

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RUNFQkQ5MDYtODIxNS00Q0ZCLTg2OUQtNjdCNjNDQkEyOUFB&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
505 B

211ms
60ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
X-lat: lhrpug009:0:494
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:39 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGmu_QXJ1RPQYt-w37JPQGY&google_cver=1

42 B
855 B

241ms
65ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGmu_QXJ1RPQYt-w37JPQGY&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
X-lat: lhrpug012:0:444
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:39 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGmu_QXJ1RPQYt-w37JPQGY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame C96A 43 B
609 B 131ms
44ms Image
image/gif 159.253.128.188
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.188 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:39 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Fri, 19 Mar 2021 18:46:39 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3d4b2d13-cf48-4650-abb1-5b0f4c341355

42 B
882 B

246ms
56ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3d4b2d13-cf48-4650-abb1-5b0f4c341355
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
X-lat: lhrpug012:0:432
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:39 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3d4b2d13-cf48-4650-abb1-5b0f4c341355
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8354128351810794130

42 B
801 B

286ms
52ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8354128351810794130
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
X-lat: lhrpug010:0:467
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:39 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8354128351810794130
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:7df66056-430f-4d00-9d6c-ef044a03773a&gdpr=0&gdpr_consent=

42 B
946 B

260ms
56ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:7df66056-430f-4d00-9d6c-ef044a03773a&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
X-lat: lhrpug008:0:319
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
Server: MT3 3611 f10363c master zrh-pixel-x29
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:7df66056-430f-4d00-9d6c-ef044a03773a&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 20 Mar 2021 18:46:38 GMT

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3449719069706468319&gdpr=0&gdpr_consent=

42 B
769 B

138ms
53ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3449719069706468319&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
X-lat: lhrpug020:0:476
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:39 GMT
X-Proxy-Origin: 185.156.175.187; 185.156.175.187; 728.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.142:80
AN-X-Request-Uuid: a60de522-593b-4f14-9a7d-e84394acbbe0
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3449719069706468319&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=c99421f9-ff10-480f-8a8c-234c4806b871&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
https://x.bidswitch.net/sync?dsp_id=283&user_id=06de93c5-6307-4dd9-a45d-2f32544e152b&expires=1&user_group=5&ssp=pubmatic&bsw_param=c99421f9-ff10-480f-8a8c-234c4806b871
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=c99421f9-ff10-480f-8a8c-234c4806b871&gdpr=&gdpr_consent=&gdpr_pd=

1 B
745 B

220ms
49ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=c99421f9-ff10-480f-8a8c-234c4806b871&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
X-lat: lhrpug009:0:697
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=c99421f9-ff10-480f-8a8c-234c4806b871&gdpr=&gdpr_consent=&gdpr_pd=
date: Sat, 20 Mar 2021 18:46:39 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 ECEBD906-8215-4CFB-869D-67B63CBA29AA
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame C96A 43 B
716 B 38ms
33ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/ECEBD906-8215-4CFB-869D-67B63CBA29AA?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:39 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

SPug
image4.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=ECEBD906-8215-4CFB-869D-67B63CBA29AA&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-2cFhFbVE2uX_RbS5Tgz.rRjmMH0FoEA-~A&gdpr=0&gdpr_consent=

0
418 B

218ms
49ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-2cFhFbVE2uX_RbS5Tgz.rRjmMH0FoEA-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:38 GMT
Cache-Control: no-store, no-cache, private
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-2cFhFbVE2uX_RbS5Tgz.rRjmMH0FoEA-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=HdrZFB_Z3EMGj95BSdrBGhLYiBIG3ohHSt2jhs3V

42 B
894 B

208ms
62ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=HdrZFB_Z3EMGj95BSdrBGhLYiBIG3ohHSt2jhs3V
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
X-lat: lhrpug010:0:584
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:39 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=HdrZFB_Z3EMGj95BSdrBGhLYiBIG3ohHSt2jhs3V
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YFZDDAAAAGDucSzr&gdpr=0&gdpr_consent=

1 B
809 B

44ms
44ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YFZDDAAAAGDucSzr&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:44 GMT
X-lat: lhrpug013:0:424
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:44 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1616266005.987314,VS0,VE0
x-served-by: cache-hhn4031-HHN
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YFZDDAAAAGDucSzr&gdpr=0&gdpr_consent=
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2357273015292893564&gdpr=0&gdpr_consent=&us_privacy=

1 B
727 B

258ms
59ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2357273015292893564&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
X-lat: lhrpug004:0:549
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2357273015292893564&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Sat, 20 Mar 2021 18:46:39 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:f2625ba0-b9ce-4c29-8323-60b36412529f&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
505 B

249ms
52ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:f2625ba0-b9ce-4c29-8323-60b36412529f&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
X-lat: lhrpug015:0:296
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:f2625ba0-b9ce-4c29-8323-60b36412529f&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Sat, 20 Mar 2021 18:46:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame C96A
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=f002fe4a-1ea7-44f4-887f-aab309a2898a-60564310-4348&gdpr=0&gdpr_consent=

42 B
800 B

54ms
54ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=f002fe4a-1ea7-44f4-887f-aab309a2898a-60564310-4348&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 20 Mar 2021 18:46:42 GMT
X-lat: lhrpug001:0:444
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:41 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=f002fe4a-1ea7-44f4-887f-aab309a2898a-60564310-4348&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame C96A 0
104 B 92ms
60ms Image
text/plain 2a02:fa8:8806:13::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=ECEBD906-8215-4CFB-869D-67B63CBA29AA&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:39 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 257 KB
257 KB 124ms
124ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: 4282f57042bc131dda57b156d4619530bb6ec2fb5f94b07f000afb9aa83faa18

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=1106192-1369015

Response headers

Date: Sat, 20 Mar 2021 18:46:39 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 1106192-1369015/161125964
Connection: keep-alive
Content-Length: 262824

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 131ms
130ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:39 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 200
OK data
b53.s407.meetrics.net/ Frame DC94 43 B
308 B 47ms
47ms Image
image/gif 136.243.5.16
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b53.s407.meetrics.net/data?/4C5eGL7AAl2yFuvFfhFwpFTkzFARksFAQtjFkjRNSA
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 136.243.5.16 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:39 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Cache-control: no-cache,no-store,must-revalidate
Connection: keep-alive
Expires: Sat, 20-Mar-21 18:46:38 GMT

GET
H/1.1 200
OK data
b53.s407.meetrics.net/ Frame DC94 43 B
308 B 1019ms
1018ms Image
image/gif 136.243.5.16
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b53.s407.meetrics.net/data?/4C5eHJOBATkzFARksFAQtjF7qJNSA
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 136.243.5.16 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:42 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Cache-control: no-cache,no-store,must-revalidate
Connection: keep-alive
Expires: Sat, 20-Mar-21 18:46:41 GMT

GET
H/1.1 200
OK SPug Show response
simage4.pubmatic.com/AdServer/ Frame C96A 0
587 B 1164ms
35ms Script
text/plain 185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=159175&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Cnection: close
Date: Sat, 20 Mar 2021 18:46:41 GMT
Content-Encoding: gzip
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf-8

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 314 KB
315 KB 211ms
211ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: 2c3a1ad02c150bb54808fb2aa986e8b0131d822699d774d2b8b91616810b5343

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=1369016-1690871

Response headers

Date: Sat, 20 Mar 2021 18:46:42 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 1369016-1690871/161125964
Connection: keep-alive
Content-Length: 321856

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 119ms
119ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:42 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 242 KB
242 KB 124ms
124ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: 8d9d61ac4c116c6819ea28b6be113a17225f1b734536bb5a7058df2485a732ea

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=1690872-1938843

Response headers

Date: Sat, 20 Mar 2021 18:46:42 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 1690872-1938843/161125964
Connection: keep-alive
Content-Length: 247972

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 119ms
119ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:42 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 250 KB
250 KB 121ms
120ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: d7993ba8863b6e76a839d2c4ddccee842c4572f9ccd796698708924652630d6d

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=1938844-2194335

Response headers

Date: Sat, 20 Mar 2021 18:46:43 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 1938844-2194335/161125964
Connection: keep-alive
Content-Length: 255492

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 116ms
115ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:43 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 200
OK data
b53.s407.meetrics.net/ Frame DC94 43 B
308 B 43ms
43ms Image
image/gif 136.243.5.16
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b53.s407.meetrics.net/data?/4C5eI6vBATkzFARksFAQtjFttJNSA
Requested by: Host: subject.com.ua
URL: https://subject.com.ua/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 136.243.5.16 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:43 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Cache-control: no-cache,no-store,must-revalidate
Connection: keep-alive
Expires: Sat, 20-Mar-21 18:46:42 GMT

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 250 KB
250 KB 135ms
134ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: f1ff28e985786835c73f72fefd321f105c36ec40ba66efb45a2f50ee83a31855

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=2194336-2450203

Response headers

Date: Sat, 20 Mar 2021 18:46:43 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 2194336-2450203/161125964
Connection: keep-alive
Content-Length: 255868

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 136ms
136ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:43 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 257 KB
257 KB 138ms
137ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: b0cd5050c5cb6bbc24cd6ed1fbc6af294c7739b6865104daeba3c243ef65825b

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=2450204-2713403

Response headers

Date: Sat, 20 Mar 2021 18:46:43 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 2450204-2713403/161125964
Connection: keep-alive
Content-Length: 263200

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 127ms
127ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:43 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 37ms
18ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210316&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

deeaa5f7cafb34386be26eef92e5763942c48137af71c3841f0702e892ae70fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 20 Mar 2021 18:46:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6474
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 18:46:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Sat, 20 Mar 2021 18:46:45 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame F143 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://subject.com.ua/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://subject.com.ua/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Sat, 20 Mar 2021 17:53:38 GMT
expires: Sun, 20 Mar 2022 17:53:38 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3187
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame F143 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 13:05:00 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 106905
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Sat, 19 Mar 2022 13:05:00 GMT

GET
H2 200 dc_oe=ChMI4e_eg8S_7wIVC-e7CB0xGAUtEAAYACCD6IhGQhMIrdrCg8S_7wIVp4aDBx1QcghQ;met=1;&timestamp=1616266005188;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame EED0 42 B
107 B 64ms
64ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI4e_eg8S_7wIVC-e7CB0xGAUtEAAYACCD6IhGQhMIrdrCg8S_7wIVp4aDBx1QcghQ;met=1;&timestamp=1616266005188;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
46 B 40ms
40ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gda_r20210316&jk=282971650721183&bg=!-Pul-7_NAAbUo7L91KM7ACkAdvg8Wpxue-Y_j2vhi05UlGG6bCQ-Gt9M1vLRhfn3mB-SRPWEy-r2hQIAAABnUgAAAAtoAQcKAJPc-Q5yVjoxi-RB6g4t_QlK9Q6iL_NW4wII1c_ERwzGin0G6oBNLvqQRTLC-vwFA6hxgOmQXGycjqnmwgpz1jBPDn0lfwR97WGhXO7usKZ1VkoGngweBy6vJk7CANoyBG1FnAY4qSBlJA5uBb15Cdh6sEVd3ihA6cC7Ag8WjO586ObTjrEFUVRTlnJn1MZaOMNTIE6ZAcxN1dkKmG45_DZ5HKj0hv1UjlYSms8ESxSY9h9eMaiq2h7RkMUBPa7RUPrkIRClPV7AVr_ttlWbVnQGSTW9xaT31bgTh5CcUULZeMtXACkAo_M2mbf0IZaWb8jLj-FJz_6LAA9F7VNNe48ZDLWcA32fr7QerWvSUiiCvEIGGWQPhk71eLVJIODf-Zl_6TCzhamGi29jkYpEYo8MWbgi7c_Fpzu4c-KPQBCJqEuDZh-966vyx-tSjR3HXpf_mXrEVg_c4gdU8G_ltmU1ZG2hqTNxOLfw8lio6vYTocROrGR8m7CDEy0l_eN6b2ozug3EePCGkjEaAfSMVRtr3ZjnPxi3SvbsY2wvR_MCXe5AIfBhNqMXLyzgkEzRl99bC3vICoAmCZ7pEkn3xC3hg_f1tCPJXiIViwSo3Bkj3V3cIZpsi4dnio0Ot67YL2V0E3Za-zqDXRzqxVhl758c7c5HH5ZXtEb9Ta7DUVd9jWHfOHgn2k_jfIA7DQpGD9FCR5LLcKp4l5A90pbUqdMhUHG10GSZa3m8I1v4Z_7LBhcEPwCiUpAZgs662xmyay4TB5QkVpXuJPoQXxb6kcHAveOO7UZQc48yrqDSqun-QUJg

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 dc_oe=ChMIi_Txg8S_7wIVL-e7CB3aVAHHEAAYACDo54hGQhMIwMrSg8S_7wIVcoODBx2ZwQhb;met=1;&timestamp=1616266005562;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame FBBC 42 B
476 B 109ms
74ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIi_Txg8S_7wIVL-e7CB3aVAHHEAAYACDo54hGQhMIwMrSg8S_7wIVcoODBx2ZwQhb;met=1;&timestamp=1616266005562;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
59 B 76ms
76ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/rtb.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://subject.com.ua
date: Sat, 20 Mar 2021 18:46:44 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 142ms
141ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:46 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 264 KB
265 KB 230ms
212ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: 9ee015875311c68a694d9110662117b652475fb8926a10ba6526cbfcdf253a53

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=2713404-2983935

Response headers

Date: Sat, 20 Mar 2021 18:46:46 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 2713404-2983935/161125964
Connection: keep-alive
Content-Length: 270532

GET
H2 200 dc_oe=ChMIjd_-g8S_7wIV4cwRCB3x_wTrEAAYACD05oc-QhMInKLng8S_7wIVFJ93Ch3IIgLg;met=1;&timestamp=1616266006069;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 090C 42 B
107 B 89ms
88ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIjd_-g8S_7wIV4cwRCB3x_wTrEAAYACD05oc-QhMInKLng8S_7wIVFJ93Ch3IIgLg;met=1;&timestamp=1616266006069;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 dc_oe=ChMIjoGShMS_7wIVA-O7CB0C9gPuEAAYACDo27BEQhMIzIjyg8S_7wIVjPJ3Ch16RQrd;met=1;&timestamp=1616266006489;eid1=2;ecn1=0;etm1=10;eid2=14;ecn2=1;etm2=0;eid4=16;ecn4=1;etm4=0;eid6=20;ecn6=1;etm6=0;eid...
ade.googlesyndication.com/ddm/activity/ Frame DC94 42 B
88 B 62ms
62ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIjoGShMS_7wIVA-O7CB0C9gPuEAAYACDo27BEQhMIzIjyg8S_7wIVjPJ3Ch16RQrd;met=1;&timestamp=1616266006489;eid1=2;ecn1=0;etm1=10;eid2=14;ecn2=1;etm2=0;eid4=16;ecn4=1;etm4=0;eid6=20;ecn6=1;etm6=0;eid8=17;ecn8=1;etm8=0;eid10=960584;ecn10=1;etm10=0;eid12=18;ecn12=1;etm12=0;eid14=960585;ecn14=1;etm14=0;

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
59 B 95ms
95ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/rtb.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://subject.com.ua
date: Sat, 20 Mar 2021 18:46:46 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H/1.1 200
OK data
b53.s407.meetrics.net/ Frame DC94 43 B
308 B 44ms
43ms Image
image/gif 136.243.5.16
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b53.s407.meetrics.net/data?/4C5eJA/CATkzFARksFAQtjFRmJNSA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 136.243.5.16 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:48 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Cache-control: no-cache,no-store,must-revalidate
Connection: keep-alive
Expires: Sat, 20-Mar-21 18:46:47 GMT

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 129ms
128ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:48 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 256 KB
256 KB 220ms
220ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: 016cd72619d63390f994aa5f8680bc629c070092b2cdfc2d02c6cf4a1225030b

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=2983936-3245819

Response headers

Date: Sat, 20 Mar 2021 18:46:48 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 2983936-3245819/161125964
Connection: keep-alive
Content-Length: 261884

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 317 KB
318 KB 238ms
238ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: 3b6ecc70cacc511cdf32ff19c35824158bd028ebb573f24b1150092149a37d31

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=3245820-3570871

Response headers

Date: Sat, 20 Mar 2021 18:46:52 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 3245820-3570871/161125964
Connection: keep-alive
Content-Length: 325052

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 609ms
609ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:51 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 223 KB
224 KB 210ms
210ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: 67440165117fc1b73b075785edd169990c4dba58d0bb48f29cb4f189b732a264

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=3570872-3799667

Response headers

Date: Sat, 20 Mar 2021 18:46:54 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 3570872-3799667/161125964
Connection: keep-alive
Content-Length: 228796

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 114ms
113ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:54 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H2 200 dc_oe=ChMI4e_eg8S_7wIVC-e7CB0xGAUtEAAYACCD6IhGQhMIrdrCg8S_7wIVp4aDBx1QcghQ;met=1;&timestamp=1616266015192;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame EED0 42 B
107 B 62ms
62ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI4e_eg8S_7wIVC-e7CB0xGAUtEAAYACCD6IhGQhMIrdrCg8S_7wIVp4aDBx1QcghQ;met=1;&timestamp=1616266015192;eid1=2;ecn1=0;etm1=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 dc_oe=ChMIi_Txg8S_7wIVL-e7CB3aVAHHEAAYACDo54hGQhMIwMrSg8S_7wIVcoODBx2ZwQhb;met=1;&timestamp=1616266015565;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame FBBC 42 B
88 B 60ms
60ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIi_Txg8S_7wIVL-e7CB3aVAHHEAAYACDo54hGQhMIwMrSg8S_7wIVcoODBx2ZwQhb;met=1;&timestamp=1616266015565;eid1=2;ecn1=0;etm1=10;

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
59 B 61ms
61ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/rtb.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://subject.com.ua
date: Sat, 20 Mar 2021 18:46:54 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H/1.1 200
OK data
b53.s407.meetrics.net/ Frame DC94 43 B
308 B 38ms
37ms Image
image/gif 136.243.5.16
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b53.s407.meetrics.net/data?/4C5eKu1EATkzFARksFAQtjFlsJNSA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 136.243.5.16 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Mar 2021 18:46:55 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Cache-control: no-cache,no-store,must-revalidate
Connection: keep-alive
Expires: Sat, 20-Mar-21 18:46:54 GMT

GET
H3-Q050 200 dc_oe=ChMIjd_-g8S_7wIV4cwRCB3x_wTrEAAYACD05oc-QhMInKLng8S_7wIVFJ93Ch3IIgLg;met=1;&timestamp=1616266016069;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame 090C 42 B
88 B 60ms
60ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIjd_-g8S_7wIV4cwRCB3x_wTrEAAYACD05oc-QhMInKLng8S_7wIVFJ93Ch3IIgLg;met=1;&timestamp=1616266016069;eid1=2;ecn1=0;etm1=10;

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIjoGShMS_7wIVA-O7CB0C9gPuEAAYACDo27BEQhMIzIjyg8S_7wIVjPJ3Ch16RQrd;met=1;&timestamp=1616266016487;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame DC94 42 B
107 B 68ms
68ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIjoGShMS_7wIVA-O7CB0C9gPuEAAYACDo27BEQhMIzIjyg8S_7wIVjPJ3Ch16RQrd;met=1;&timestamp=1616266016487;eid1=2;ecn1=0;etm1=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Mar 2021 18:46:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 117ms
116ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:56 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 248 KB
249 KB 208ms
208ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: a82b63fca6443d8c105456ced4033c00507d073eca0c4eeeb8239519edd0b6fb

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=3799668-4054031

Response headers

Date: Sat, 20 Mar 2021 18:46:56 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 3799668-4054031/161125964
Connection: keep-alive
Content-Length: 254364

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 289 KB
289 KB 210ms
209ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: 2d90de0e8f11d3ec61272a2fb03a6a1bacf697e7b52beab1dfadfb20a9ce5e6c

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=4054032-4350131

Response headers

Date: Sat, 20 Mar 2021 18:46:58 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 4054032-4350131/161125964
Connection: keep-alive
Content-Length: 296100

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 117ms
117ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:46:58 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
59 B 81ms
81ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/rtb.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subject.com.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://subject.com.ua
date: Sat, 20 Mar 2021 18:47:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 229 KB
229 KB 213ms
212ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: 8c43e361b3e1faa2f15f8688b600818012a79cc467700987e7dd8b6e6dbd7ab3

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=4350132-4584755

Response headers

Date: Sat, 20 Mar 2021 18:47:01 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 4350132-4584755/161125964
Connection: keep-alive
Content-Length: 234624

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 115ms
115ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:47:01 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 206
Partial Content news2.ts Show response
h.vdo.ai/videos/categories/ 276 KB
276 KB 211ms
211ms XHR
video/mp2t 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash: b136b2b6492c306d3a0ec75d1f65f5e25571a3b2dcaf024d92e1a5b4d6e6a3d8

Request headers

Referer: https://subject.com.ua/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=4584756-4867131

Response headers

Date: Sat, 20 Mar 2021 18:47:03 GMT
Last-Modified: Tue, 04 Aug 2020 05:56:04 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "5f28f874-99a964c"
Content-Type: video/mp2t
Content-Range: bytes 4584756-4867131/161125964
Connection: keep-alive
Content-Length: 282376

OPTIONS
H/1.1 204
No Content news2.ts
h.vdo.ai/videos/categories/ Frame 0
0 115ms
114ms Preflight
text/plain 142.44.213.167
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/videos/categories/news2.ts
Protocol: HTTP/1.1
Server: 142.44.213.167 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns554459.ip-142-44-213.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://subject.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Sat, 20 Mar 2021 18:47:03 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEItfz3NL9RDVBQ4qAHsaUak&google_cver=1&google_push=AQvitUKqQvqCIjsBbqqD8JwCMkQD8GzGgWJyj7HDuEZbwQbRhm8BPm5a-0j4fp1v2dSyc4icFv6u_7AcTNm0W_1BLaXh7D1pTV4

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESECOYUI6aSK4IhiVj1qVbfDI&google_cver=1&google_push=AQvitUK0gfsKe-WONEcn9DjlXvL6r5RAsmSsklM4w77ji6Ri2kMA5_33V4h7vluK7ryTVwukPXrlcAQ6WDCOP5BtrKo1c-QI5kw

Verdicts & Comments Add Verdict or Comment

184 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pubmatic.com/	1970-01-19 19:07:22	Name: KRTBCOOKIE_218 Value: 22978-YFZDDAAAAGDucSzr&KRTB&23194-YFZDDAAAAGDucSzr&KRTB&23209-YFZDDAAAAGDucSzr&KRTB&23244-YFZDDAAAAGDucSzr
.pubmatic.com/	1970-01-19 17:40:58	Name: SPugT Value: 1616266001
.pubmatic.com/	1970-01-19 19:07:22	Name: PUBMDCID Value: 3
.pubmatic.com/	1970-01-19 17:40:58	Name: PugT Value: 1616266004
.pubmatic.com/	1970-01-19 21:16:58	Name: KRTBCOOKIE_188 Value: 3189-f002fe4a-1ea7-44f4-887f-aab309a2898a-60564310-4348
.doubleclick.net/	1970-01-19 16:57:46	Name: test_cookie Value: CheckForPermission

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.admixer.net/scripts3/eea2a65c501c927510a8.b.js(Line 1) Message: Chrome
console-api	log	URL: https://cdn.admixer.net/scripts3/eea2a65c501c927510a8.b.js(Line 1) Message: Mraid Ready false
console-api	warning	URL: https://a.vdo.ai/core/dependencies_banner/vdo.banner.min.js(Line 4) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	warning	URL: https://a.vdo.ai/core/assets/rtb.js(Line 4) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.5.1.js(Line 32) Message: a: 0.001220703125 ms

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3c31f7074d0e5a1cd2b06691267338c8.safeframe.googlesyndication.com
a.c.appier.net
a.rfihub.com
a.vdo.ai
a4p.adpartner.pro
ad.doubleclick.net
ad.turn.com
ade.googlesyndication.com
ads.pubmatic.com
adservice.google.ch
adservice.google.com
adservice.google.de
analytics.vdo.ai
aud.pubmatic.com
b1sync.zemanta.com
b53.s407.meetrics.net
bh.contextweb.com
c.amazon-adsystem.com
c.eu1.dyntrk.com
c1.adform.net
cc.adingo.jp
cdn.admixer.net
cdn.jsdelivr.net
clients1.google.com
cm.g.doubleclick.net
cm.mgid.com
cmp.optad360.io
cms.quantserve.com
cs.chocolateplatform.com
cs.media.net
cse.google.com
d5p.de17a.com
darcs.meinungsplatz.ch
dis.criteo.com
dm.hybrid.ai
dsp-trk.eskimi.com
dsp.adfarm1.adition.com
dsp.nrich.ai
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
get.optad360.io
google-sync.rutarget.ru
google.ops.beeline.ru
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
h.vdo.ai
hbopenbid.pubmatic.com
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
inv-nets.admixer.net
m.exactag.com
m.trafmag.com
match.360yield.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
mwzeom.zeotap.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-sync.sitescout.com
pixel.adsafeprotected.com
pixel.advertising.com
pixel.everesttech.net
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pubmatic-match.dotomi.com
px.adhigh.net
px.ads.linkedin.com
r2---sn-4g5e6nle.c.2mdn.net
recreativ.ru
rtb-csync.smartadserver.com
rtb.openx.net
s.ad.smaato.net
s.uuidksinc.net
s0.2mdn.net
s407.mxcdn.net
securepubads.g.doubleclick.net
serving.stat-rock.com
simage2.pubmatic.com
simage4.pubmatic.com
ssp.adriver.ru
ssum-sec.casalemedia.com
stat.optad360.mgr.consensu.org
static.adsafeprotected.com
stats.g.doubleclick.net
subject.com.ua
sync-tm.everesttech.net
sync.1rx.io
sync.bumlam.com
sync.go.sonobi.com
sync.mathtag.com
sync.targeting.unrulymedia.com
sync3.sniperlog.ru
t.trafmag.com
targeting.vdo.ai
tg.socdm.com
tpc.googlesyndication.com
tr.blismedia.com
track.vdo.ai
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
visitor.fiftyt.com
www.google-analytics.com
www.google.com
www.google.de
www.googleapis.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.subject.com.ua
x.bidswitch.net
google2waycm.netmng.com
104.19.135.78
104.75.88.140
104.75.88.214
104.75.89.8
104.76.200.23
124.146.215.42
13.226.158.204
13.226.159.49
136.243.5.16
136.243.84.75
142.250.185.130
142.250.185.198
142.250.186.162
142.250.74.194
142.44.213.167
144.217.66.206
144.76.128.227
146.0.227.110
151.101.114.49
159.253.128.188
159.65.197.210
172.105.203.31
172.217.18.98
178.162.133.149
178.250.0.163
18.179.240.58
18.196.233.38
18.197.99.6
185.29.132.68
185.33.221.50
185.64.189.112
185.64.189.114
185.64.189.249
185.64.190.78
185.64.190.80
185.86.137.110
193.0.160.128
193.200.65.5
193.200.65.6
193.232.148.144
198.148.27.140
2001:678:cb4:bbbb::11
213.155.156.167
213.19.147.151
213.202.235.8
2600:9000:206f:b200:11:a4de:2580:93a1
2600:9000:2182:3600:6:b871:4f00:93a1
2606:4700:10::6816:1957
2606:4700:3033::6815:2384
2606:4700:3033::ac43:de92
2620:116:800d:21:5a23:9c4e:e774:96c1
2620:119:50e3:101::6cae:b45
2a00:1288:110:c305::8000
2a00:1450:4001:50::8
2a00:1450:4001:801::2006
2a00:1450:4001:801::200a
2a00:1450:4001:801::200e
2a00:1450:4001:802::200a
2a00:1450:4001:803::2002
2a00:1450:4001:808::2001
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2003
2a00:1450:4001:810::2004
2a00:1450:4001:811::2003
2a00:1450:4001:812::2002
2a00:1450:4001:813::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::2008
2a00:1450:4001:827::200e
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2008
2a00:1450:4001:82b::200e
2a00:1450:400c:c0c::9c
2a02:fa8:8806:13::1400
2a03:90c0:41:2801::254
2a04:4e42:1b::621
3.124.88.100
3.126.56.137
3.127.88.255
31.131.26.2
31.172.81.172
31.220.27.134
34.120.139.69
34.196.174.57
34.206.10.182
34.241.165.231
34.246.227.69
34.247.220.143
34.96.105.8
35.157.13.31
35.186.253.211
35.201.96.126
37.157.4.28
37.18.16.22
37.9.245.57
51.178.20.139
51.255.68.171
51.79.79.82
52.58.236.252
54.194.129.87
54.216.123.169
66.155.71.149
69.173.144.165
70.42.32.63
77.243.60.138
78.40.88.153
80.64.106.148
81.222.128.214
85.114.159.118
91.134.109.141
0054cc67fc45bc1a30ce0969a266de7a890934a36ef74ba4df6f43098faad292
016cd72619d63390f994aa5f8680bc629c070092b2cdfc2d02c6cf4a1225030b
023a0d7601633df31d5959541bdcab2280917459fb130f1f0bf7246eecb96f36
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
080c618e121a4005b2e1c1cb9171d9c3855f5e57638110c7cbc2adb2f124e7a6
0965d7aef99ff8aa80d1b807e0065dfc11611347233cc4e9343a62511785a1dd
0aabe6dd8a616b341370083a0b80966f424e375960eb4db2992f53454a2d00a5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d3d3d99ec2d1da823e792b3024b24ae723c89a29d46d9cffe4b1d4ba935c0da
0d743e7b1b7e01734d567884b48a0c872059e9f04e95b4acb0d4515c66fc6e10
0dc4093b6b9286ebfc6c728ddd3a70812a726d79d6f41d60a506fd5b93c4929c
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
0fd77125e5ce9384877a2aeea1419b5c3aa2fcad3fd02a42a484caad21ad3302
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
134bdfef6b19c84bcb7dfc55f32065853ffdf1b05a8661caf172e56edacd427f
135a22903d9e8a464b1787c54af4d4fe5d8710466373cf6537ea667e3e17fa7b
166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb
19ff70e284646d02fc1e21d6fc9f1bb2586cf2153807480af67b46b389c76ed6
1bbca8adf1df24f3ec82e294731277b9793101f885bc24f4f07cb579aca84b0d
1df95b226ba28a770a8d3aae9105878511a0b8eb6cdc9a4d15d4d89d26ffda0b
236888a9bde0a1cabbd288498b6ba4fb3f4ec7119d2d06666a5a48a82f51f042
2405bd02584cae91a0a4c434fec3e72f392d07e1bedc993c3b16baa7800bbdfd
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf
2750df65bf5381092d06c12e61d2518d82fd2602c38039d609b0c4b662701344
27b6996a0f7ea420886fcb7b079d023a65391f41b283c92c38b60e8a157d6559
2b7a0a870c967d7980a866cfb1f373e2f8dfd297222d5c8142568ee6b716a615
2c3a1ad02c150bb54808fb2aa986e8b0131d822699d774d2b8b91616810b5343
2d90de0e8f11d3ec61272a2fb03a6a1bacf697e7b52beab1dfadfb20a9ce5e6c
2e479f2480894f8cc08fda446bba038147f43a4c6f6a0873934acefd1cda944a
2e6234f8c13a0fa6e3473b05ee9e5160387cfb76147ac3a73835f07eba430353
2e6ff9954394ade84d269e2e8c19055946008465a6061cb78f59670af72f52bb
329059d559fdef07b7854e9550433cf721a2301c3279b96d5c04f32477fbb63b
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
3466b7656d00411e08dd5ecac2648710967dd6cd41bd84fc07181cbadfb05d45
3776be5a1848c9c4bebc3684fd7a0ff143a2161993bab39ad9619c6357d2a8ec
38354e6a0119fe113356e1506a115ca148a6b9ea22cf88136baa9167d6fde794
3a44212e58f8f04f0081cac0f0969f04b90cc940defebbdcee923ab2c1df9db9
3b6ecc70cacc511cdf32ff19c35824158bd028ebb573f24b1150092149a37d31
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
4282f57042bc131dda57b156d4619530bb6ec2fb5f94b07f000afb9aa83faa18
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
47e90c0892a9e6a0c54e04f305932f808781214071fef9a3332e606d827388ba
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
496708a0acd5edcc896114b89bb8334e0712289af5e27cef897603e3284b7dab
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4a4d51fb05b2ac6e1b6b6c0175939bb398e797fd3ef8b03e89d387c2144b5c9e
4ab8d4672e4e6dddaffe2961db019619fddee5fdad48793107e3ef3065239f68
4bc3a51dd74e029ae2a82fc6d8bf27a5313c78f06fa0a132ac1148025ef8808c
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
4ca8ee087d2ab929975531c89f721db12ccf2de9f3184174ae9cc80e046c026d
4cbe6d9e5212ea12e189a83eefcd3d81fb9d1d05cff7dfce48daa6c205f8da1b
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51fd4444961573073fb7c9da334a434fe518749ee27dedbc2ff03428815a1a39
5305655b98adf89485d9ca7c37e2b31bbd9b1680d07043fe5f3e951d254046af
53fc4c50b44a3973352290acaf5a3422fcc237afd5944647abd0045c9c09e333
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
559004a545a13667b7f7b0abdec7892df86ae2d2b36536c76ca37cbbf1b5bccc
55f6414bf1547a0f0dad79379d601b3d9ee1293175989925e95e054af758d1c7
570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
57d4944ce0cbe8e3daba4cb5fcd014b2bf5d4e1d06a2bc6c24bab30eabf3109e
594ca5002b9cdd63b301365c4dd76f3a08e23049f6aee1f62258d20da8ef1345
5f84ea91c7008513372b2254dbf9434ae540b8adfbbb3d8a420e1e706575d008
5fbf8cf2a318a00d46a30d0710a91a04a310be1e1a0a39fe4b5b67b0370a6fed
64e516f842387337ac6c58f691ded6f8037e5d001d9e68a32b4451bb8daf4747
659aba74af795768d9d8d2ed688e49cd5f47d9425d5a1630329a845759b4591d
67440165117fc1b73b075785edd169990c4dba58d0bb48f29cb4f189b732a264
69b05de5271b36d3c033cafb3e5c6ed972d9cb83f2da078797f09e30c130d762
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
70d82c6075989e0082b4917c6685f5f6bec1e673d0a80160eac61b3f1cdcb1a1
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
743e9a0578a121c6fa639a110860ff79f812e238c55e81371bb7d276d72c3f92
75ace966726add1583567ab2520409b8f0518c16bda739e5e736450a02c1458d
75e948b29f67bbe975ea4b721535792a8f164739045681f24d0c53f941e0eda9
76de05ef38c3493027e88617f808b48e1683e54a4e2989862d1afc85933f01eb
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
79079035ef85018e365005353caff57c4797c437cb07f6460e77bf6477cd3805
7a94f90d68ffa240fad7c8b4e0dc96cca88ec2202f9a17ba4b1dc0e693a4bc5c
7b4e529d575bd0cb94aba0e5e9cd9cffe066712e998ca3c01e87efce827ed749
7be8857ba72af31f2fdaf03eafad7d8b209b6efa9348c4afc875b2b740f048a0
7cdfd59d0748ea8674458b0c70ac670b5f5f973ddb26b37b2f99b64ddb7a2a06
7f0aa0f36d325ab6ac0af838521a36e663575298e0780f6a3aad348921aa876c
802409adf2716d0893e132ff729ee8d3d34f4a75750b353f9961f0e3970ed91d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
839b41dd475d143b31c479aa6e666b8deb648b293ee93e67071222960f2b75cc
844d7dd2580c6b39f0bb1593a46fad4479de1d5136aec2e12ddebbab6108d8bd
849218b5e3074469cfb7a5af5e80ec8916f16ab5b83448df8b348e102ca8ca70
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
854ff9bb733361322ca75f1e26337f75db2a1939c51801bad2c9decc923a5741
858361d285ad5b0369469afc26ff28e975019a3b3a25ad4748e95178eae88192
8632ce1c45c1ee5126fec64b39b9eef9e1d3ae32e32dd472dd3237423c055da6
86cef609c85d2c2ce6a507af54e77a9c150e2fa408043e1454082614c4b0ce2b
89fc141c1ed8430d8a7706cca30acf437b0afc1650ce6d5a9211c9f0233e28c9
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8c43e361b3e1faa2f15f8688b600818012a79cc467700987e7dd8b6e6dbd7ab3
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d9d61ac4c116c6819ea28b6be113a17225f1b734536bb5a7058df2485a732ea
8fa5e6babaad1c27ca828b66bbeb735590e7b698d301ae97ebf631e436c55814
90225c8456a96a73e431ece4e40bbb502906967cae661b706a3831130b64f960
90ac48aaad0a073eb0280633dbff6f92f19d2546de635addc92857114095b550
91d44eed98b93fe4029788a3383dd43a6cb96a9dacee877d88203cb192335144
93535a0c2d051421743f4592adb85b6b0ed3174145e757e78529e5615a596a6e
93b476b61ed9b0b866913cccd04be15062df0b9d442121eae7d953899ef3f1ce
941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c
953051838ea784f9b0b5200190569adaf51ad084828043a8fc269f52c6427edd
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9adf28f17b88f7835611736a9461d0452433a4e12f3ebaafae1689394aeb8d7b
9c727a31d76ac2a75e9e5147f4e2159ccb46dd5091d7ed3edcd178cd800ba6ba
9ee015875311c68a694d9110662117b652475fb8926a10ba6526cbfcdf253a53
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
a3301c45d325907f095fff7ebefc2630b347e2c272a730d06660e957f52dc0c6
a39884ea8e2e99e91589b75d029156840165456d16ee4b39144722c16d53f51e
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a57b06f182e42103335b3ca74fdb6133fb9140935a3bf432fa833ae1ebec3a01
a58d4b9efe9392e21622aac0f89ac0a68bd6a6515711154e6ca17ec3ee0d7e20
a5eee3bc786c48e46f522801a6c5d1a38334cdd2b9b210e131187812b7d262dd
a7aae9294071d9da0ab02dde685259d7e8c92002862da4c8882891f62e50b944
a82b63fca6443d8c105456ced4033c00507d073eca0c4eeeb8239519edd0b6fb
a9c59945c470e1fabdd79c4f07d0d22527869fb4eca62b78ad95b30e19ac9626
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aae79d8532095eb287564ce736a57beae32e2753469ebfc72f433919eeb73d5b
acb8d9c7e9ffc6b6873755e1a15d74e39339218515d82dbda78d252a1c7f0f55
ae5aebdb7092ff22db07635c693455667180828907ab6325e27d179171307a9f
ae9ae3dfd2efbb210fb9ebb54bcafead289c060ed4d30fb85b1a81276ce5733e
afa1b770c54cf834507e362b2162b004fe61c4a03e740252972d685796c600b1
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b043c25610227fed20ef0056a9e4330edc9a20029877f8e2d63992383778c75f
b0cd5050c5cb6bbc24cd6ed1fbc6af294c7739b6865104daeba3c243ef65825b
b136b2b6492c306d3a0ec75d1f65f5e25571a3b2dcaf024d92e1a5b4d6e6a3d8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bbc1b2ca55b6ac7ae967c69d5d22314d70344fdbfc230d54c5eb6b54b98a84a9
bd7e28880598818b5cd041f55d88a357a983a8973a99e4248eab6d92faa61ab8
bdfe3ac0041f79d8df7f6b398345449b734829f9c198bb922fd4a71a191c1049
bf8301e988927102eeba4d9c528a1694a63aa86785f7e2f60abd07dfe48f5c11
c01437949da02915692d17331466619554fc86c2944a6c8b391775e04037e301
c0d2bb46c68e084f258f3728375c0351cb47075647142ba7df6f0059ae0b2581
c3b9597a90a43830b2a92897a5ef015ce5310e7f32dbb5cd1db2c807c5e6b036
c44ef8885a1386dad99986e4de63457883d50b1a966d27b502f37d691d7bd770
c984ccae94d0490c76f10c2ad47e3d3a3ea88c11f775f149def9bae0db94bcb0
ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c
cbbda5fac6618da4be9f03098dc394e81f435c51622e306605849c2ac2942fd3
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d288f94c0356f27b754ec69817e8578ea0bc9491cc9456331cc9c6de9640130b
d344632c01d1ca55dc380216de660c9b8a5a3174e7d7afa6784aff50c945e1cc
d417a744e6a944755dc8458b6592c542e2408ab6d847338a6cc2c731d4b36476
d46cd86cfae31b51738ec9d05802c8948f23605f132695133245ea303ee0e104
d55f81e52c653aaafd762224540775c8b75a83896c37566c1e0a09236552e5bb
d5e97065cb8923a04ddee6e762bdcc2da292de8869ea8ce44ae7cb86853b4ab9
d7993ba8863b6e76a839d2c4ddccee842c4572f9ccd796698708924652630d6d
d8b8965acadb680b3563e6fb9fe12e1ab9089c4dadf90eb46b37d2af6efa747c
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
da7ce664f02a483d72bd4163d6347de279cd8d3be6a3bd4ed57cc8c5bef50710
da9da6cc08f4fae96cb11b10e093fc4d19f871c3d4b46a2a48ee7f26637b92e5
dacb8aa2d55232ccc0cbd513672502af5b7dad9c35a32e105b9a3440d04e9023
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
deeaa5f7cafb34386be26eef92e5763942c48137af71c3841f0702e892ae70fd
e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b
e3638677493e2f8cfeb76d8093d78a4b743bd37ffbc9bed6be086829f65b5d8b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48477bb9b7edfe30d7016ff0ccfb7c21573d1559b1719b10341819273f7ad8b
e50b4bb1c8f28f2921f6ae06a9023339b268a936a55f6f27310e826d24361f50
e6bbcc62f3b6a3ada1215006f0f6c04dbcc035efe815caf60e6a26eafc335b7f
e6e58dd3cf161523cb31413f954117c2989c2c8fdc745679a99542d3835d501d
e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e
e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee
e9caa7e830398c214d058b03f4ab2ee8e869968aec207eaf330165cf1a4db222
eb9895bb7479d7bd4058bfd781fbf1d27d768a4cba2fbfa0be881b9a78c423d4
ec0c5f7a8de37a02414756f98e8e57a5b396961226b912f832c1c2b1590fb73b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1ae0255028c4d4b7e0584498f099d5f100227f57ee74f185a41ca011cbdbb51
f1ff28e985786835c73f72fefd321f105c36ec40ba66efb45a2f50ee83a31855
f40088a91901fdc90f9c695cb2049beb1a76d67c39e225ab20209a4bbc6ab1bd
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f7068641b393a9908d2e1083fc049f195bf15b64e53bb0c38a12d94755cd9218
f7e7c5651b7daf1f470d93b444c108577c992a55b12cf9b6c2b39e1aca6020f3
fd3cb11771177acf987bcc199bb392d7672aa8deeb11d6fcbfab9dbf61042798

subject.com.ua Open in urlscan Pro 31.131.26.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

507 Requests

98 %HTTPS

33 %IPv6

84 Domains

122 Subdomains

79 IPs

14 Countries

11208 kBTransfer

18553 kBSize

6 Cookies

11 Outgoing links

Page URL History

Redirected requests

507 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

subject.com.ua Open in urlscan Pro
31.131.26.2 Public Scan

Screenshot
Live screenshot

Full Image

507
Requests

98 %
HTTPS

33 %
IPv6

84
Domains

122
Subdomains

79
IPs

14
Countries

11208 kB
Transfer

18553 kB
Size

6
Cookies

507 HTTP transactions
9 data transactions