znaj.ua Open in urlscan Pro
2606:4700:20::681a:2a Public Scan

URL: https://invite.viber.com/?g2=AQBHp854yy0BjknLCovlazGCqvAmipQtzJqWDxlaZXNq4%2FMp3TOY868DzX9xyWLg

URL: https://flipboard.com/@ZnajUA?from=share

URL: https://www.pinterest.com/znajznaj/

URL: https://war.znaj.ua/
Title: Війна

URL: https://grosi.znaj.ua/
Title: Гроші

URL: https://life.znaj.ua/
Title: Життя

URL: https://kyiv.znaj.ua/
Title: Київ

URL: https://www.youtube.com/channel/UCwgXH0dz8d8SiYeMLg9WtIw?sub_confirmation=1
Title: Анекдоти

URL: https://war.znaj.ua/435712-rosiyski-okupanti-gotuyut-masovaniy-raketniy-udar-mihaylo-podolyak-poperediv-ukrajinciv-pro-nebezpechni-dni
Title: Російські окупанти готують масований ракетний удар: Михайло Подоляк попередив українців про небезпечні дні

URL: https://sport.znaj.ua/435685-tonya-matviyenko-cherez-arsena-mirzoyana-navazhilas-na-vidchaydushniy-krok-shchob-rozpovisti-pro-pochuttya-dushevno-vidkrito-shchiro
Title: 20:55 вчора, 20:55 Тоня Матвієнко через Арсена Мірзояна наважилась на відчайдушний крок, щоб розповісти про почуття: "Душевно, відкрито, щиро"

URL: https://war.znaj.ua/435715-u-minoboroni-rf-perestaralisya-iz-zaboronenimi-rechovinami-i-gordo-zayavili-pro-likvidaciyu-ukrajinskogo-suputnika-iceye
Title: 18:05 вчора, 18:05 У Міноборони рф перестаралися із забороненими речовинами і гордо заявили про ліквідацію українського супутника ICEYE

URL: https://war.znaj.ua/435678-zsu-otrimayut-vid-ssha-novi-plyushki-zdatni-perelamati-hid-viyni
Title: 17:05 вчора, 17:05 ЗСУ отримають від США нові "плюшки", здатні переламати хід війни

URL: https://war.znaj.ua/435677-nato-mozhe-vidpraviti-viyska-do-ukrajini-ekspert-ozvuchiv-umovi
Title: 16:05 вчора, 16:05 НАТО може відправити війська до України: експерт озвучив умови

URL: https://life.znaj.ua/435672-predstoyatel-upc-rozpoviv-yak-mozhna-otrimati-bozhestvennu-blagodat
Title: 20 серпня 2022, 23:00 Предстоятель УПЦ розповів, як можна отримати божественну благодать 20 серпня 2022, 23:00

URL: https://life.znaj.ua/435600-bilshe-bavovni-u-rosiyu-palatniy-zaproponuvav-kroki-dlya-reanimaciji-ukrajinskogo-vpk
Title: "Більше "бавовни" у Росію". Палатний запропонував кроки для реанімації українського ВПК 19 серпня 2022, 23:30

URL: https://life.znaj.ua/435598-taras-chornovil-rozpoviv-u-chomu-riznicya-mizh-prezidentstvom-yushchenka-i-yanukovicha
Title: Тарас Чорновіл розповів, у чому різниця між президентством Ющенка і Януковича 19 серпня 2022, 22:30

URL: https://life.znaj.ua/435579-oleg-popenko-rozpoviv-yak-pidgotuvatisya-do-opalyuvalnogo-sezonu-u-skladnih-umovah
Title: Олег Попенко розповів, як підготуватися до опалювального сезону у складних умовах 19 серпня 2022, 22:00

URL: https://life.znaj.ua/435572-sergiy-ekshiyan-rozpoviv-yak-ukrajinci-mozhut-dopomogti-malozabezpechenim-lyudyam
Title: Сергій Екшиян розповів, як українці можуть допомогти малозабезпеченим людям 19 серпня 2022, 22:00

URL: https://life.znaj.ua/435571-vadim-gerasimovich-rozpoviv-shcho-proces-rozpadu-rosiji-vzhe-rozpochavsya
Title: Вадим Герасимович розповів, що процес розпаду росії вже розпочався 19 серпня 2022, 17:30

URL: https://breaking.znaj.ua/
Title: Важливе

URL: https://breaking.znaj.ua/433309-sudna-kolona-z-yadernimi-boyegolovkami-projihala-po-vsiy-velikobritaniji-druzi-ukrajini-pokazali-putinu-svoji-gorishki
Title: 27 липня 2022, 15:50 "Судна колона" з ядерними боєголовками проїхала по всій Великобританії: друзі України показали путіну свої "горішки" 27 липня 2022, 15:50

URL: https://breaking.znaj.ua/410757-astrolog-vlad-ross-zayaviv-shcho-nazarbayev-maye-vsi-shansi-piti-z-zhittya
Title: Астролог Влад Росс заявив, що Назарбаєв має всі шанси піти з життя 7 грудня 2021, 16:17

URL: https://breaking.znaj.ua/410763-monastirskiy-vodiy-vantazhivki-porushiv-pravil-dorozhnogo-ruhu-shcho-prizvelo-do-smertelnoji-avariji-pid-chernigivom
Title: Монастирський: Водій вантажівки порушив правил дорожнього руху, що призвело до смертельної аварії під Чернігівом 7 грудня 2021, 15:59

URL: https://breaking.znaj.ua/410577-pristrit-ce-vpliv-na-lyudinu-i-na-jiji-dva-nizhni-centri-tarolog-anastasiya-kazachok
Title: Пристріт – це вплив на людину і на її два нижні центри, - таролог Анастасія Казачок 6 грудня 2021, 14:17

URL: https://breaking.znaj.ua/410311-viluchili-ponad-10-kg-duri-na-poltavshchini-vikrili-bandu-narkodileriv
Title: Вилучили понад 10 кг "дурі": на Полтавщині викрили банду наркодилерів 3 грудня 2021, 16:41

URL: https://breaking.znaj.ua/410260-4-grudnya-bude-sonyachne-zatemnennya-u-znaku-zodiaku-strilec-numerolog-nonna-musalyan
Title: 4 грудня буде сонячне затемнення у знаку зодіаку Стрілець, - нумеролог Нонна Мусалян 3 грудня 2021, 14:07

URL: https://kyiv.znaj.ua/435642-kuryatina-pid-zagrozoyu-deficitu-virobnictvo-suttyevo-znizilosya
Title: вчора, 12:05 Курятина під загрозою дефіциту? Виробництво суттєво знизилося вчора, 12:05

URL: https://kyiv.znaj.ua/435649-ukrajinci-mozhut-zmenshiti-sumi-u-svojih-kvitanciyah-za-gaz-shcho-dlya-cogo-potribno-zrobiti
Title: Українці можуть зменшити суми у своїх квитанціях за газ: що для цього потрібно зробити вчора, 07:45

URL: https://kyiv.znaj.ua/435651-nataliya-klichko-natyaknula-shcho-rozproshchatisya-z-kolishnim-cholovikom-bude-ne-tak-vzhe-y-legko-shukaye-v-sobi-smilivist
Title: Наталія Кличко натякнула, що розпрощатися з колишнім чоловіком буде не так вже й легко: "шукає" в собі сміливість вчора, 06:50

URL: https://kyiv.znaj.ua/435466-zirka-ligi-smihu-mark-kucevalov-ziznavsya-pro-narodzhennya-yake-nihto-ne-pidozryuvav-na-golovu-vpalo
Title: Зірка "Ліги сміху" Марк Куцевалов зізнався про народження, яке ніхто не підозрював: "На голову впало" вчора, 06:05

URL: https://kyiv.znaj.ua/435464-blogerka-sasha-bo-oficiyno-pidtverdila-stosunki-razom-z-boyfrendom-podala-zayavu-do-racsu
Title: Блогерка Саша Бо офіційно підтвердила стосунки: разом з бойфрендом подала заяву до РАЦСУ 20 серпня 2022, 23:05

URL: https://kyiv.znaj.ua/435502-vadim-oliynik-virvavsya-na-vidpochinok-i-pohvalivsya-divovizhnimi-peyzazhami-vpershe-bachu-more
Title: Вадим Олійник вирвався на відпочинок і похвалився дивовижними пейзажами: "Вперше бачу море" 20 серпня 2022, 21:50

URL: https://sport.znaj.ua/435636-mayk-tayson-v-invalidnomu-vizku-pidsiv-na-zaboroneni-rechovini-120-tonn-marihuani-na-rik-ta-problemi-zi-zdorov-yam
Title: Майк Тайсон в інвалідному візку підсів на заборонені речовини: 120 тонн марихуани на рік та проблеми зі здоров'ям вчора, 12:35

URL: https://sport.znaj.ua/435695-oleksandr-usik-zahistiv-absolyutniy-status-chempiona-znishchivshi-entoni-dzhoshua-poperedu-tayson-f-yuri
Title: Олександр Усик переміг Ентоні Джошуа, захистивши абсолютний статус чемпіона: попереду Тайсон Ф'юрі вчора, 02:07

URL: https://sport.znaj.ua/435448-zirka-tancyuyut-vsi-ta-podruga-vlada-yami-tetyana-denisova-obrala-rosiyu-ta-viletila-iz-spiskiv-virizali-skriz
Title: Зірка "Танцюють всі" та подруга Влада Ями Тетьяна Денисова обрала росію та вилетіла із списків: "Вирізали скрізь" 20 серпня 2022, 20:55

URL: https://sport.znaj.ua/435395-kseniya-mishina-z-holostyachki-ziznalas-shcho-gotova-vsinoviti-ditinu-navit-pogovorila-pro-ce-z-platonom
Title: Ксенія Мішина з "Холостячки" зізналась, що готова всиновити дитину: "Навіть поговорила про це з Платоном" 20 серпня 2022, 20:25

URL: https://sport.znaj.ua/435608-dashu-kvitkovu-z-holostyaka-yaka-vidpochivaye-v-turechchini-chekaye-vazhliva-operaciya-v-ukrajini-vzhe-za-dekilka-tizhniv
Title: Дашу Квіткову з "Холостяка", яка відпочиває в Туреччині, чекає важлива операція в Україні — вже за декілька тижнів 20 серпня 2022, 19:05

URL: https://sport.znaj.ua/
Title: Показати більше

URL: https://sport.znaj.ua/429948-uchasniki-gurtu-spiv-brativ-zayavili-shcho-viyna-zirvala-maski-z-rosiyan
Title: Учасники гурту «Спів Братів» заявили, що війна зірвала маски з росіян 21 червня 2022, 16:45

URL: https://sport.znaj.ua/407074-dumayut-shcho-vona-20-tirichna-studentka-babusya-zdivuvala-internet-svoyeyu-zovnishnistyu-i-formoyu
Title: Думають, що вона - 20-тирічна студентка: бабуся здивувала Інтернет своєю зовнішністю і формою 10 листопада 2021, 05:00

URL: https://sport.znaj.ua/407087-vidtvorennya-smerti-merlin-monro-legendarna-madonna-v-zuhvalomu-vbranni-oskandalilasya-na-ves-svit
Title: "Відтворення смерті Мерлін Монро": легендарна Мадонна в зухвалому вбранні оскандалилася на весь світ 9 листопада 2021, 23:00

URL: https://sport.znaj.ua/406576-jiji-umbrella-vipala-legendarna-spivachka-rihanna-u-vidvertomu-vbranni-vivalila-svoji-prinadi
Title: Її "Umbrella" випала: легендарна співачка Rihanna у відвертому вбранні вивалила свої "принади" 5 листопада 2021, 15:40

URL: https://sport.znaj.ua/407083-absolyutna-ikona-ogolena-superzirka-britni-spirs-zasvitila-svoji-yamki
Title: "Абсолютна ікона": оголена суперзірка Брітні Спірс засвітила свої "ямки" 10 листопада 2021, 02:00

URL: https://news.google.com/publications/CAAqJAgKIh5DQklTRUFnTWFnd0tDbnB1WVdvdWRXRXZjblVvQUFQAQ?hl=ru&gl=RU&ceid=RU%3Aru

URL: https://apps.apple.com/ua/app/znaj-ua/id1473938906?l=uk

URL: https://play.google.com/store/apps/details?id=com.znaj.znaj&hl=uk

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://znaj.ua/ HTTP 307
https://znaj.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 81

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB1kFQ5BCjjdyB6etMRNFpM&google_cver=1

Request Chain 82

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YwLrJNZi5FQ1zaBIwhs2mwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKJTp8R9cmYE7czJKTY4kEw&google_cver=1

Request Chain 83

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOS-_FMwzdTeygUBqaer8Iw&google_cver=1

Request Chain 84

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjgyNzgwMjA1NjE2NjEwOTEwMw%3D%3D

Request Chain 85

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB1kFQ5BCjjdyB6etMRNFpM&google_cver=1

Request Chain 86

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YwLrJDtuUFlOXibAFIzsjQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKJTp8R9cmYE7czJKTY4kEw&google_cver=1

Request Chain 87

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOS-_FMwzdTeygUBqaer8Iw&google_cver=1

Request Chain 88

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjgyNzgwMjA1NjE2NjEwOTEwMw%3D%3D

Request Chain 96

https://fw.adsafeprotected.com/rfw/www.googletagservices.com/1140803/65042364/dcm/dcmads.js?adsafe_url=https%3A%2F%2Fznaj.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fadb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fadb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:f995df1e-782f-979f-49b5-2aeb47c17789,c:lZ1hHB,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-94958994c-zrhjb,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C16*.1140803-65042364%7C161%7C162,idMap:16*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:18,oid:e83b5dc3-21c2-11ed-bc22-ca630748847d,v:19.8.343,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://www.googletagservices.com/dcm/dcmads.js

Request Chain 163

https://gum.criteo.com/sid/json?origin=publishertag&domain=znaj.ua&sn=ChromeSyncframe&so=0&topUrl=znaj.ua&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=iBPhc3xWNTlQbzhYVmJxZjNacjUvUnh6a1hkcDVQZUNBRDBnaHQzU1p1Y0ZWQmZIZ00xWTNkR2lrd1o3cWx5UjhicStuSGlxRkNhV2VIeGgxS1orbVN1akltdVk3MW5sOTVLa2p3NCtoMUs1TWlndndmaVZyZGc3UHBQS21wQk9NL3J5SVRaY1lPSWFIaHhSSEQ1cEE3YTNFNnJLL2tLb2JRcFU0NGQvUzlnOVhCQ2RvclJOSE1NdVN5RWt4OXhwM2ZNcHZOb0xpUUl5STUyb3JNbjNDV3kydk9hVEZ6aGdLaFh0cUJTNG5CeTZBVGZ3Tk56QVhCeGVVMERSRmJ1THIyS3ZoK0EwR2xrVTlMeE9sWUUyd3Z0c283UT09fA&cppv=2

Request Chain 205

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID

Request Chain 210

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D297253%26extuid%3D%24UID HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=2827802056166109103

Request Chain 214

https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D183ae50b0d9ddbbe%26uid%3D%24UID HTTP 302
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=183ae50b0d9ddbbe&uid=2827802056166109103

Request Chain 215

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_eu&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu

Request Chain 224

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3fa5-7fbf-4ec8-460b-ff099b3c5218%26reqId%3D4c5e1d18-ad8e-4e64-4dfe-ae78351325ad%26zdid%3D1361 HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3fa5-7fbf-4ec8-460b-ff099b3c5218%26reqId%3D4c5e1d18-ad8e-4e64-4dfe-ae78351325ad%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=b8fdb45a-b905-47a5-a939-db37d7be1f9a&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361

Request Chain 230

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361 HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361&s_h=1 HTTP 302
https://mwzeom.zeotap.com/mw?cid=7f35fb6f-8721-4036-b7fe-3b643022d64b&zpartnerid=317&gdpr=1&gdpr_consent=

Request Chain 231

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3fa5-7fbf-4ec8-460b-ff099b3c5218%26reqId%3D4c5e1d18-ad8e-4e64-4dfe-ae78351325ad%26zdid%3D1361 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3fa5-7fbf-4ec8-460b-ff099b3c5218%26reqId%3D4c5e1d18-ad8e-4e64-4dfe-ae78351325ad%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=60534346777315418983856663766662412598&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361

Request Chain 233

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3fa5-7fbf-4ec8-460b-ff099b3c5218%26reqId%3D4c5e1d18-ad8e-4e64-4dfe-ae78351325ad%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=7134523312449124502&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361

Request Chain 235

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3fa5-7fbf-4ec8-460b-ff099b3c5218%26reqId%3D4c5e1d18-ad8e-4e64-4dfe-ae78351325ad%26zdid%3D1361 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3fa5-7fbf-4ec8-460b-ff099b3c5218%26reqId%3D4c5e1d18-ad8e-4e64-4dfe-ae78351325ad%26zdid%3D1361&bounce=1&random=3042072155 HTTP 302
https://mwzeom.zeotap.com/mw?webouuid=3D4nXXdZtXmYeURuUssj8e&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361

Request Chain 236

https://sync.smartadserver.com/getuid?gdpr=0&gdpr_consent=&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D[sas_uid]%26zpartnerid%3D592%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3fa5-7fbf-4ec8-460b-ff099b3c5218%26reqId%3D4c5e1d18-ad8e-4e64-4dfe-ae78351325ad%26zdid%3D1361 HTTP 302
https://sync.smartadserver.com/getuid?gdpr=0&gdpr_consent=&url=https://mwzeom.zeotap.com/mw?cid=[sas_uid]&zpartnerid=592&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361&cklb=1 HTTP 302
https://mwzeom.zeotap.com/mw?cid=

Request Chain 237

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=0&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361 HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=0&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=0&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361

Request Chain 238

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
https://mwzeom.zeotap.com/mw?cid=y-o7OAr1JE2oq3wcVo.7aiAX20g8XR7M9AlQ--~A&zpartnerid=570&env=mWeb

Request Chain 239

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=GBR&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=GBR&zdid=1361&cid=2AlcFsEkph48Zu19kO054Z19%2BCFNcfZk%2BS41iYitP1U%3D

Request Chain 243

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3fa5-7fbf-4ec8-460b-ff099b3c5218%26reqId%3D4c5e1d18-ad8e-4e64-4dfe-ae78351325ad%26zdid%3D1361 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3fa5-7fbf-4ec8-460b-ff099b3c5218%26reqId%3D4c5e1d18-ad8e-4e64-4dfe-ae78351325ad%26zdid%3D1361&_test=YwLrJwABdtHNBABN HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YwLrJwABdtHNBABN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361&_test=YwLrJwABdtHNBABN

Request Chain 244

https://engine.widespace.com/map/ext/api/trackingcallback/v1?accessToken=zeotap-user-sync&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=395&ws_uid=ck.31b012ad-ca60-485e-97f2-cd7d0d890078&zdid=1361

Request Chain 245

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361

Request Chain 246

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361&dcc=t

Request Chain 247

https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361 HTTP 302
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361&dcc=t

Request Chain 249

https://obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3fa5-7fbf-4ec8-460b-ff099b3c5218%26reqId%3D4c5e1d18-ad8e-4e64-4dfe-ae78351325ad%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361

Request Chain 250

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/qBjJlh_Qm8Z3Wgbc8da2zsn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1948821359541361808

Request Chain 251

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L7459ZSY-1Y-G6MQ&sigv=1&esig=2~484ebe4d5813fa663ff3749aca1785ef214a8292

Request Chain 252

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESENq2d6PzJ__UMIWNKW1XblA&google_cver=1

Request Chain 254

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Yzc2Zjc1MjI3Mjk2ODAwNzNkNjc1ZDM0ZTZhNGE4NDUyZWQzNDQ1OQ

Request Chain 256

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L7459ZSY-1Y-G6MQ

Request Chain 257

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=ay4UNH43QsaGkrpCo_oehA&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ay4UNH43QsaGkrpCo_oehA

Request Chain 261

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwLrJDtuUFlOXibAFIzsjQAAEUwAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwLrJDtuUFlOXibAFIzsjQAAEUwAAAIB&dcc=t

Request Chain 264

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-f5a10fb8-6b5e-47d1-af50-3cb2daba4965

Request Chain 265

https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1

Request Chain 273

https://sync.console.adtarget.com.tr/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D318342%26extuid%3D%7Buid%7D HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=367b36af039ffec7

Request Chain 276

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17184-d HTTP 301
https://eus.rubiconproject.com/usync.html?p=17184-d

Request Chain 290

https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent= HTTP 302
https://dmp.adform.net/serving/cookie/match/?CC=1&party=1003&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/a?adform_uid=5636930924396806489 HTTP 302
https://a.audrte.com/p

Request Chain 291

https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=221YnHi3vr-RyiGOn3UoiGqMA&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=221YnHi3vr-RyiGOn3UoiGqMA&gdpr=0&gdpr_consent=&google_gid=CAESEIsJdqUFyY3wnchAEBrpDDc&google_cver=1 HTTP 302
https://a.audrte.com/p

289 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
znaj.ua/
Redirect Chain

http://znaj.ua/
https://znaj.ua/

301 KB
62 KB

223ms
82ms

Document
text/html

2606:4700:20::681a:2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:2a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

35a55df186e70c8ac9f1d879b89bfc766c2431dbc63a329a04dcf68e1246d1dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, private
cf-cache-status: HIT
cf-ray: 73e835367863d60c-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 22 Aug 2022 02:34:10 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Mon, 22 Aug 2022 02:20:19 GMT
link
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Jvonj3elRa7R6dSKjMg8ntYVG9THAxa8ivP0pcphADt46JC1fnXEzKhGhSXBuELxpc6%2FH%2F4WC6CuuDUrNR3BXjvmsJf3uiG1lxOnQBIj0JrJ9EotqJnT4FqjyjCfL8ZcR%2BKWMA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-cache-status: MISS
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://znaj.ua/
Non-Authoritative-Reason: HSTS

GET
H2 200 PmkRBGYq5W0IljOCksPm3wYmlPQT6r7ElZr4dCv7.jpeg
znaj.ua/crops/e3a9e5/150x100/2/0/2018/11/16/ 5 KB
6 KB 70ms
68ms Image
image/jpeg 2606:4700:20::681a:2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://znaj.ua/crops/e3a9e5/150x100/2/0/2018/11/16/PmkRBGYq5W0IljOCksPm3wYmlPQT6r7ElZr4dCv7.jpeg

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:2a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdfd943ee28dc2cc23728586a40d18cf7a2adfe1ad6773fe47997ce9ac43db87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15676
cf-polished: origSize=5527, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5403
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 16 Nov 2018 11:23:16 GMT
server: cloudflare
etag: "5beea8a4-1597"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G3fUf6WhBnp5pUttYWIFwWi%2Fj1HxPCWuvIQxkMJ53ryxtobQ%2FatJJQH2QWMcoOXKnij3au6iJJRkbnOFnUOniF1Yv0ThiWFpgNmIwJMwEB8SFonwGolAAUozdEcCdonbmE3ujjI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 73e835372890d60c-MXP
cf-bgj: imgq:100,h2pri

GET
H2 200 ukraine.png
znaj.ua/img/ 702 B
1 KB 70ms
69ms Image
image/webp 2606:4700:20::681a:2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://znaj.ua/img/ukraine.png

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:2a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be73820642834b6bb64d9a5f252aa97581c362366dc129e650d8c6f19a428979

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 926744
cf-polished: origFmt=png, origSize=992
content-disposition: inline; filename="ukraine.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 702
pragma: public
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 13 Jun 2022 21:17:50 GMT
server: cloudflare
etag: "62a7a97e-3e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2BVH7eXIXzqTsU58b0m%2FHRNup6eLdzmbsvdxlMpVvbKO5yaP6fMLoWk4Qg%2BNEI%2BaGwAhZSO2sZHN%2FwUSUH46ZEYZqleQhuKWMcmszP9686zlWEM2n4qvhRa7QNqaXSTpp%2BI94xI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
vary: Accept
cache-control: max-age=315360000, public
accept-ranges: bytes
cf-ray: 73e8353768c3d60c-MXP
cf-bgj: imgq:100,h2pri

GET
DATA 200
OK truncated
/ 125 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7822ab0c944ab5defc5a0af4abd345fde1b54118332d943da596c3d3dbeb2dfe

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 125 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3c47d0e9361abb627329fb9187d30d3647a38c2ef9908b7f2a49fc5219028937

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 app.js Show response
znaj.ua/desktop/js/ 90 KB
26 KB 75ms
74ms Script
application/javascript 2606:4700:20::681a:2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://znaj.ua/desktop/js/app.js?id=f13d9d3b121596546fe3

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:2a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d13f878522940cf9d1cdabbee896f915a0c232ee234e7617c3ac0b9e21d9b9c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 929035
cf-polished: origSize=92589
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Mon, 13 Jun 2022 21:17:50 GMT
server: cloudflare
etag: W/"62a7a97e-169ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=859mwuA4b7fYgpa5Rc3TUGp1RGqqaEgWmiyfunrs8T8B3fEzPCXbA47dwvtHag6MrdUuHM82%2FZkMVdqkzoVfWVLKqawiq3A9kIdJ2NyBoPGJ0EYDzBWj36kcIeXYz0PYIIRnToQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cf-bgj: minify
cache-control: max-age=315360000, public
cf-ray: 73e835379c5ebaff-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 client.js Show response
aixcdn.com/ 23 KB
9 KB 210ms
70ms Script
application/javascript 2606:4700:3037::6815:2baa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://aixcdn.com/client.js?166114

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:2baa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

535fe6ca04237d2379eb55688e5704ea4fdefd03eda700aee5fbd910daf1e40b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5771
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 01 Aug 2022 15:12:27 GMT
server: cloudflare
etag: W/"62e7ed5b-5a3a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U3YXpQvBAq%2BpMnfQimyi3tlnKNT6cl%2B1Vb2XLftMVZ5YElZUv3J4uRNmVuZGSsk8UZJ7HgCf32d6YnTMcAiL58vXB3aBqKD9tdDIrFmE4bUKU0YC5msK96rmBc%2B9GM2Wi464JTQGsU%2FH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 73e835387ae4ba86-MXP
expires: Mon, 22 Aug 2022 03:26:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 128ms
39ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5530
date: Mon, 22 Aug 2022 01:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 22 Aug 2022 03:02:00 GMT

GET
H2 200 client.js Show response
s.getstat.net/cdn/ 16 KB
7 KB 207ms
71ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.getstat.net/cdn/client.js

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d394c3e67c160f651dc91ed1259a2559d7e8890445b9673f92d00746b2421ddf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2650
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 20 Apr 2022 15:15:08 GMT
server: cloudflare
etag: W/"6260237c-3e9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CddGtznJpCIUw%2FbAB2AZYHgX84GIA9Km1wxe%2BRoSIeEVmE4r%2B7p7pXrTuAeizYg0xN3opbfW5Df9VIpiAl70uJRIGn6HmUR9iFikLygZfptMZxaLHU%2BazYDYuWftXW1wRCKA2JlFfbAyLu7M"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 73e835387b97ba80-MXP
cf-bgj: minify

GET
H2 200 client.js Show response
cdn.getpush.net/s/a3wlzukx2m98q0dibqkeatbvdtkkd9sy/ 58 KB
18 KB 205ms
67ms Script
application/javascript 2606:4700:3030::ac43:a0b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.getpush.net/s/a3wlzukx2m98q0dibqkeatbvdtkkd9sy/client.js
Requested by: Host: znaj.ua
URL: https://znaj.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:a0b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc99e68ac6a91cd40f81ad5efb3029ab8304cf7785ae5bec124ccf6e79dd10fb

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3999
x-cache: EXPIRED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 22 Aug 2022 00:08:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uusgzLGZuc8cmxWtfKWPEp2lHIv8nr47tNpn5HeKXCh2Z3oGQsW6uH77ygpNW%2BxesY1sighDCuHua7HuivTYja9Dqbbr%2FF3vJc%2BvuHw5rIJJSeurNG%2BGdIC9R%2BhBAOZcOm%2B3Cfam%2FrxG%2BR0y%2B%2Fs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://znaj.ua
cache-control: max-age=14400, public
cf-ray: 73e835387d7c0f86-MXP
cf-bgj: minify

GET
H3 200 OlQtZkGIMAzABbjtaqIY9B5cSR0M1auitRWvt4wE.jpg
znaj.ua/crops/12ecf3/150x100/2/0/2022/08/20/ 4 KB
4 KB 191ms
191ms Image
image/jpeg 2606:4700:20::681a:2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://znaj.ua/crops/12ecf3/150x100/2/0/2022/08/20/OlQtZkGIMAzABbjtaqIY9B5cSR0M1auitRWvt4wE.jpg

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:2a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67823c9aca3d2586004e26c442ec6e202bc0b15348fae97faee513d8e6f75af1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=3754, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3606
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Sat, 20 Aug 2022 02:16:10 GMT
server: cloudflare
etag: "630043ea-eaa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7gedQ0raiZvBqEQ%2BBi5hwRheMuYp61z6LCsSpnyvx6SRqkDITc3wUUGGAhn93HPFTr07PdYGLLScbLK38kR3340I64N3WyM2Zl%2B7gt1b%2BzgxPZFE4KUOcTIOtUCvEPucnNnLUQM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 73e835389d02baff-MXP
cf-bgj: imgq:100,h2pri

GET
H3 200 7cF8IQ8w8PInhuYTrl2Y7VbW52vvGxpKSdvWyL8Q.jpeg
znaj.ua/crops/cd698e/150x100/2/0/2020/12/28/ 5 KB
6 KB 68ms
67ms Image
image/jpeg 2606:4700:20::681a:2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://znaj.ua/crops/cd698e/150x100/2/0/2020/12/28/7cF8IQ8w8PInhuYTrl2Y7VbW52vvGxpKSdvWyL8Q.jpeg

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:2a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24074f1c503430e195621ed356e526784151a23c61ddaf632dc04d7b113ab9f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 18737
cf-polished: origSize=5159, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5040
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 28 Dec 2020 20:26:51 GMT
server: cloudflare
etag: "5fea3f8b-1427"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lIwF1QNh3nkpiuvIF86pXTTbuRmzwDtrQTUIOf3HU9mrX9ls1g16eWKxBhpQ38j1X7Z5Bp9y97RuKUZIKi1WbcCx2goyXUuKsL55X2xyLUhl6ePbjZJzfgIlSEQ0zyYQCt8MeAk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 73e835389d04baff-MXP
cf-bgj: imgq:100,h2pri

GET
H3 200 hAcGlVaNbJ5EcZ4LBylRh0ozbTh8VXbouH8B4VJL.jpg
znaj.ua/crops/70e058/150x100/2/0/2022/08/20/ 5 KB
5 KB 69ms
68ms Image
image/jpeg 2606:4700:20::681a:2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://znaj.ua/crops/70e058/150x100/2/0/2022/08/20/hAcGlVaNbJ5EcZ4LBylRh0ozbTh8VXbouH8B4VJL.jpg

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:2a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bef0a9827b8c73f1e49ff0b2309fbb890d221a511dd9c50e712eec65047b9f1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 18737
cf-polished: origSize=4845, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4723
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Sat, 20 Aug 2022 00:31:50 GMT
server: cloudflare
etag: "63002b76-12ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HYamH7flfpsIBhba7F8fRNGIQ%2B1LpHnHOt8eDd%2BjygrA1NfzEHwMjAmGZ2R6EU7U%2FJOPhvuQEItbJyLJ%2BnE2lIwPUEt2Xwz6rvTjjzoKjZnhaUVtauGP28E6NIfkyIp5Cukxjl0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 73e835389d05baff-MXP
cf-bgj: imgq:100,h2pri

GET
H3 200 KgyhZQNnvllLq8RXRajAsDjCbUdPHEEyPxdeGouh.jpeg
znaj.ua/crops/8b3e28/150x100/2/0/2020/12/07/ 6 KB
6 KB 70ms
69ms Image
image/jpeg 2606:4700:20::681a:2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://znaj.ua/crops/8b3e28/150x100/2/0/2020/12/07/KgyhZQNnvllLq8RXRajAsDjCbUdPHEEyPxdeGouh.jpeg

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:2a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c8518b2b70e6f4dd169ca3fa4355d2e96b56a8dca2cf1d85515b4b24aa8374c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 18737
cf-polished: origSize=5942, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5818
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 07 Dec 2020 16:26:18 GMT
server: cloudflare
etag: "5fce57aa-1736"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MfMDHCQKLOV9S1J4ZSGT8JPGJ0INN7f%2Bj6UWQzmZBOEL5MlOSh4uBbdsu3cK0aOddmu5b68J5l0KHCi07ayJz35imQrjjAQdYcTKuLIhiGCfDVjcPvqXIUK4AhSsFbKH7GTvmqE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 73e835389d06baff-MXP
cf-bgj: imgq:100,h2pri

GET
H3 200 0KqXhzCLMMPDdKq4yOWoMhuCMVxi1pTAN8aIE4Om.jpg
znaj.ua/crops/9166dc/150x100/2/0/2022/08/21/ 4 KB
4 KB 70ms
69ms Image
image/jpeg 2606:4700:20::681a:2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://znaj.ua/crops/9166dc/150x100/2/0/2022/08/21/0KqXhzCLMMPDdKq4yOWoMhuCMVxi1pTAN8aIE4Om.jpg

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:2a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

caea9b26ded84c057d3e7649675f9f1f964f8909447c9efd0e8711bf57af052c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 18737
cf-polished: origSize=3871, status=webp_bigger
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3685
last-modified: Sun, 21 Aug 2022 09:42:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERFYafZ4oZwFYrOomGddg%2FRgqRvkg2d7izsQ5U4%2BLoLsbtZ2xC%2B1qbF7KlgwTvV5kKAhqoiKGxQLh%2B6EV7qmpmkBQLiAMdIOXvDQFcrrp5amtZaRrjoIUaQhle%2BiA9PzZGyc9mU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=315360000, public
accept-ranges: bytes
cf-ray: 73e835389d08baff-MXP
cf-bgj: imgq:100,h2pri

GET
H3 200 ZFr7DITHmmMMjipt2XtDf9GwJQygKLvbpmwguLNl.jpg
znaj.ua/crops/7068ac/735x400/2/0/2022/08/21/ 44 KB
45 KB 129ms
129ms Image
image/jpeg 2606:4700:20::681a:2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://znaj.ua/crops/7068ac/735x400/2/0/2022/08/21/ZFr7DITHmmMMjipt2XtDf9GwJQygKLvbpmwguLNl.jpg

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:2a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bda2dd5178d091b574712b243e0061c11181b246761722a0dc09d85bd719e866

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=45450, status=webp_bigger
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45018
last-modified: Mon, 22 Aug 2022 02:08:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uKA6xun2ZzzRP11HF53IIzCj0bNjew9wVja%2BJRjU1Rwy5mPOLEDL658knxE6A21Ve6mNUhClML%2BRbptiWlgFFrOxEhGB39Dajzrp3qTTxMIKKQjM56FwqPL8w4w4AqzXdL%2F6nLg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=315360000, public
accept-ranges: bytes
cf-ray: 73e835389d09baff-MXP
cf-bgj: imgq:100,h2pri

GET
H3 200 PmkRBGYq5W0IljOCksPm3wYmlPQT6r7ElZr4dCv7.jpeg
znaj.ua/crops/1a5f7c/735x400/2/0/2018/11/16/ 55 KB
56 KB 128ms
128ms Image
image/jpeg 2606:4700:20::681a:2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://znaj.ua/crops/1a5f7c/735x400/2/0/2018/11/16/PmkRBGYq5W0IljOCksPm3wYmlPQT6r7ElZr4dCv7.jpeg

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:2a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e933e1e4e1c80ddbc84c13424f4889a56ebd8fce9bf1da50a273c5b459012d28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=57043, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 56820
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 16 Nov 2018 13:03:05 GMT
server: cloudflare
etag: "5beec009-ded3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K3prHPLfvdEPiYLMtifyYZzMMnWHONaWWoqsNE1A4Uso%2Ft6MzQpUCNmhaZoV%2BdeYNKFKlF07PA5F7mnWaEWx4EAk8QETVv8RsvBrrHDZFf1U9GX9OfzdRd3PMh1l6F3Let65v54%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 73e835389d0abaff-MXP
cf-bgj: imgq:100,h2pri

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 132ms
48ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1682423626&t=pageview&_s=1&dl=https%3A%2F%2Fznaj.ua%2F&ul=en-us&de=UTF-8&dt=%D0%A1%D0%B2%D1%96%D0%B6%D1%96%20%D1%82%D0%B0%20%D0%B0%D0%BA%D1%82%D1%83%D0%B0%D0%BB%D1%8C%D0%BD%D1%96%20%D0%BD%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%20%D0%A3%D0%BA%D1%80%D0%B0%D1%97%D0%BD%D0%B8%2C%20%D0%9A%D0%B8%D1%94%D0%B2%D0%B0%20%D1%82%D0%B0%20%D1%81%D0%B2%D1%96%D1%82%D1%83.%20Znaj.ua&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1894156888&gjid=2096038096&cid=2039435258.1661135651&tid=UA-108263001-1&_gid=949159221.1661135651&_r=1&_slc=1&z=1183889346

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://znaj.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://znaj.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pv
s.getstat.net/ 42 B
783 B 161ms
96ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.getstat.net/pv?u=https%3A%2F%2Fznaj.ua%2F&d=znaj.ua&s=&t=&l=uk&ac=&aa=&ap=&un=1&ss=&dp=1&sd=1&dt=1&o=1&b=1&p=1&r=0.3242314478194135

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2HacIWW%2BcvOtc3PEOzdcFccHG7scHvImkbbwpJE0MVWAeuhcrtKiVpGuulgnjRDzsoo52aOzJfxeoaXRhHVoRGh4K9%2FSmFZZp58BwfCPdtPvHZ9Ny822imANBjvMPwzloGJ2SxxJxl4JrCQi"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store
cf-ray: 73e835395a9b5a1f-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 42

GET
H3 200 121 Show response
aixcdn.com/p/ 141 B
722 B 134ms
68ms Script
text/javascript 2606:4700:3037::6815:2baa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://aixcdn.com/p/121

Requested by

Host: aixcdn.com
URL: https://aixcdn.com/client.js?166114

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:2baa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b5a87ef53435664c6f35b8654f39d223f0498bd55aa534b9a0d63789660cf51

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 66556
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 21 Aug 2022 07:59:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0uA1onGIRMTq1rjavZnitHBXRV9vdk47hnBCiH910E4Tq4aFSVkmQ4Y1Y90Ans9Jk5N4qPWj%2Bl4By66SEfP69%2BcP8aNaPeC4%2FdPgCoCfdezoq%2F2x3S5AmMiiu9ET4DC8q8MZJYdsVQl4"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: no-cache, private, no-store, no-cache, must-revalidate, max-age=0
cf-ray: 73e835396dbebaf9-MXP

GET
H3 200 97 Show response
aixcdn.com/p/ 23 B
640 B 132ms
67ms Script
text/javascript 2606:4700:3037::6815:2baa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://aixcdn.com/p/97

Requested by

Host: aixcdn.com
URL: https://aixcdn.com/client.js?166114

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:2baa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca5cdde752a7e0dbd7652fe7cd000eed74a0f4aa74eaecede273a8d3f60be04a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 65678
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 20 Aug 2022 10:36:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nJkJO5kehV56YTYFH%2BL6irZH3LE8MkZkFw1e2V%2BtL%2FMKEuXzPBtS33%2BhANQn4Ui7epgMAnXvkWdG0rYIKKw9wiyLiLhFs6I3d2m83aFHHfo5mFRH%2FroSPr0z0oa%2Fbm%2Bse5cZSvRZpeoV"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: no-cache, private, no-store, no-cache, must-revalidate, max-age=0
cf-ray: 73e835396dbdbaf9-MXP

GET
H3 200 194 Show response
aixcdn.com/p/ 2 KB
2 KB 131ms
66ms Script
text/javascript 2606:4700:3037::6815:2baa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://aixcdn.com/p/194

Requested by

Host: aixcdn.com
URL: https://aixcdn.com/client.js?166114

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:2baa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3bacf54b7d27b6739185e88efc6a53a890e2d6beec5fe35827ae10144e53cf71

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 65678
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 20 Aug 2022 10:36:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T5pih0VXCUawjT1%2BCTTfrUe42tJmrvP66mFA4s5FcQkHWYyJLnkF2X%2BQJE%2BIKByxc2xdIlYTD4G7nLBtua1eKGcqJQz0AUrswbi9RxA8Rc7DgNz2z%2BYMw7Ky%2FEniJGXEe6Ul87UHqdyN"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: no-cache, private, no-store, no-cache, must-revalidate, max-age=0
cf-ray: 73e835396dbcbaf9-MXP

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
439 B 106ms
35ms XHR
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-108263001-1&cid=2039435258.1661135651&jid=1894156888&gjid=2096038096&_gid=949159221.1661135651&_u=IEBAAEAAAAAAAC~&z=1090599834

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://znaj.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 22 Aug 2022 02:34:10 GMT
content-type: text/plain
access-control-allow-origin: https://znaj.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 branding Show response
a4p.adpartner.pro/ 11 KB
3 KB 187ms
59ms Script
text/html 51.83.220.94
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/branding?id=1582&0.9097617244823315
Requested by: Host: znaj.ua
URL: https://znaj.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.83.220.94 , France, ASN16276 (OVH, FR),
Reverse DNS: app-ngx-pl-03.adpartner.pro
Software: nginx /
Resource Hash: d46ceb2bde60881fb19d81ed006513a18f1fa2428fe60af86e50e308a13f298f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
cache-control: no-store no-transform
server: nginx
content-encoding: br
content-type: text/html; charset=utf-8

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 83 KB
28 KB 138ms
50ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: aixcdn.com
URL: https://aixcdn.com/client.js?166114

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e1f6b96b188120e027fc776b2e3567ecede0aa421da24a22bd1e353ce9e98d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28556
x-xss-protection: 0
server: sffe
etag: "1310 / 228 of 1000 / last-modified: 1660946906"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 22 Aug 2022 02:34:10 GMT

GET
H2 200 ym.js Show response
cdn-b.notsy.io/zna/ 352 KB
111 KB 190ms
53ms Script
application/javascript 185.180.12.68
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-b.notsy.io/zna/ym.js
Requested by: Host: aixcdn.com
URL: https://aixcdn.com/client.js?166114
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.180.12.68 Vienna, Austria, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-731.bunnyinfra.net
Software: BunnyCDN-AT-731 /
Resource Hash: 4ad283918502e1514749d37f1289a060da14583bdc80554b569da15f2ecd9ac2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
content-encoding: br
cdn-edgestorageid: 731
cdn-fileserver: 250
cdn-storageserver: DE-200
cdn-cachedat: 08/15/2022 10:13:24
cdn-pullzone: 139012
server: BunnyCDN-AT-731
last-modified: Mon, 15 Aug 2022 10:11:16 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"62fa1bc4-58157"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: ae2fd556-b96a-4dbc-a12f-7867877cff13
cache-control: public, max-age=86400
cdn-requestid: 08188102086e7e8480d2a2b4c79c3ef3
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
DATA 200
OK truncated
/ 279 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 24ddbd6f1eb159364d8240931918dbc10eabc25d94b5e7ba13fb0ffa94cddaf3

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 151ms
52ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-108263001-1&cid=2039435258.1661135651&jid=1894156888&_u=IEBAAEAAAAAAAC~&z=716136750

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
501 B 149ms
51ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-108263001-1&cid=2039435258.1661135651&jid=1894156888&_u=IEBAAEAAAAAAAC~&z=716136750

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2022081701.js Show response
securepubads.g.doubleclick.net/gpt/ 384 KB
131 KB 167ms
41ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js?cb=31069059

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83147c4cf00c61d77d068152fdb541e2ca7761e0990682db23e77fb7affdceb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 20:01:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23582
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133512
x-xss-protection: 0
last-modified: Wed, 17 Aug 2022 08:37:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 21 Aug 2023 20:01:09 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 297 B
778 B 172ms
48ms XHR
application/json 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=znaj.ua

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2cf2bebf4d8dc76e0b7c0bdd6d810f59b022c38df8045e55256604489b48d1e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Aug 2022 02:34:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 142
x-xss-protection: 0
expires: Mon, 22 Aug 2022 02:34:11 GMT

GET
H2 200 branding.min.js Show response
a4p.adpartner.pro/apstc/ 13 KB
3 KB 58ms
58ms Script
application/javascript 51.83.220.94
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/apstc/branding.min.js?v=1.1.423
Requested by: Host: a4p.adpartner.pro
URL: https://a4p.adpartner.pro/branding?id=1582&0.9097617244823315
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.83.220.94 , France, ASN16276 (OVH, FR),
Reverse DNS: app-ngx-pl-03.adpartner.pro
Software: nginx /
Resource Hash: c9a290d9b6213e394d2d308a9e193b06f2773b1ac247317f41df41211e6bc77a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:11 GMT
cache-control: no-store no-transform
last-modified: Tue, 15 Mar 2022 16:47:24 GMT
server: nginx
content-encoding: br
etag: W/"6230c31c-35bf"
content-type: application/javascript

GET
H2 204 tt
a4p.adpartner.pro/ Frame 4B4D 0
0 857ms
857ms Document
text/plain 51.83.220.94
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/tt?time=0&apuid=undefined&session_pageview=1&session_id=1b1cbc8c-e616-4c53-894b-f1db6e02ea2d&site_visited=1&location=https%3A%2F%2Fznaj.ua%2F&referer=
Requested by: Host: a4p.adpartner.pro
URL: https://a4p.adpartner.pro/branding?id=1582&0.9097617244823315
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.83.220.94 , France, ASN16276 (OVH, FR),
Reverse DNS: app-ngx-pl-03.adpartner.pro
Software: nginx /
Resource Hash

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store no-transform
date: Mon, 22 Aug 2022 02:34:11 GMT
server: nginx

GET
H2 200 ls Show response
a4p.adpartner.pro/branding/ Frame 49B8 5 KB
2 KB 59ms
58ms Document
text/html 51.83.220.94
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/branding/ls?branding=1582&bannerNum=48430904455798100&apuid=607f4675-d906-4f28-97f8-bdc38c4c8457&session_pageview=1&session_id=1b1cbc8c-e616-4c53-894b-f1db6e02ea2d&site_visited=1&location=https%3A%2F%2Fznaj.ua%2F
Requested by: Host: a4p.adpartner.pro
URL: https://a4p.adpartner.pro/branding?id=1582&0.9097617244823315
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.83.220.94 , France, ASN16276 (OVH, FR),
Reverse DNS: app-ngx-pl-03.adpartner.pro
Software: nginx /
Resource Hash: 88e9b0bf00f2418bdc39063c6742d4ed2e126676ae5ae6f850ea161ebfd4a582

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store no-transform
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 22 Aug 2022 02:34:11 GMT
server: nginx

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame 49B8 49 KB
20 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: a4p.adpartner.pro
URL: https://a4p.adpartner.pro/branding/ls?branding=1582&bannerNum=48430904455798100&apuid=607f4675-d906-4f28-97f8-bdc38c4c8457&session_pageview=1&session_id=1b1cbc8c-e616-4c53-894b-f1db6e02ea2d&site_visited=1&location=https%3A%2F%2Fznaj.ua%2F

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://a4p.adpartner.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5531
date: Mon, 22 Aug 2022 01:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 22 Aug 2022 03:02:00 GMT

POST
H2 200 branding Show response
a4p.adpartner.pro/ Frame 49B8 772 B
448 B 63ms
63ms XHR
text/html 51.83.220.94
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/branding?id=1582&session_id=1b1cbc8c-e616-4c53-894b-f1db6e02ea2d&session_pageview=1&site_visited=1
Requested by: Host: a4p.adpartner.pro
URL: https://a4p.adpartner.pro/branding/ls?branding=1582&bannerNum=48430904455798100&apuid=607f4675-d906-4f28-97f8-bdc38c4c8457&session_pageview=1&session_id=1b1cbc8c-e616-4c53-894b-f1db6e02ea2d&site_visited=1&location=https%3A%2F%2Fznaj.ua%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.83.220.94 , France, ASN16276 (OVH, FR),
Reverse DNS: app-ngx-pl-03.adpartner.pro
Software: nginx /
Resource Hash: 3e6eb089aade1932a634c0b0e2aff1b3993ea1775de672aa8914f47e1a5ffba1

Request headers

Referer: https://a4p.adpartner.pro/branding/ls?branding=1582&bannerNum=48430904455798100&apuid=607f4675-d906-4f28-97f8-bdc38c4c8457&session_pageview=1&session_id=1b1cbc8c-e616-4c53-894b-f1db6e02ea2d&site_visited=1&location=https%3A%2F%2Fznaj.ua%2F
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: text/plain

Response headers

date: Mon, 22 Aug 2022 02:34:11 GMT
cache-control: no-store no-transform
server: nginx
content-encoding: br
content-type: text/html; charset=utf-8

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 159 KB
41 KB 150ms
48ms Script
application/javascript 65.9.71.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.71.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-71-118.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 925ed48219a2d3c339c5d288fdae3f965efbca0e5ee4e369b7dcbb04b6ade06f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 22 Aug 2022 02:24:25 GMT
via: 1.1 ec85113c6ed859938b3fcfa19bc035f8.cloudfront.net (CloudFront), 1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
last-modified: Thu, 18 Aug 2022 22:02:23 GMT
server: AmazonS3
age: 587
etag: W/"52a6bc60961c702869c58b9d159c8e37"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P1, FRA56-C1
content-encoding: gzip
x-amz-cf-id: B9eN8nqYbFJQaskkJJnKMeGioEhHu01OEjKetUcz4pcuaXe3OcuKlQ==

POST
H2 200 page_view
ym-tack.b-cdn.net/ 0
0 178ms
77ms Ping
text/html 2400:52e0:1e00::864:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://ym-tack.b-cdn.net/page_view?ZNA;desktop;;main_page_desktop;c667db|f0c2a0
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::864:1 , Slovenia, ASN200325 (BUNNYCDN, DE),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 video.js Show response
cdn-b.notsy.io/video/ 214 KB
69 KB 50ms
50ms Script
application/javascript 185.180.12.68
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-b.notsy.io/video/video.js
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.180.12.68 Vienna, Austria, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-731.bunnyinfra.net
Software: BunnyCDN-AT-731 /
Resource Hash: 4a5599f58464ae9c698933970316849cd62195548fd745b6ea005eadda2eb72f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:11 GMT
content-encoding: br
cdn-edgestorageid: 731
cdn-fileserver: 224
cdn-storageserver: DE-51
cdn-cachedat: 08/19/2022 16:23:37
cdn-pullzone: 139012
server: BunnyCDN-AT-731
last-modified: Fri, 19 Aug 2022 16:23:03 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"62ffb8e7-35864"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: ae2fd556-b96a-4dbc-a12f-7867877cff13
cache-control: public, max-age=86400
cdn-requestid: 53bbb176e1af8b3659ad98aabd9ee7a8
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 188ms
60ms XHR
application/json 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220822

Requested by

Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0ea2697dd2d0350ed84ce89be6bc75e8462ad5d56e0d70d53c869df80ab8236a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://znaj.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 41594
x-jsd-version: 1.0.1439
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 926
etag: W/"669-U3xo+2ctiPtvj8ftIPnQBFf1f4E"
x-served-by: cache-fra19140-FRA, cache-mxp6980-MXP
x-jsd-version-type: version
date: Mon, 22 Aug 2022 02:34:11 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 / Show response
adx.adform.net/adx/ 5 B
479 B 211ms
101ms XHR
application/json 37.157.3.29
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTEzNDAxNTEmdHJhbnNhY3Rpb25JZD1lMGE2OTIwNy0wMTAzLTQ4MGQtYWJjNS02MzhlMTQyOTkyOGUmcmN1cj1FVVI%3D&pt=gross&stid=91b9f1fe-68ef-4b9c-bab0-c9f43264e5a6&fd=1

Requested by

Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.29 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://znaj.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:11 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://znaj.ua
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 218ms
127ms XHR
application/json 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

bidder.par.vip.prod.criteo.com

Software

nginx/1.21.3 /

Resource Hash

c3afb46d73c3620e6af506d8f6d8b36a28b48b59f9e9efd1758bb3327c4b9404

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://znaj.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:11 GMT
X-Proxy-Origin: 217.138.196.103; 217.138.196.103; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 2507b95f-d076-4da6-8967-16e1992e0eb3
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://znaj.ua
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 260 B
1 KB 340ms
104ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17352&site_id=410706&zone_id=2309704&size_id=2&alt_size_ids=55&rp_schain=1.0,1!notsy.io,c4193689-ccff-4240-b83b-892a8970bb47,1,,,&rf=https%3A%2F%2Fznaj.ua%2F&tk_flint=pbjs_lite_v4.43.4&x_source.tid=e0a69207-0103-480d-abc5-638e1429928e&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.036537021378182155
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 3cbedcec91e25d1c614115227561d95131e7508d4c086dd82c22ba1c664d0c60

Request headers

Referer: https://znaj.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:11 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://znaj.ua
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 260
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
209 B 119ms
35ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.43.4&cb=13084654233

Requested by

Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://znaj.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 22 Aug 2022 02:34:10 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://znaj.ua
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
517 B 152ms
40ms XHR
application/json 3.124.25.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=4.43.4&referrer=https%3A%2F%2Fznaj.ua%2F&tmax=1000

Requested by

Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.124.25.34 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-25-34.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://znaj.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:11 GMT
accept-ch: sec-ch-ua-platform,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height
x-auction-status: 17
content-type: application/json; charset=utf-8
access-control-allow-origin: https://znaj.ua
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK / Show response
ghb.adtelligent.com/v2/auction/ 2 KB
973 B 440ms
202ms XHR
application/json 2a06:8640:454::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.adtelligent.com/v2/auction/
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:8640:454::2 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 5ad7f1bfb22e0ed8d922880d613621c671d97432b37f1ce9026501812a71083d

Request headers

Referer: https://znaj.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 22 Aug 2022 02:34:10 GMT
Content-Encoding: gzip
Server: Adtelligent
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://znaj.ua
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
Content-Length: 671

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
633 B 204ms
112ms XHR
application/json 104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=861202&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22134e90b83280692%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fznaj.ua%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%224.43.4%22%2C%22userIds%22%3A%5B%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22notsy.io%22%2C%22sid%22%3A%22c4193689-ccff-4240-b83b-892a8970bb47%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%221436da8e91b4c4a%22%2C%22ext%22%3A%7B%22siteID%22%3A%22861202%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A970%2C%22h%22%3A90%7D%7D%2C%7B%22id%22%3A%221436da8e91b4c4a%22%2C%22ext%22%3A%7B%22siteID%22%3A%22861202%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A728%2C%22h%22%3A90%7D%7D%5D%7D
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc3a39cf2b20a9cc9224b50e6a46b1ed57ad8e940e1e380a2f6c3a9ca199374b

Request headers

Referer: https://znaj.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 22 Aug 2022 02:34:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vcs841oeCWsfxVKd0YlK9wv9Z5s4EUTMc%2BVXE1IqOsOTmwTe8%2BzSDWW3iL9UT1RRFVV0iIyS44JSLW7LMQXtJWGx44PsCg7pAvzpAhToMc6glZKOraKgoKkybKR%2FQQ4HHPbBv85w"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://znaj.ua
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73e8353cba62730c-LHR
expires: 0

POST
H2 200 bid Show response
a4p.adpartner.pro/hb/ 193 B
402 B 157ms
156ms XHR
application/json 51.83.220.94
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/hb/bid?tag=8217&sizes=970x90|728x90&referer=https%3A%2F%2Fznaj.ua%2F
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.83.220.94 , France, ASN16276 (OVH, FR),
Reverse DNS: app-ngx-pl-03.adpartner.pro
Software: nginx /
Resource Hash: 54591610da5587faa6ebd2cbc60723d7eb66168b23b94566fad784d4cf79a9a4

Request headers

Referer: https://znaj.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://znaj.ua
date: Mon, 22 Aug 2022 02:34:11 GMT
cache-control: no-store no-transform
access-control-allow-credentials: true
server: nginx
content-encoding: br
content-type: application/json

GET
H2 200 if Show response
a4p.adpartner.pro/tracker/ Frame 839C 0
139 B 58ms
58ms Document
image/gif 51.83.220.94
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/tracker/if?data=%257B%2522apuid%2522%253A%2522607f4675-d906-4f28-97f8-bdc38c4c8457%2522%252C%2522event%2522%253A%2522visible_show%2522%252C%2522ad_id%2522%253A%255B%257B%2522ad_id%2522%253A0%252C%2522rule_id%2522%253A0%252C%2522show_id%2522%253A%2522%2522%257D%255D%252C%2522unit_id%2522%253A1582%252C%2522region_id%2522%253A112%252C%2522sub_region_id%2522%253A0%252C%2522city_id%2522%253A0%252C%2522apsid%2522%253A%2522%2522%252C%2522url%2522%253A%2522https%25253A%25252F%25252Fznaj.ua%25252F%2522%257D
Requested by: Host: znaj.ua
URL: https://znaj.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.83.220.94 , France, ASN16276 (OVH, FR),
Reverse DNS: app-ngx-pl-03.adpartner.pro
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate no-store no-transform
content-length: 0
content-type: image/gif
date: Mon, 22 Aug 2022 02:34:11 GMT
expires: 0
pragma: no-cache
server: nginx

GET
H2 200 if Show response
a4p.adpartner.pro/tracker/ Frame 06B6 0
139 B 58ms
58ms Document
image/gif 51.83.220.94
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://a4p.adpartner.pro/tracker/if?data=%257B%2522apuid%2522%253A%2522607f4675-d906-4f28-97f8-bdc38c4c8457%2522%252C%2522event%2522%253A%2522dry_real_show%2522%252C%2522ad_id%2522%253A%255B%257B%2522ad_id%2522%253A0%252C%2522rule_id%2522%253A0%252C%2522show_id%2522%253A%2522%2522%257D%255D%252C%2522unit_id%2522%253A1582%252C%2522region_id%2522%253A112%252C%2522sub_region_id%2522%253A0%252C%2522city_id%2522%253A0%252C%2522apsid%2522%253A%2522%2522%252C%2522url%2522%253A%2522https%25253A%25252F%25252Fznaj.ua%25252F%2522%257D
Requested by: Host: znaj.ua
URL: https://znaj.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.83.220.94 , France, ASN16276 (OVH, FR),
Reverse DNS: app-ngx-pl-03.adpartner.pro
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate no-store no-transform
content-length: 0
content-type: image/gif
date: Mon, 22 Aug 2022 02:34:11 GMT
expires: 0
pragma: no-cache
server: nginx

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
792 B 136ms
48ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=znaj.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js?cb=31069059

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Aug 2022 02:34:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 137ms
49ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=znaj.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js?cb=31069059

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Aug 2022 02:34:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 36 KB
13 KB 343ms
262ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3760901169620905&correlator=3354209488969508&eid=31068830%2C31068985%2C31069059%2C31068367%2C44764001&output=ldjh&gdfp_req=1&vrg=2022081701&ptt=17&impl=fifs&iu_parts=21863949019%2CZNA_WEB_INTERSTITIAL&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=3438404882&sfv=1-0-38&fsbs=1&ists=1&fas=8&fsapi=false&eri=1&cust_params=page_id%3Dmain_page_desktop%26traffic_source%3Ddirect&sc=1&cookie_enabled=1&abxe=1&dt=1661135651381&lmt=1661134819&dlt=1661135650381&idt=976&adxs=-9&adys=-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fznaj.ua%2F&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=2039435258.1661135651&ga_sid=1661135651&ga_hid=1682423626&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js?cb=31069059

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

232e6cd39a9926fb59756abd1299c2a584db868828885343308eb3fc29358cc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13789
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://znaj.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame AB43 6 KB
4 KB 166ms
49ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js?cb=31069059

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Aug 2022 02:34:11 GMT
expires: Tue, 22 Aug 2023 02:34:11 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2022081701.js Show response
securepubads.g.doubleclick.net/gpt/ 36 KB
13 KB 118ms
41ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022081701.js?cb=31069059

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js?cb=31069059

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

server-65-9-71-118.fra56.r.cloudfront.net

Software

sffe /

Resource Hash

4fdb83d6869eacbde33652b1f2eab38cc4e532f648b5ff57267829bda145e793

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 11:31:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 313368
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13584
x-xss-protection: 0
last-modified: Wed, 17 Aug 2022 08:37:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 18 Aug 2023 11:31:23 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
304 B 43ms
42ms XHR
text/plain 65.9.71.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fznaj.ua&pubid=71d4b8ca-53d1-4309-a952-3306259fb046
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.71.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-71-118.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 00:31:45 GMT
via: 1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
server: Server
age: 7346
x-cache: Hit from cloudfront
access-control-allow-origin: https://znaj.ua
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: 2Zqbjsfg0Wvt_kKvNDdsS2Qn38lNSGv2qL2Y6sVZEygiuFgE6n_4GQ==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
486 B 76ms
76ms XHR
text/javascript 65.9.71.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fznaj.ua%2F&pid=h2OzyfuNL475K&cb=0&ws=1600x1200&v=22.8.42053&t=1000&slots=%5B%7B%22sd%22%3Anull%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%2C%22320x480%22%5D%2C%22sn%22%3A%22%2F21863949019%2FZNA_WEB_INTERSTITIAL%22%7D%2C%7B%22sd%22%3A%22notsy_container_469131363%22%2C%22s%22%3A%5B%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F21863949019%2FZNA_ATC_970%22%7D%5D&pubid=71d4b8ca-53d1-4309-a952-3306259fb046&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.71.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:11 GMT
via: 1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C1
x-amz-rid: B8H78Q5BQG02PHTW08A3
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://znaj.ua
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: _jcSbKHIZbZ86SOQQ0Fb-fQcETMGrqDk4cLHlWznAScrO7mXnp5ovg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 120ms
40ms XHR
application/javascript 65.9.71.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.71.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-71-118.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: JXufo2ctue2uysHllG2MRpKE8F0E4.a0
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 84582
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 03 Aug 2022 22:19:11 GMT
server: AmazonS3
date: Sun, 21 Aug 2022 03:04:30 GMT
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 6b38a2e1db230db568190464ab7177da.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: 60phnL__4CyBzQxq3qVSg4NxclkOS3Riu1T10a_euCgHLcBvzKxKyw==

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
122 B 142ms
49ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=znaj.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js?cb=31069059

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Aug 2022 02:34:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 133ms
51ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=znaj.ua

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js?cb=31069059

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Aug 2022 02:34:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
9 KB 293ms
293ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3760901169620905&correlator=2701880199247463&eid=31068830%2C31068985%2C31069059%2C31068367%2C44764001&output=ldjh&gdfp_req=1&vrg=2022081701&ptt=17&impl=fifs&iu_parts=21863949019%2CZNA_ATC_970&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C970x90%7C728x90&fluid=height&ifi=2&adks=3085723817&sfv=1-0-38&fsbs=1&fsapi=false&prev_scp=r_imp%3D0%26r_cnt%3D0%26notsy_container_indx%3D1%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=page_id%3Dmain_page_desktop%26traffic_source%3Ddirect&sc=1&cookie_enabled=1&abxe=1&dt=1661135651656&lmt=1661134819&dlt=1661135650381&idt=976&adxs=315&adys=205&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fznaj.ua%2F&frm=20&vis=1&psz=1600x100&msz=970x0&fws=4&ohw=1600&ga_vid=2039435258.1661135651&ga_sid=1661135651&ga_hid=1682423626&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js?cb=31069059

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d3e5c1965e5ee0b733ac223d66d77ddc44f68b17e9dffc22b5af12972d08686

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9216
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://znaj.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
c.aixcdn.com/ 42 B
404 B 107ms
98ms Image
image/gif 2606:4700:3037::6815:2baa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.aixcdn.com/?2120&3224&4137&4166&r=9228

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:2baa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ab037c2cbbde510127db317534973d375a4a142c4bae4fbe3a42b3dfe420cc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:11 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TYehGXMcxFlbgZp%2B3pnGH%2FYuDs8tkhETXAC1yarPjZbNw%2BlEmpfEJy226r3qHg%2F0ej3qa5xHusJXmEYby4G6QG50nSqI4vpgQTch%2FPb2RcvQWhrh%2F7ZxPTlg9KQHoVGCUmzgU4NIZOlW%2F%2FQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 73e8353f4e23ba86-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 42

GET
H3 200 container.html Show response
adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 51EE 6 KB
3 KB 134ms
50ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js?cb=31069059

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Aug 2022 02:34:11 GMT
expires: Tue, 22 Aug 2023 02:34:11 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 51EE 4 KB
1 KB 141ms
50ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 01:45:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 22 Aug 2022 02:34:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Aug 2022 02:34:12 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame DB54 624 B
974 B 150ms
53ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCj-8KCAhiX6YnOATAB&v=APEucNVOuj4uzgwNsIzIKlWtgyEhCsw4dpmFUt7osNJwXU_oZ6LHGj6jpSKTVRDS6w_GmLVPfWrHtBV9JoKKHvb0Ta-1ggorZrL_zLP1pZcXU_MfAlL45-UL7V7llpn8KuXqvY8ITX6ziH6t0HXsC1nCeHVDt58qxIzlPAlfWJ97_E5NnifVfzw

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Aug 2022 02:34:12 GMT
expires: Mon, 22 Aug 2022 02:34:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2762 91 KB
36 KB 191ms
95ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D2Ytaf2nA6GZ9E6mpqux6646J6dXcZFO12emen5PwnFU0-5i3Y5aYFfqx-FJBvLTj1Jg19l1jpVMX3eoqq4RZDdJbf1TbKyL-WOcvW5wmnGS0xoSYjwmKM-UPDvM_bK5lWfPjaVEw7DeWn0g5TTdztI613DA&dbm_d=AKAmf-D8lsT-tgwFo8Z64jR-lH1W19Wz__Pg3NeYRJ3oMDYVJNDgK62uRDVtl_HI9Sdf6y2imlP-HT8f0sbw6iBZmnUd_xibp8UlQHkOg4FmDUifDCyvnSkRFqHxz9qMdC7nLzMiKCmyHIf85p0IpDOEMNR-sW48qN6b3AbUQd1jfl9_UWh6T0qKKwo9WOM9YGn40qqjHs_CvKbSxyiy8-Lz7HJ2979MqIxn-VtO7yXKeif95H5G12DMR98vNsc7F2ZyCr-dJNB3otCvJq2WheG2K33se-R5lYWfAl1DmH6kySp__mxToHp9Iy79Hn94H9E1d7-5q-TBJyrzbSg1_QPqXUermmqM2VCCOqrsRYLKeEEKM4f9sb16opjdDhVTXwqT_h9qDnFt8lqEovCZSeNM6fad3AawvlIgiMmtphN4Xodjw2vbaYvozhuXcBqjznKW9o9e62Vq02MISIfbMOjSIEc0sjTc3Duf1V-xWMGHUZBD5oUgQcZBShHyvnJljzLdNHsQlS_QvwMm3ksKQgLkk7oOxs6JBXJlZ5ZJyOZhfyeQHzpik6zXC6c2rq25rdCiPX98vQc1qOUJ-FQIofVgOrIoaXqgUQPSr3n4owwqT13q6UePkdY1pi1mr9K7nAWRqBRbC7GyqZMJpMf3wFKZlqjouVTxg4nnJp1M02i3owpeH1srO41I7UZArtTVkIk3JPnaLMUhFkeNorUPISz5CSdqXO40-v9KdfQ65S-Uz7B6vbmAPQEC68gIYyZ5_TInYILnrQb02nslxUCDVqsYJTGM8AT8_sakPGu39A-DaAIFYegGlHHXksRMMpDBfmwlPdD-gL1ylHOQ2pdl-2G7GHxI61LlzRZ-Xl4Q5zDV7aXYfX_ElUTWB9FMQ0yS_Am50aasVg3F_X_Z6sFTSTYD8LdHPiP87aOUMMsVW-JeALcmlifbVJCWr0xaYI67VBTUhoVdjjmlff3ZUn_hd_0ibbcIasMykZp6K0iONRCg_P5j_4fYwfoPtLGszg9k0m54rmtANr0kC2n4uNj-NmqKauZEgWcpywQxYmooEdpKo2aSW-iGZQy7sUo8-SqSB6mLz5gAzAGkSjXE9ww9VSYi16n6vIaSZC1YbhGx7o0aMaBSuDD8pLyzrG0gQO6-Y5JF91RKOz5aS4By2WKgQoAvXtP-nkUzjjs8KsZfPezEy3D1ZHmYS7Nv7aO117ArwNjYv2Raa1YcH74neZY1Les4P1kJFaQ2GqWwQwyXC4EZDP6U4LjmbKhMVoyq1vWSvWNzCdcfu6v5ftBnA1fskxsrT57yaO69syHKI0-cOH2JC5qo7l5YTCxYpttqVk_jDQvjzzt1R94R2DjYiUQDRF-gBsgXVEDzWcOtdK5mioVsBBWfuezThcGh0mqD8L2ZJpXR2l-Z2cKh1nLAMAtccj-mCLJ68S09EBrNSEiXQyKP4Z1diwOKb0SPEjD6Jsvp1drKrBL19lSw9U2RLkVbSWI9T7JxLgHUcwdUr9F1ZJKPDOOLpI4dB7Oxid8HRFMneDBFG0n3nBRnT8zrH6hfL6llVkW8t_2SytjypayUuhqpI8AqlaCkHpJqlYA9e1chydD9FdQFcc1FGeoKQlwzuPes6AKlw5xzFqw23MBS7gqXVz4J_B_WWjdUftGyNFdC6KYB9j5pCx6777RykuTQwoEr-TxKXtRkFKXmP5E2pwmBefnRQ64z_wOYkRlmfw9Zoyc7s6s0UbHc0weqd7jUQEJCqWbChjYF2Y39Z7yJJTP-FsYGTkowN0IEkEVDExd3G4gzHgqQagU25uoIOV9Kv9ZNOVCbcfWOPaNHG2haDDgfD8zk58ft1MAdb2zFhTyFrpBU7HR6mwiNpQFamnQggw2O1B3yBpH9gTeS7sP5trRgfKMO-Q-ydBr4LWYG1pei_59GpgIjGNV_KHCI9YVnUBpV6AUjJI3vQ_csVgsIGHbtqyb8YTeJH1KjCe93DQar5QEyY1_QDIJWfHAL3DkkVgIJikfPShQX4wKe0evZYyqz8WBCfUk8vjvwPsHUA0gv8owuTwge2AeZ8VVKPuNmdExDwZUSBObRJG1inZK-LOhe4IjMI3RfF1IqHFWiGoniNheHfYW_erdngVFQTJv3uJ_Id0TGqdQMRFkW1IjTNEvfPYUqe3qPJ__Pom7wwdLHdBN7HWbgQvIQviyGfoAO9mmN_axq9J6CRIb26_DeJetHH2wDxRRkTRhqro0nH0qj1OZ9cGoSAV5nQlzYWfCv-iKev9-aznpbV33-u_mJ-U3PvTr6Ls11qlGyPdVa8JejEgXhqV9ExVuEES8rUrCk7uPih322FNx17QPrBtIMxTn-V00t230PAZm6OctBuK7QIUb0q-bepaxbcdueoXSaW-KZXUhKin3IsvhfM8xuYRmXBzQgJ6q4GaKj6qH0pYwnbE7UpYBKmHEaGQ5l_hq-vFBaT8TATVltvCZeL1LAerFCi-zES5g38FbdYdMIrWAnCsxc9Se1drr7TWmwWL5P9vsp2ixkto45OaVmE7SC-QL5RZLwduRvg9piUT-wUNbQpWFdcdgo32gdCUAALt98JMQO04bX3wue0lG7yTnTUeANZdfb0QfDZ2wZJrTruxT2SALQA_HfW76tODtLCZiQvUEhcIdKhffmbIp1NOpgZywUy26EpGiModdCFkIS48EGiVyE68A8R9e2l6H8govT8UzGPl-Z8gexDTcsdfeDUjJi5TO-6RIYc9hTAIDEOLd5Cx0A225WkYpKAk-lprBYwge_kHl7fDIoD-GeSNp8I8Qf-zhL3UW9pvKuCgFi84cOxoghT8bUIEikapR9g8smrhdUYVK2ZRlL_7uTnhUr1sEZaQZKZoJ1J4fzVhJmjoJKKHlviWcwDdaaKgAqrL0SXzIW9_ub9SfkvxQPxgsBYGxj9no_qQTll4eK2YZI-_DwtWKhMEwnJX68TSTJxcGMNUpgkmnfM1_iATNwMhXTZag_fRcDINlDw-cfqsZkNFeicl4BS1Z6jNPk0KOkwVfmxFVxh5BODObBDyMZR-1kqfOieMXIv0pmz3OXIXl8EwVae3JWuaHusEOrvYH4HzvnLkhHnI7LrDiQEiGIcBnZR_6t6kj6sJGUc-K5E1Jbza2yyFd1IjtVSUFZYt_bSqxO1KyqJFi5TWhUe5sL3SoCEC3IK0wrSLfW9q2svj1uYkA0NvPhwGUh-XMKvaNyd56-fIXv_pJVjJFo5Py9lVS0lyEmVo8Be36aMKdYmoF7HTId_VEf1-05AlVq4tMAMKxMDv357NTQeY8wUzDxcfXkOBHXA3h2J6OKinF6QNR_rPNXoimAmYpkeYMkY7bY8XuK3MY6mjdvRgtWL94mUi0SIuJpTt1jCBWBUT730EtyE4Gjef3r7wZqoD6b95H8fiQqAaW0GnO_soO1RKcALxet_FF1A-_QJDUqdI91Ya03Z3CpV4Zv5pj2nShSluffVy6YyAaxJM9ab8LpBL6zH0P8dFfI4BGDaChw0rnaLhmXvlbHU9LQvAgDI9DtHuTfxx6TcOEaPdM1yPafUWT2FgfTl-rQPz49FbTIfja_oAx1yen7d3mrImgQNH-m0D0PG05lr1JTdCtp89KoJ65h-gMRhCozcD77f9zd-uc&cid=CAASKORooqt_2kyO4DVAb_Sn97V3wuZbnfVC5FjIb6pG4-rwHzRFZJoLUKY&rfl=2%2Chttps%253A%252F%252Fznaj.ua%252F%240

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7945070f4e9d97254f667c6224895c452dd774c4f06b0deb6f469b34bc310fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36380
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/ Frame 2762 3 KB
1 KB 175ms
80ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/window_focus_fy2021.js

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:10:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Sep 2022 02:10:39 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2762 140 KB
43 KB 135ms
52ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba7478138664dfbadff2af30a268f4200a752a73d07dafb55937af20d1061357

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44050
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660737283953252"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 22 Aug 2022 02:34:12 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/ Frame 2762 17 KB
8 KB 135ms
41ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 01:53:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2426
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Sep 2022 01:53:46 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2762 0
0 140ms
48ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaStZGRf3YLN0THnhVdNIIYu8riaUApv0T7Oyt95jtUukyoKxVoQKVlXlyUb3KUqX2-2Q1pGKIIgqeMnowS4YVt1DSbosQ
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2762 42 B
494 B 184ms
74ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CnJ-07xr-YHs284g84kJWpYoNOMafduZG2gdjMQUhl8eMFzgPED1U784m44vQgnQ8WeH-DpO84DbxU7p1LfCZxPAPtx6S0q0xrIkPVhKb3H6rd5hI

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/elements/html/ Frame 51EE 19 KB
8 KB 140ms
47ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f964612ea368ffe1d612a004f0a0e05453155fa7cb27dff624e5ada25c6847fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 00:05:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8919
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8368
x-xss-protection: 0
server: cafe
etag: 5162546928090487746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Sep 2022 00:05:33 GMT

GET
H3 200 container.html Show response
adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6219 6 KB
3 KB 42ms
42ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js?cb=31069059

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Aug 2022 02:34:11 GMT
expires: Tue, 22 Aug 2023 02:34:11 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9706 624 B
560 B 66ms
54ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRDAtZTXAxinw7jRATAB&v=APEucNXcOwRtLLBesBfySNJRRmWHPbJiY-mmX4m4FHe1jdnxUexwKFEB_S6zaWvy9IoeJ8-lAUdR61kJAVtBKNm87oy6huN4Avvx8YeQ479j44qD1lPUpB03Ij0IQ_wfUKVUxjlvxjbQsvTQrMwbgNofxsJyKRKbm8zBmE8ht1twk2IE-eVyxHE

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Aug 2022 02:34:12 GMT
expires: Mon, 22 Aug 2022 02:34:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6219 15 KB
11 KB 81ms
70ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CeRiRP83iN-n9jfIeT85LXPs6y6zoY9WTRsM1ujhAntCkMPsIOAU2tDbpCJSFH5h3wSFLkh8YSfm66nndx80YclmHc28v5EmyG2lSdZz4eJ-dD4pouKlLrIO8VhC-fxMq2i50om2E6N4yfX9VSSsV_sax9yQ&cry=1&dbm_d=AKAmf-DSK-l0NB1dONzUZkAHbnhQonzPFuYdmLRmqaxZuSpkPkcuK2Ko2FxlLBGQ1Fq4pmPLukhuRECNRM7z4ooJYjaSifZcmfrmHXSNoyY_irrNlp2XaIhJcfg1wck6g-4NiDBHPD5JEscLwzdGKqjRNKotWUbYdKCpahGJtoRf1pLUJxgXmJUInIrEjevs7MnBJh4cDq_gb2DAqh0HWulmVv30vQZi_YTVAvlCagBl24_Ge843ZVRE5Fkextnk7UlT-e39D8_qWMdEt4UOZj0hMcfIw7bp4Jx5Pto_KvoEPrJaczpQfl85TZ0fO4li9TMM2Q9uOTGDvRB9_of8nOaNG0UIeUES8Ncsr4LaZCS96ofr-KieKuT6i8fYOnnXDCRwO-zZLxzvHH2H_Juv8Sz1LYBW1MCwkY4e34if4J7Neo-qk79F-b7yBLBbgjfWPsEipzDorylTRriSezWjUYRKZ0f7n62bSzuslcgmSwtL80GW4y4hrLorDaI1TLWut43yEgkKALNABkPltnuwIWoEwvBLvCuzw77tWOlKvqF1BVOfmf3kABWTLMfGsNaAyZG-Kz21NMrks4RyQTbL8L1WIi-lOsffcTfszDoFOxbnczOSOVK9L6ocsFzj2W5rhUZOaQ7ffM5LCOfWj03czzGa_E9hGjTGKh9Vey7HSwx0DMSwKDdNqtJqw-pplERaY_22n79h3zLdDXRAC20VmxDXO1ui3iQfZrNzfR1Sn3NaCBhOwbrKH0meqk0CTvPCy4mg7ceojYrhX29AxpD5fmhzXX6eDpbGNmf5zXqnbachN4OIzbieJI3o7ZUqAZQVt-LOhgT3R0ze-nfA25D65tYwAi-h_Ou8sPNViqLiSVzE1WQeziEDUqaOamG1JB-Rdb0oyvCVufwYq06OcoT-2YZueT1VKScAl8mZEq-cbuLOIHJOGptFSO29dqBECR-OAEAZflww-xUeOb2iY-7o3G4-YrHrQuwwSObQWgWet5rKC5PXVHO4kl7wc36Bk9MxZt3uxIZ9pSeJiwQCX76jvf7AQV2C_mxoViuv97CE2RoF8FlaVxfdwQJvg3LQ9iPsHm44lg8DQSYsH4_Z0GoaVbaWZOda-U1HO-hOuOeWOzLjrtn0YMeIOoW6N5pD0wj3xC85EKsQLBWBKT8tiw2ZFoZ6plL3qob1FLHq9ZVnbnzvKx5RyugbCEEEfBcWSpcjpcMS6L9LbA2DXXAie6fGBK2QOqTmvtfamByDfyyRATzKzEgxhEvRn0RtGKbQE-ogc4HJ0Bo1o97HJgXhMvA1azEDxBgTLYhyVWTNUZO-vvn4HGUQQtmBKh7T17aXDgoC2ri6cUx3HAdIQKQM-GSKTLop5v33sfdNuTJawCfjWF8N2cl8N-8F-Xvtrd7mFRJb18blg_AyjsMC4UQlEEaWuTgXUxXPBvDkhdxEH-2xNkzr-OFfNgLvnCvnypnqiLvJnGjUkvsXjdpGLGC4_00k7G8qE3AMbTWq1v-V1-BVNx34aCKQH6MdeVOS3Ary55Jgu6BalxLP9bnznJjXIW08J_GZI7-gSrI3AjayLctzdhb_mpGqqUR7HHKbNE8beasO6u1mw1XBlY4C6LIW0e_MtWJn4zM2RiL57VIyWPTDRruiGD_iEi8nodSYclAT_U-dXbq7oKAkKJzaQEbRuhZVmcnKsuXzoWwXSTD_Y3iK8J3UIAdQmlSw9SQPMW43hs3bGfHmRE-_ipcnMPAQmrjy31tpnRHPEpFdX7rJLIkvsiwU7tfcypyW6EwJfZu_HqGLw7w5apykzcgEsM0rKP58wGCdkf3ZaDQkje0W_tK9nV_nR1Tuz-tXUd2IRavb3fiz-2JIhhrCh6TyYFVeUf1FxZmQz3OEIEGppDLJuyWSoo0tgUtoTPHVBh2b_cunoYF7GORAXwSqqyy3_S5G5j4sqj-AR9YbwUqjnzhS823DNHlsT5PdikFiMH9llyfYV2Z6zhLTGNmlth-XGbmgv7hEWNZlJuQvoOmD-5TPplBk7iO54mYr_h85dvLbdTsbrHpS7UxcWDv2yFwqxbL4ZNE5T0Ni_dxvCpmFxi5-_dGlo1PcfFDpzHbu9cOoL7u3R_KAWvviigRE_zuC08-gRM8_dIfFOwjOdHLm_6VE81CXjnCNv_Sxlmy1XMwJ8LjAv3PJQ0KYNn3Vi0pKILqn8M5S2XD8W5K84oR80EaCazjvlMTeHmMXMAqS5g-7QRhjTI3_hAEDCgFVnm2fpWcZdZzjhWl8B6ZuZTRbC8Jf7Ek9zw5NPtI03cd96qVe9wPMWcaC51bNtPvb_R3kDWMgcbw6lZEo8WwLqapfxKRIquqTzKMw4Uo-zngEbEm20KHvRDuHG6V2vwkpVVq7Iqq0qVzV_bauQKk28AvN6PFtZAxB6oZfzziHQtMF21_4DdSDE8AAwnhXTM8LOd5JMx4wcvZZLAwru-L1H3V4vxV4jTDdZraqvNBS_osq-I0TW7QY3k7OJxt0MmL2utTVxdQaTtfI_tgeXcFqSWCXCA73RZmCX6YwN4IXFBgj7IEaenpi6ny9_3LCNzRE2mQ_SeiJMfNoeOPPQaifapDc1OF0cRPxsKYcItD3W64837bzovkTUyPGD2vqrB9AzwMRyw6TuSbhAgu7Bz6g1g3HGvsGSwKN4olZ0rtRYvAxH1XaEnf2ywNd5m28Ztg33Vg-xzs0Y105eJOY6trFN1DbiaNZm7uW3N4sYE4fIWNl9Czg7x4uKe10fhR17VzlPKkEeCYCBjHSIq3lHtGBok6Y1Zgd3gugCWC8QzI9deAePxT2aqSpkkIZoa8sDb2ffMJqjVoV1ynmtCphQeXGcD4ZZg_IVgnoyBgA-MslgM7fN5R2SEpixe2c6eBE_kv2edFDtY9YoW2Swo0Vli9caqn-3H8zNFInFiv4ymz9ioETKvcGqfoPJGEjBGRYOgsoN4yQ4QoCRJm1FvjfRYaIlAJCU4A0UhglxEeY-W5V8Jw81fObxrdZIZ9lJlcK8Roi5vyDGO9A80XintqoWeoGFYFDJZYshYK45ETY2sOpJo7jkn4k1Dabje8jFZGbcU8qM9O3KHp0chSD0jBSnrBDqjej6wOMERhQB4WRoJXYd98ad75RFOW_xUPkOZQjFSwAM9k-t4L8mmScV81XgegfvSZsgqW_Bn3-syTDhYUMQBs0cg6eyzzufCepT_VWOUEnrf1CEy95cqD9eLy_eY6kKap15Sjep0d-xzzHaJMqNYXtOkZhDN-RUSLD7r5lY_Dkf8JE6HRlEflTrXxesVz1WfL0C2eM-m8wRPtwl7hIWzekyoBnVDeFEFFuSOg2M6PtAu09C-PzFs6vODl63et_8OiOYXR-AMPubhF48zXvQWA031dX_c_AdbR-c8Y9Uk8tX958CJEpovYgVst99Q8h5B6GFaN86qeAy8Nf-HLedBsQjd_EY693YINq6Vjcs20d3sXbzvkQkIt1yhS8ScMxENbRfd8SR6_fwVH3yVlVhKPVIjOn9_Hzw9RKVKzMl5Bjy5tzOxR05KhUFNeY2WxBc4P75gFJeT7NkHVpH85b3HjM9v9mu-i88g6RU7Ui-DW4fQoW&cid=CAASKORovITRzYf8sSd1lvmSWX5YclDD71BFELFLUO3zfwapa3JWyhi2lU0&rfl=1%2Chttps%253A%252F%252Fznaj.ua%252F%240

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05b35cd1bb07b4400ef5ceabec30998cb4917f504a4e0e2bad5b8e06da3effd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11076
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6219 42 B
107 B 101ms
74ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B6KSqTlCcIMnim1J4Au8DNdLJOAu0bTjoDsLIlM_y5L6fGZx6ibUOkwFSxTtD7YHWeXXEeWyu4Dh1FybfoCKYjjjSTJDg-SmHkHBmSYe_5HFvMrIk

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dcmads.js Show response
fw.adsafeprotected.com/rjss/www.googletagservices.com/1140803/65042364/dcm/ Frame 6219 234 KB
70 KB 197ms
48ms Script
application/javascript 52.48.15.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/www.googletagservices.com/1140803/65042364/dcm/dcmads.js
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.15.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-15-19.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: f9795859f69a0be479749badc33f21562dcb7ee2211c91868f6b08bf205f2539

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 6219 47 KB
13 KB 215ms
46ms Script
application/javascript 52.48.15.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=10933&advId=1008855322&campId=18082815512&pubId=1&chanId=134288234697&placementId=439230887&dealId=&adsafe_par&impId=ABAjH0gQW6gwRNilMcIT30IbnOUo&bidurl=https://znaj.ua/
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.15.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-15-19.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 34f1e5f8af8aaca279ee963967a105015df79e3fd44cdc0c5ffdbdac0262b47a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/ Frame 6219 3 KB
1 KB 87ms
78ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/window_focus_fy2021.js

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:10:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Sep 2022 02:10:39 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6219 140 KB
43 KB 67ms
64ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba7478138664dfbadff2af30a268f4200a752a73d07dafb55937af20d1061357

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44050
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660737283953252"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 22 Aug 2022 02:34:12 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/ Frame 6219 17 KB
7 KB 61ms
52ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 01:53:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2426
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Sep 2022 01:53:46 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6219 0
0 56ms
49ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSkQLrH3-KnQ0xn3Vvo30RxzqBMZoua6gs0xHMaSEzH-YBT-P93VeUQqpJJjNk5euRUhvsSvl-aed93O6ZECRboG8Dx4w
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame DB54
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB1kFQ5BCjjdyB6etMRNFpM&google_cver=1

43 B
947 B

100ms
62ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB1kFQ5BCjjdyB6etMRNFpM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCj-8KCAhiX6YnOATAB&v=APEucNVOuj4uzgwNsIzIKlWtgyEhCsw4dpmFUt7osNJwXU_oZ6LHGj6jpSKTVRDS6w_GmLVPfWrHtBV9JoKKHvb0Ta-1ggorZrL_zLP1pZcXU_MfAlL45-UL7V7llpn8KuXqvY8ITX6ziH6t0HXsC1nCeHVDt58qxIzlPAlfWJ97_E5NnifVfzw
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 73e83542fad50686-LHR
pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofUkowVeGed7bF7GEpcKd%2FbfT0a1xlTSbVfB%2F87SC7pOT4zwwwx3hw0U2aFzvU5q9GiklzuDX0vKF%2FOPU7MERKyH2fxcbs%2F3xRvqxIagokcd8B39UYveCd3ab%2FcRZbySJCXOLcowVKDwdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB1kFQ5BCjjdyB6etMRNFpM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame DB54
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YwLrJNZi5FQ1zaBIwhs2mwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKJTp8R9cmYE7czJKTY4kEw&google_cver=1

43 B
908 B

64ms
63ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKJTp8R9cmYE7czJKTY4kEw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCj-8KCAhiX6YnOATAB&v=APEucNVOuj4uzgwNsIzIKlWtgyEhCsw4dpmFUt7osNJwXU_oZ6LHGj6jpSKTVRDS6w_GmLVPfWrHtBV9JoKKHvb0Ta-1ggorZrL_zLP1pZcXU_MfAlL45-UL7V7llpn8KuXqvY8ITX6ziH6t0HXsC1nCeHVDt58qxIzlPAlfWJ97_E5NnifVfzw
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 73e835445b9a0686-LHR
pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hr9iIz1xrtJXu%2FNfT5afYwC9C9x%2B%2BeMfx3odmpSvgOCb387flnhpslPOz0GgmKixaIR068DhnmYAlRisx%2Bp81w0RyY2vS7bLT6pMgFBEMPbdGzjQPRvsHAeqLycVaFQ6C3AHMEIShGSulg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKJTp8R9cmYE7czJKTY4kEw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame DB54
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOS-_FMwzdTeygUBqaer8Iw&google_cver=1

43 B
1020 B

41ms
41ms

Image
image/gif

37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOS-_FMwzdTeygUBqaer8Iw&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCj-8KCAhiX6YnOATAB&v=APEucNVOuj4uzgwNsIzIKlWtgyEhCsw4dpmFUt7osNJwXU_oZ6LHGj6jpSKTVRDS6w_GmLVPfWrHtBV9JoKKHvb0Ta-1ggorZrL_zLP1pZcXU_MfAlL45-UL7V7llpn8KuXqvY8ITX6ziH6t0HXsC1nCeHVDt58qxIzlPAlfWJ97_E5NnifVfzw

Protocol

HTTP/1.1

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:12 GMT
X-Proxy-Origin: 217.138.196.103; 217.138.196.103; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 9bcc5e0d-22fa-47e4-8d04-2571bfc3e9fa
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOS-_FMwzdTeygUBqaer8Iw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DB54
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjgyNzgwMjA1NjE2NjEwOTEwMw%3D%3D

170 B
243 B

113ms
57ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjgyNzgwMjA1NjE2NjEwOTEwMw%3D%3D

Requested by

Protocol

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:12 GMT
X-Proxy-Origin: 217.138.196.103; 217.138.196.103; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 35152329-4b43-42f7-8cf4-a23036e57364
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjgyNzgwMjA1NjE2NjEwOTEwMw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 9706
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB1kFQ5BCjjdyB6etMRNFpM&google_cver=1

43 B
910 B

92ms
65ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB1kFQ5BCjjdyB6etMRNFpM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRDAtZTXAxinw7jRATAB&v=APEucNXcOwRtLLBesBfySNJRRmWHPbJiY-mmX4m4FHe1jdnxUexwKFEB_S6zaWvy9IoeJ8-lAUdR61kJAVtBKNm87oy6huN4Avvx8YeQ479j44qD1lPUpB03Ij0IQ_wfUKVUxjlvxjbQsvTQrMwbgNofxsJyKRKbm8zBmE8ht1twk2IE-eVyxHE
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 73e83542fad40686-LHR
pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z3Yspps%2F6xjU4BCOnrvDhkG1vLkBjokl%2FKgVh542gNMZrRkb7hRu2yy6vaaGp3yVx7bmm6iZewp6NlrkaPd%2B0jGa0BpMUSU0i0GAP6wEpzCex%2FHMGMChF1I5t7n0WVKDw%2FdMz7LIl3sFVg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB1kFQ5BCjjdyB6etMRNFpM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 9706
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YwLrJDtuUFlOXibAFIzsjQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKJTp8R9cmYE7czJKTY4kEw&google_cver=1

43 B
906 B

61ms
60ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKJTp8R9cmYE7czJKTY4kEw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRDAtZTXAxinw7jRATAB&v=APEucNXcOwRtLLBesBfySNJRRmWHPbJiY-mmX4m4FHe1jdnxUexwKFEB_S6zaWvy9IoeJ8-lAUdR61kJAVtBKNm87oy6huN4Avvx8YeQ479j44qD1lPUpB03Ij0IQ_wfUKVUxjlvxjbQsvTQrMwbgNofxsJyKRKbm8zBmE8ht1twk2IE-eVyxHE
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 73e835445b980686-LHR
pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YtOZFiDWr%2Bn0SYsmUeLjEbL7cHi38ZSr49cuAH8VKYS2S%2Fr1zHu3tHovQLH6jfkPtoQEsYBEqvjeAX4Gbp8SEDm0rnxhbi15PTGNhdzpxWbT3oj8E76GZ9LNwlPmOs4e51r28JmicLamzw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKJTp8R9cmYE7czJKTY4kEw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 9706
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOS-_FMwzdTeygUBqaer8Iw&google_cver=1

43 B
1020 B

42ms
42ms

Image
image/gif

37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOS-_FMwzdTeygUBqaer8Iw&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRDAtZTXAxinw7jRATAB&v=APEucNXcOwRtLLBesBfySNJRRmWHPbJiY-mmX4m4FHe1jdnxUexwKFEB_S6zaWvy9IoeJ8-lAUdR61kJAVtBKNm87oy6huN4Avvx8YeQ479j44qD1lPUpB03Ij0IQ_wfUKVUxjlvxjbQsvTQrMwbgNofxsJyKRKbm8zBmE8ht1twk2IE-eVyxHE

Protocol

HTTP/1.1

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:12 GMT
X-Proxy-Origin: 217.138.196.103; 217.138.196.103; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: cf16c612-55ed-42e1-95cf-91dd75372f57
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOS-_FMwzdTeygUBqaer8Iw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9706
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjgyNzgwMjA1NjE2NjEwOTEwMw%3D%3D

170 B
232 B

72ms
58ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjgyNzgwMjA1NjE2NjEwOTEwMw%3D%3D

Requested by

Protocol

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:12 GMT
X-Proxy-Origin: 217.138.196.103; 217.138.196.103; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 235ca924-98b7-4d08-adcd-78f7d7a07b50
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjgyNzgwMjA1NjE2NjEwOTEwMw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6219 41 KB
15 KB 129ms
40ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CeRiRP83iN-n9jfIeT85LXPs6y6zoY9WTRsM1ujhAntCkMPsIOAU2tDbpCJSFH5h3wSFLkh8YSfm66nndx80YclmHc28v5EmyG2lSdZz4eJ-dD4pouKlLrIO8VhC-fxMq2i50om2E6N4yfX9VSSsV_sax9yQ&cry=1&dbm_d=AKAmf-DSK-l0NB1dONzUZkAHbnhQonzPFuYdmLRmqaxZuSpkPkcuK2Ko2FxlLBGQ1Fq4pmPLukhuRECNRM7z4ooJYjaSifZcmfrmHXSNoyY_irrNlp2XaIhJcfg1wck6g-4NiDBHPD5JEscLwzdGKqjRNKotWUbYdKCpahGJtoRf1pLUJxgXmJUInIrEjevs7MnBJh4cDq_gb2DAqh0HWulmVv30vQZi_YTVAvlCagBl24_Ge843ZVRE5Fkextnk7UlT-e39D8_qWMdEt4UOZj0hMcfIw7bp4Jx5Pto_KvoEPrJaczpQfl85TZ0fO4li9TMM2Q9uOTGDvRB9_of8nOaNG0UIeUES8Ncsr4LaZCS96ofr-KieKuT6i8fYOnnXDCRwO-zZLxzvHH2H_Juv8Sz1LYBW1MCwkY4e34if4J7Neo-qk79F-b7yBLBbgjfWPsEipzDorylTRriSezWjUYRKZ0f7n62bSzuslcgmSwtL80GW4y4hrLorDaI1TLWut43yEgkKALNABkPltnuwIWoEwvBLvCuzw77tWOlKvqF1BVOfmf3kABWTLMfGsNaAyZG-Kz21NMrks4RyQTbL8L1WIi-lOsffcTfszDoFOxbnczOSOVK9L6ocsFzj2W5rhUZOaQ7ffM5LCOfWj03czzGa_E9hGjTGKh9Vey7HSwx0DMSwKDdNqtJqw-pplERaY_22n79h3zLdDXRAC20VmxDXO1ui3iQfZrNzfR1Sn3NaCBhOwbrKH0meqk0CTvPCy4mg7ceojYrhX29AxpD5fmhzXX6eDpbGNmf5zXqnbachN4OIzbieJI3o7ZUqAZQVt-LOhgT3R0ze-nfA25D65tYwAi-h_Ou8sPNViqLiSVzE1WQeziEDUqaOamG1JB-Rdb0oyvCVufwYq06OcoT-2YZueT1VKScAl8mZEq-cbuLOIHJOGptFSO29dqBECR-OAEAZflww-xUeOb2iY-7o3G4-YrHrQuwwSObQWgWet5rKC5PXVHO4kl7wc36Bk9MxZt3uxIZ9pSeJiwQCX76jvf7AQV2C_mxoViuv97CE2RoF8FlaVxfdwQJvg3LQ9iPsHm44lg8DQSYsH4_Z0GoaVbaWZOda-U1HO-hOuOeWOzLjrtn0YMeIOoW6N5pD0wj3xC85EKsQLBWBKT8tiw2ZFoZ6plL3qob1FLHq9ZVnbnzvKx5RyugbCEEEfBcWSpcjpcMS6L9LbA2DXXAie6fGBK2QOqTmvtfamByDfyyRATzKzEgxhEvRn0RtGKbQE-ogc4HJ0Bo1o97HJgXhMvA1azEDxBgTLYhyVWTNUZO-vvn4HGUQQtmBKh7T17aXDgoC2ri6cUx3HAdIQKQM-GSKTLop5v33sfdNuTJawCfjWF8N2cl8N-8F-Xvtrd7mFRJb18blg_AyjsMC4UQlEEaWuTgXUxXPBvDkhdxEH-2xNkzr-OFfNgLvnCvnypnqiLvJnGjUkvsXjdpGLGC4_00k7G8qE3AMbTWq1v-V1-BVNx34aCKQH6MdeVOS3Ary55Jgu6BalxLP9bnznJjXIW08J_GZI7-gSrI3AjayLctzdhb_mpGqqUR7HHKbNE8beasO6u1mw1XBlY4C6LIW0e_MtWJn4zM2RiL57VIyWPTDRruiGD_iEi8nodSYclAT_U-dXbq7oKAkKJzaQEbRuhZVmcnKsuXzoWwXSTD_Y3iK8J3UIAdQmlSw9SQPMW43hs3bGfHmRE-_ipcnMPAQmrjy31tpnRHPEpFdX7rJLIkvsiwU7tfcypyW6EwJfZu_HqGLw7w5apykzcgEsM0rKP58wGCdkf3ZaDQkje0W_tK9nV_nR1Tuz-tXUd2IRavb3fiz-2JIhhrCh6TyYFVeUf1FxZmQz3OEIEGppDLJuyWSoo0tgUtoTPHVBh2b_cunoYF7GORAXwSqqyy3_S5G5j4sqj-AR9YbwUqjnzhS823DNHlsT5PdikFiMH9llyfYV2Z6zhLTGNmlth-XGbmgv7hEWNZlJuQvoOmD-5TPplBk7iO54mYr_h85dvLbdTsbrHpS7UxcWDv2yFwqxbL4ZNE5T0Ni_dxvCpmFxi5-_dGlo1PcfFDpzHbu9cOoL7u3R_KAWvviigRE_zuC08-gRM8_dIfFOwjOdHLm_6VE81CXjnCNv_Sxlmy1XMwJ8LjAv3PJQ0KYNn3Vi0pKILqn8M5S2XD8W5K84oR80EaCazjvlMTeHmMXMAqS5g-7QRhjTI3_hAEDCgFVnm2fpWcZdZzjhWl8B6ZuZTRbC8Jf7Ek9zw5NPtI03cd96qVe9wPMWcaC51bNtPvb_R3kDWMgcbw6lZEo8WwLqapfxKRIquqTzKMw4Uo-zngEbEm20KHvRDuHG6V2vwkpVVq7Iqq0qVzV_bauQKk28AvN6PFtZAxB6oZfzziHQtMF21_4DdSDE8AAwnhXTM8LOd5JMx4wcvZZLAwru-L1H3V4vxV4jTDdZraqvNBS_osq-I0TW7QY3k7OJxt0MmL2utTVxdQaTtfI_tgeXcFqSWCXCA73RZmCX6YwN4IXFBgj7IEaenpi6ny9_3LCNzRE2mQ_SeiJMfNoeOPPQaifapDc1OF0cRPxsKYcItD3W64837bzovkTUyPGD2vqrB9AzwMRyw6TuSbhAgu7Bz6g1g3HGvsGSwKN4olZ0rtRYvAxH1XaEnf2ywNd5m28Ztg33Vg-xzs0Y105eJOY6trFN1DbiaNZm7uW3N4sYE4fIWNl9Czg7x4uKe10fhR17VzlPKkEeCYCBjHSIq3lHtGBok6Y1Zgd3gugCWC8QzI9deAePxT2aqSpkkIZoa8sDb2ffMJqjVoV1ynmtCphQeXGcD4ZZg_IVgnoyBgA-MslgM7fN5R2SEpixe2c6eBE_kv2edFDtY9YoW2Swo0Vli9caqn-3H8zNFInFiv4ymz9ioETKvcGqfoPJGEjBGRYOgsoN4yQ4QoCRJm1FvjfRYaIlAJCU4A0UhglxEeY-W5V8Jw81fObxrdZIZ9lJlcK8Roi5vyDGO9A80XintqoWeoGFYFDJZYshYK45ETY2sOpJo7jkn4k1Dabje8jFZGbcU8qM9O3KHp0chSD0jBSnrBDqjej6wOMERhQB4WRoJXYd98ad75RFOW_xUPkOZQjFSwAM9k-t4L8mmScV81XgegfvSZsgqW_Bn3-syTDhYUMQBs0cg6eyzzufCepT_VWOUEnrf1CEy95cqD9eLy_eY6kKap15Sjep0d-xzzHaJMqNYXtOkZhDN-RUSLD7r5lY_Dkf8JE6HRlEflTrXxesVz1WfL0C2eM-m8wRPtwl7hIWzekyoBnVDeFEFFuSOg2M6PtAu09C-PzFs6vODl63et_8OiOYXR-AMPubhF48zXvQWA031dX_c_AdbR-c8Y9Uk8tX958CJEpovYgVst99Q8h5B6GFaN86qeAy8Nf-HLedBsQjd_EY693YINq6Vjcs20d3sXbzvkQkIt1yhS8ScMxENbRfd8SR6_fwVH3yVlVhKPVIjOn9_Hzw9RKVKzMl5Bjy5tzOxR05KhUFNeY2WxBc4P75gFJeT7NkHVpH85b3HjM9v9mu-i88g6RU7Ui-DW4fQoW&cid=CAASKORovITRzYf8sSd1lvmSWX5YclDD71BFELFLUO3zfwapa3JWyhi2lU0&rfl=1%2Chttps%253A%252F%252Fznaj.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 14:07:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 390409
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Aug 2023 14:07:23 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 2762 170 KB
59 KB 143ms
41ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
Origin: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 07:50:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67393
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Aug 2022 07:50:59 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220817/r20110914/elements/html/ Frame 2762 8 KB
3 KB 133ms
51ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220817/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D2Ytaf2nA6GZ9E6mpqux6646J6dXcZFO12emen5PwnFU0-5i3Y5aYFfqx-FJBvLTj1Jg19l1jpVMX3eoqq4RZDdJbf1TbKyL-WOcvW5wmnGS0xoSYjwmKM-UPDvM_bK5lWfPjaVEw7DeWn0g5TTdztI613DA&dbm_d=AKAmf-D8lsT-tgwFo8Z64jR-lH1W19Wz__Pg3NeYRJ3oMDYVJNDgK62uRDVtl_HI9Sdf6y2imlP-HT8f0sbw6iBZmnUd_xibp8UlQHkOg4FmDUifDCyvnSkRFqHxz9qMdC7nLzMiKCmyHIf85p0IpDOEMNR-sW48qN6b3AbUQd1jfl9_UWh6T0qKKwo9WOM9YGn40qqjHs_CvKbSxyiy8-Lz7HJ2979MqIxn-VtO7yXKeif95H5G12DMR98vNsc7F2ZyCr-dJNB3otCvJq2WheG2K33se-R5lYWfAl1DmH6kySp__mxToHp9Iy79Hn94H9E1d7-5q-TBJyrzbSg1_QPqXUermmqM2VCCOqrsRYLKeEEKM4f9sb16opjdDhVTXwqT_h9qDnFt8lqEovCZSeNM6fad3AawvlIgiMmtphN4Xodjw2vbaYvozhuXcBqjznKW9o9e62Vq02MISIfbMOjSIEc0sjTc3Duf1V-xWMGHUZBD5oUgQcZBShHyvnJljzLdNHsQlS_QvwMm3ksKQgLkk7oOxs6JBXJlZ5ZJyOZhfyeQHzpik6zXC6c2rq25rdCiPX98vQc1qOUJ-FQIofVgOrIoaXqgUQPSr3n4owwqT13q6UePkdY1pi1mr9K7nAWRqBRbC7GyqZMJpMf3wFKZlqjouVTxg4nnJp1M02i3owpeH1srO41I7UZArtTVkIk3JPnaLMUhFkeNorUPISz5CSdqXO40-v9KdfQ65S-Uz7B6vbmAPQEC68gIYyZ5_TInYILnrQb02nslxUCDVqsYJTGM8AT8_sakPGu39A-DaAIFYegGlHHXksRMMpDBfmwlPdD-gL1ylHOQ2pdl-2G7GHxI61LlzRZ-Xl4Q5zDV7aXYfX_ElUTWB9FMQ0yS_Am50aasVg3F_X_Z6sFTSTYD8LdHPiP87aOUMMsVW-JeALcmlifbVJCWr0xaYI67VBTUhoVdjjmlff3ZUn_hd_0ibbcIasMykZp6K0iONRCg_P5j_4fYwfoPtLGszg9k0m54rmtANr0kC2n4uNj-NmqKauZEgWcpywQxYmooEdpKo2aSW-iGZQy7sUo8-SqSB6mLz5gAzAGkSjXE9ww9VSYi16n6vIaSZC1YbhGx7o0aMaBSuDD8pLyzrG0gQO6-Y5JF91RKOz5aS4By2WKgQoAvXtP-nkUzjjs8KsZfPezEy3D1ZHmYS7Nv7aO117ArwNjYv2Raa1YcH74neZY1Les4P1kJFaQ2GqWwQwyXC4EZDP6U4LjmbKhMVoyq1vWSvWNzCdcfu6v5ftBnA1fskxsrT57yaO69syHKI0-cOH2JC5qo7l5YTCxYpttqVk_jDQvjzzt1R94R2DjYiUQDRF-gBsgXVEDzWcOtdK5mioVsBBWfuezThcGh0mqD8L2ZJpXR2l-Z2cKh1nLAMAtccj-mCLJ68S09EBrNSEiXQyKP4Z1diwOKb0SPEjD6Jsvp1drKrBL19lSw9U2RLkVbSWI9T7JxLgHUcwdUr9F1ZJKPDOOLpI4dB7Oxid8HRFMneDBFG0n3nBRnT8zrH6hfL6llVkW8t_2SytjypayUuhqpI8AqlaCkHpJqlYA9e1chydD9FdQFcc1FGeoKQlwzuPes6AKlw5xzFqw23MBS7gqXVz4J_B_WWjdUftGyNFdC6KYB9j5pCx6777RykuTQwoEr-TxKXtRkFKXmP5E2pwmBefnRQ64z_wOYkRlmfw9Zoyc7s6s0UbHc0weqd7jUQEJCqWbChjYF2Y39Z7yJJTP-FsYGTkowN0IEkEVDExd3G4gzHgqQagU25uoIOV9Kv9ZNOVCbcfWOPaNHG2haDDgfD8zk58ft1MAdb2zFhTyFrpBU7HR6mwiNpQFamnQggw2O1B3yBpH9gTeS7sP5trRgfKMO-Q-ydBr4LWYG1pei_59GpgIjGNV_KHCI9YVnUBpV6AUjJI3vQ_csVgsIGHbtqyb8YTeJH1KjCe93DQar5QEyY1_QDIJWfHAL3DkkVgIJikfPShQX4wKe0evZYyqz8WBCfUk8vjvwPsHUA0gv8owuTwge2AeZ8VVKPuNmdExDwZUSBObRJG1inZK-LOhe4IjMI3RfF1IqHFWiGoniNheHfYW_erdngVFQTJv3uJ_Id0TGqdQMRFkW1IjTNEvfPYUqe3qPJ__Pom7wwdLHdBN7HWbgQvIQviyGfoAO9mmN_axq9J6CRIb26_DeJetHH2wDxRRkTRhqro0nH0qj1OZ9cGoSAV5nQlzYWfCv-iKev9-aznpbV33-u_mJ-U3PvTr6Ls11qlGyPdVa8JejEgXhqV9ExVuEES8rUrCk7uPih322FNx17QPrBtIMxTn-V00t230PAZm6OctBuK7QIUb0q-bepaxbcdueoXSaW-KZXUhKin3IsvhfM8xuYRmXBzQgJ6q4GaKj6qH0pYwnbE7UpYBKmHEaGQ5l_hq-vFBaT8TATVltvCZeL1LAerFCi-zES5g38FbdYdMIrWAnCsxc9Se1drr7TWmwWL5P9vsp2ixkto45OaVmE7SC-QL5RZLwduRvg9piUT-wUNbQpWFdcdgo32gdCUAALt98JMQO04bX3wue0lG7yTnTUeANZdfb0QfDZ2wZJrTruxT2SALQA_HfW76tODtLCZiQvUEhcIdKhffmbIp1NOpgZywUy26EpGiModdCFkIS48EGiVyE68A8R9e2l6H8govT8UzGPl-Z8gexDTcsdfeDUjJi5TO-6RIYc9hTAIDEOLd5Cx0A225WkYpKAk-lprBYwge_kHl7fDIoD-GeSNp8I8Qf-zhL3UW9pvKuCgFi84cOxoghT8bUIEikapR9g8smrhdUYVK2ZRlL_7uTnhUr1sEZaQZKZoJ1J4fzVhJmjoJKKHlviWcwDdaaKgAqrL0SXzIW9_ub9SfkvxQPxgsBYGxj9no_qQTll4eK2YZI-_DwtWKhMEwnJX68TSTJxcGMNUpgkmnfM1_iATNwMhXTZag_fRcDINlDw-cfqsZkNFeicl4BS1Z6jNPk0KOkwVfmxFVxh5BODObBDyMZR-1kqfOieMXIv0pmz3OXIXl8EwVae3JWuaHusEOrvYH4HzvnLkhHnI7LrDiQEiGIcBnZR_6t6kj6sJGUc-K5E1Jbza2yyFd1IjtVSUFZYt_bSqxO1KyqJFi5TWhUe5sL3SoCEC3IK0wrSLfW9q2svj1uYkA0NvPhwGUh-XMKvaNyd56-fIXv_pJVjJFo5Py9lVS0lyEmVo8Be36aMKdYmoF7HTId_VEf1-05AlVq4tMAMKxMDv357NTQeY8wUzDxcfXkOBHXA3h2J6OKinF6QNR_rPNXoimAmYpkeYMkY7bY8XuK3MY6mjdvRgtWL94mUi0SIuJpTt1jCBWBUT730EtyE4Gjef3r7wZqoD6b95H8fiQqAaW0GnO_soO1RKcALxet_FF1A-_QJDUqdI91Ya03Z3CpV4Zv5pj2nShSluffVy6YyAaxJM9ab8LpBL6zH0P8dFfI4BGDaChw0rnaLhmXvlbHU9LQvAgDI9DtHuTfxx6TcOEaPdM1yPafUWT2FgfTl-rQPz49FbTIfja_oAx1yen7d3mrImgQNH-m0D0PG05lr1JTdCtp89KoJ65h-gMRhCozcD77f9zd-uc&cid=CAASKORooqt_2kyO4DVAb_Sn97V3wuZbnfVC5FjIb6pG4-rwHzRFZJoLUKY&rfl=2%2Chttps%253A%252F%252Fznaj.ua%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:14:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1170
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3181
x-xss-protection: 0
server: cafe
etag: 18418590997839133011
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Sep 2022 02:14:42 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220817/r20110914/ Frame 2762 30 KB
12 KB 120ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220817/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c0d0b5ecf5aa2cd5475929aefcb44d67c5d5cc8cbcdb3991e45f0944f0344619

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:12:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1286
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11819
x-xss-protection: 0
server: cafe
etag: 10563440404697844360
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Sep 2022 02:12:46 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 87 KB
29 KB 169ms
56ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

17d2a9596b37d5d8c0e8b46eda67f51c04e05703e5619deff979d5ef50563e91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:12 GMT
content-encoding: gzip
last-modified: Tue, 16 Aug 2022 07:20:45 GMT
server: nginx
etag: W/"62fb454d-15cfe"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 23 Aug 2022 02:34:12 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BA98 22 KB
8 KB 40ms
40ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 390408
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 17 Aug 2022 14:07:24 GMT
expires: Thu, 17 Aug 2023 14:07:24 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2762 41 KB
15 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 14:07:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 390409
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Aug 2023 14:07:23 GMT

GET
H3

200

dcmads.js Show response
www.googletagservices.com/dcm/ Frame 6219
Redirect Chain

https://fw.adsafeprotected.com/rfw/www.googletagservices.com/1140803/65042364/dcm/dcmads.js?adsafe_url=https%3A%2F%2Fznaj.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fadb6180ba519c7b3bb7cb1255eeeb8...
https://www.googletagservices.com/dcm/dcmads.js

23 KB
9 KB

41ms
40ms

Script
text/javascript

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a40641661b54c304ebe64ce944b1261fd061962a6f2b86558f3b3d98237ca0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:20:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 799
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8749
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 21:33:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 22 Aug 2022 03:20:53 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
x-server-name: app02.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://www.googletagservices.com/dcm/dcmads.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame F77D 80 KB
21 KB 191ms
46ms Script
application/javascript 2600:9000:214f:ac00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ac00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 11:54:48 GMT
content-encoding: gzip
age: 1089565
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: _eqpFy_tY7CBnJy8eXPj1z1OB-VvIFJfwu_r5WaTpSOEL_h1ujsBig==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
216 B 465ms
113ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1140803&asId=f995df1e-782f-979f-49b5-2aeb47c17789&tv=%7Bc:lZ1hI8,pingTime:-3,time:50,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:50,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B44~0%5D,as:%5B44~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C16*.1140803-65042364%7C161%7C162,idMap:16*,rmeas:1,rend:0,renddet:IMG.us%7D&br=c
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 463ms
113ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1140803&asId=f995df1e-782f-979f-49b5-2aeb47c17789&tv=%7Bc:lZ1hI9,pingTime:-6,time:51,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:51,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B45~0%5D,as:%5B45~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C16*.1140803-65042364%7C161%7C162,idMap:16*,rmeas:1,rend:0,renddet:IMG.us%7D&tpiLookup=ao:znaj.ua*&br=c
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
x-server-name: dt11.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 459ms
116ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1140803&asId=f995df1e-782f-979f-49b5-2aeb47c17789&tv=%7Bc:lZ1hIh,pingTime:-2,time:59,type:a,im:%7Bsf:0,pom:1,prf:%7BmdA:58,mdZ:351,beA:372,beZ:373,mfA:375,cmA:376,inA:376,inZ:380,prA:380,prZ:384,si:389,poA:391,poZ:414,cmZ:414,mfZ:414,loA:423,loZ:425,ltA:431,ltZ:431%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:ins%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:59,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B53~0%5D,as:%5B53~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C16*.1140803-65042364%7C161%7C162,idMap:16*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,sinceFw:40,readyFired:false%7D&br=c
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/ Frame 69B2 16 KB
4 KB 132ms
49ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5b0d192ee3b3cde3ce23571af9b2a7731f406f50f651a8963e6de0bc6ec97df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3824
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Aug 2022 02:34:12 GMT
expires: Tue, 22 Aug 2023 02:34:12 GMT
last-modified: Fri, 24 Jun 2022 10:52:05 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame EF34 22 KB
8 KB 40ms
40ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 390408
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 17 Aug 2022 14:07:24 GMT
expires: Thu, 17 Aug 2023 14:07:24 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js Show response
pagead2.googlesyndication.com/bg/ Frame BA98 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14118
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 21 Aug 2023 22:57:59 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 87 KB
28 KB 216ms
104ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

17d2a9596b37d5d8c0e8b46eda67f51c04e05703e5619deff979d5ef50563e91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:12 GMT
content-encoding: gzip
last-modified: Tue, 16 Aug 2022 07:20:45 GMT
server: nginx
etag: W/"62fb454d-15cfe"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 23 Aug 2022 02:34:12 GMT

GET
H3 200 impl_v90.js Show response
www.googletagservices.com/dcm/ Frame 6219 54 KB
21 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v90.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/www.googletagservices.com/1140803/65042364/dcm/dcmads.js?adsafe_url=https%3A%2F%2Fznaj.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fadb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fadb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:f995df1e-782f-979f-49b5-2aeb47c17789,c:lZ1hHB,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-94958994c-zrhjb,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C16*.1140803-65042364%7C161%7C162,idMap:16*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:18,oid:e83b5dc3-21c2-11ed-bc22-ca630748847d,v:19.8.343,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aafbe63767b52106445fc908e63387cf0c3064c6f9b9545d70b77b123f626cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 17:20:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 292399
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21331
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 13:07:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 17:20:53 GMT

GET
H3 200 oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js Show response
pagead2.googlesyndication.com/bg/ Frame EF34 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14118
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 21 Aug 2023 22:57:59 GMT

GET
H2 200 B28287778.343251070;dc_ver=90.265;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=2228999113;ord=mm91rq;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCKmJuI-sCY86nK6Sl9u8Pk4a8... Show response
ad.doubleclick.net/ddm/adj/N962070.4061249MIQUK/ Frame 6219 71 KB
28 KB 210ms
86ms Script
text/javascript 142.250.185.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N962070.4061249MIQUK/B28287778.343251070;dc_ver=90.265;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=2228999113;ord=mm91rq;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCKmJuI-sCY86nK6Sl9u8Pk4a8kAvt3orya7jaot-HEPAuEAEgjLXie2C7hoCA0AqgAdKx0-MoyAEJqQJuc2GIZdizPqgDAaoE1gFP0ANIZbwWGu6mfKul6jfBNZU9nHH2q0zGVEE2VtviBDPujX5HZsAG1dJeu0CLxw92rL6q-odGFrqQuCG1wIiYIBJ8PHunNjB18ZSbuYbSzNIDBHCnqQLFy2TPd-kX8_o54U48pEAh1scl6PvOXsVS9joIuQmr7IjvgyBL8OuR2p6zHj4GhXcsDykGZYukv-WAorzrzJtx-iRC7C1QWNuf8F6Rsw74qERzfyv2ZBhlM7aOFiPx2VSgrtC6-OihESnmOejGEkJWlNYLvtEI7ddYWDTNNxq4wATcu97nnQTgBAOQBgGgBk2AB9Lpo8MDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEgiI4YAQEAEYHTIDqoIBOgKAQIAKA5gLAcgLAYAMAbATo_uYENATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASKORovITRzYf8sSd1lvmSWX5YclDD71BFELFLUO3zfwapa3JWyhi2lU0%26sig%3DAOD64_3yMerytkXEWUZ8kAuL_yo7IyocJw%26client%3Dca-pub-8417126197537762%26dbm_c%3DAKAmf-A_8wYfB5tcla6zeu7FTXJah94tOZdVRd9FWg0B1jK8M1dx_Ghx5XroS1EUVPl4DguP3Wl_4mGn-wSKek5QtVLOOZUPrX2wd_sMEz9BRYOuxFy0FLLnemonP0pZbq3df1R6c9hi6WsvvX6fle1ARRGuAlwy8Q%26cry%3D1%26dbm_d%3DAKAmf-CWXYTQf9-XFRt4MpdfGlj3verTpJXG_TckI2aYgQYbqu1bBAm-AIYNsTqurLZMlHCaSSJdZcUQWQslvJNo-I0K9FqBU6gvRI7gI-Q5UhIqCfdvUJQ-a0DVlvh13dyw8xklbUWHeIZ9SRtnoCBUH7EIhyTq8KTXT5gcy2luW2ErsskYySozshUvthlySeevSMQxdTzXbmdJXezMOqzpTu3GOBZnlgii2QJQ_LQCKzyR1fINrdNBUXxpT2R7lHMqyHQ4fQk9urkN5aQ5l9vgx4D4kVQuFE8GqfJkoVH8eP3uQL0P8MD3KAenvbIuwt8tFqCWGYzQDi1nncMiriW-RKP-X05GU6qt1S6lwSFpalpZN8qq1Tfb0lejySRktUnvx_6wHj6vgnaQjoTmhbldXS4eXtNYvQA2dCLCdD4vOoI1YzV2zDV4sjTQVTw4NMw-ZbS_hxmM%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fznaj.ua%2F$0;xdt=1;crlt=m9nFSW1rbl;stc=1;chaa=1;sttr=58;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v90.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f6.1e100.net

Software

cafe /

Resource Hash

7e321f4cceaca8fee52e99125db17fc581830b1f5343e824b4f53a68db3ddf76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28431
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 305ms
114ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1140803&asId=f995df1e-782f-979f-49b5-2aeb47c17789&tv=%7Bc:lZ1hKJ,time:211,type:e,im:%7Bimprf:%7Bttecl:465,ecd:105,tsecr:28%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:211,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B205~0%5D,as:%5B205~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C16*.1140803-65042364%7C161%7C162,idMap:16*,rmeas:1,rend:0,renddet:IMG.us%7D&br=c
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 adlib.css
s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/ Frame 69B2 5 KB
2 KB 42ms
41ms Stylesheet
text/css 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/adlib.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab2aaa5ac5a63a5570f2cc7787732912e4fd0ed7d1119e759a30808eb0997fde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 16:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 555874
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1870
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 10:52:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Aug 2023 16:09:38 GMT

GET
H3 200 adStyle.css
s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/ Frame 69B2 8 KB
1 KB 43ms
42ms Stylesheet
text/css 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/adStyle.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4828c6ad4efd634304cec498cff429b284b6e5c8b0e46b2b3a97c5dc5357cf3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 16:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 555874
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1295
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 10:52:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Aug 2023 16:09:38 GMT

GET
H3 200 jquery-3.6.0.min.js Show response
s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/ Frame 69B2 87 KB
30 KB 44ms
43ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/jquery-3.6.0.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 16:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 555874
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31027
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 10:52:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Aug 2023 16:09:38 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 69B2 118 KB
40 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 07:51:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67392
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Aug 2022 07:51:00 GMT

GET
H3 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 69B2 57 KB
23 KB 98ms
98ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Aug 2022 02:34:12 GMT

GET
H3 200 clouds.png
s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/ Frame 69B2 166 KB
166 KB 50ms
50ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/clouds.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e203bf4d846838ef4f1ce11d389a2e8a00294d47f7b16a05d8bfb3488ebbdb08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 16:08:00 GMT
x-content-type-options: nosniff
age: 555972
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170210
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 10:52:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Aug 2023 16:08:00 GMT

GET
H3 200 clouds2.png
s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/ Frame 69B2 238 KB
238 KB 56ms
55ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/clouds2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

677491f0b9428937cd20093a883896aa11d31bc24a5375624dbf1a401c46527c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 16:08:03 GMT
x-content-type-options: nosniff
age: 555969
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 243220
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 10:52:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Aug 2023 16:08:03 GMT

GET
H3 200 splittext.min.js Show response
s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/ Frame 69B2 5 KB
3 KB 42ms
41ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/splittext.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a3a93ff195fb60e6bffb8600751899ca4743fe21f8c4c139bb504689e13d0e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 530843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2535
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 10:52:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Aug 2023 23:06:49 GMT

GET
H3 200 adlibUtils-v3.js Show response
s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/ Frame 69B2 25 KB
10 KB 46ms
46ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/adlibUtils-v3.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6aed3a238eccdba51ccad99da44ae89e563a5e561cff593bdaa35982b8cc16f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 03:54:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 340779
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10657
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 10:52:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 03:54:33 GMT

GET
H3 200 animation.js Show response
s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/ Frame 69B2 5 KB
1 KB 46ms
45ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/animation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63c68a5f82fcde8e8aeb5bcfa05a1ea332c5a9fc4e12c7ffcb3bead046e5bbd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 16:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 555874
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1260
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 10:52:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Aug 2023 16:09:38 GMT

GET
H3 200 weather.js Show response
s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/ Frame 69B2 3 KB
1 KB 49ms
48ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/weather.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

185f70e2babce5b925ddcedd3e97d1b338a842840919190b3a1a330a63f3cc3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 16:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 555874
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1085
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 10:52:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Aug 2023 16:09:38 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BA98 0
20 B 77ms
77ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BrfxWJOsCY_DPA4iTjuwPoayWoAcAAAAAOAHgBAI&bg=!gYKlgsbNAAYUOm8VNDo7ACkAdvg8WsB08Oxsp4KsVt-C6R-bNsxDNQDfKKtpVkBwPqe1u_DUN_S-6QIAAACGUgAAAAJoAQeZAt4VcQj5gjKMhDS8RDl7O6gd89XGhE0qFyZ4OMncRFO2Za4NvzxPDU7hq3TnCwyqS_SiyzMNssBN4LNwPNbgO6r1FtcFDTLl-JcPrI53NkY2X7I0c1Tuy18rziJyp1luXxBMPs2gd4IcT-VDnJFBQc7bKPZz_pw1ojPse_s6uRB_Vn-nN47k9obMAEzk8LTvlr5CcK0Klg4RoG3DQlRCpVGrjj_sD8bob853d6_Q9yr-XNTtCidoTfdzD1eYYCCngaJgr477WqF35TmEkkHDUVw06HyQfmuMn-Jp5WKi_4HV2mSLA93OcRKmUDvUWD_gRvAGxRJIJ1MWQyZ-c1_bKfBU1yDHW4r93UWRsdQOvciaqg5Dvh_tqas2p3CTvCYP3rrMSW-tyUEr6ZmqARzVuq7Z1QBqTQyCxLp0oyAMEjENTTvAbWSx758CRMrd4JTHwMKhFp0FwV7EsNjmVtTihJXvVczNu95j0sZcQrF_cRtD8v1ppFsI1JD-Y_VYaNiAlcSKuwVCACS4tauz2mEU_NZFwwflfCnGnTaKoZo-HjdKhuMLVi-R1OceksAAerObA8gO8w04gGsrT_xV9OrPRcaW3gn7uRlSPMqyyGpEcpheVK5gV2nWmrSz3Cu8hXDiyjPUw8DLcZZ2IWwtzjSF29H0JnLGrUH_RqvLuu2H_kjSG4bdFw0uIhUo4Anv1fgaUMVko6P_RvoJ694ysV2W6PIKFvzxSyWLqJqpOTvjWAr4Ki7UUx6b5fEWq7DXMJXouxgPsVWcTx7Uz7zGmDd4wrx_Ga2x4HjGDj5FhvZzAv-_q0L21cj7mAT8QHn0g33_ebmHVIbzmniYzlOw8XM0H8Is-1bBEApnzqhwJohyGTAeimyygvsAm_FHWupgLkqFJl-sk8LFJZUlTQURc5xuOdhLw7cApc0sClaC-SeTE48pLNC0WmFtmBa24rtO5FEjzHQnpW0rRyGYoPYFqRDfbg

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EF34 0
20 B 77ms
76ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B7MJnJOsCY7HeA6ii7_UPhLOckAYAAAAAOAHgBAI&bg=!5uWl5aHNAAYUOm8VNDo7ACkAdvg8Wi-0MhH93ZlXQi5GGKKNN3vXNrRyAaivX1eGHMgHqfBXsditNQIAAABcUgAAAAFoAQeZAytoyC74FzKg7g0S25TYuo55XiFUseR3hyscwD9CP3L-3F7wTfgTQnwKD4rVYojXXzsVgqQYtk_T84p1dnhQ0dWUDmUSEX39LagPSzMjTT_GdiEZMSoCtZ0GUQClBRNl6Mz99cruOalzZq1ic2n8uagXxeFUG0JtYk1JE-_045exCRl2m30atMUdWLEK8sAisdBiz3HQhZ08ydw4J4wn2CNewSMAjEu65pPuOEuWeU9KVv79piEX24KgdDDfuVkhTvxX7T9D8THC6u6GcN2_dP_72J4HeS7irfTR4XE_WbqzvxFaEOwTzjLPYs6mmuqtZxve4Ld9u-F47PdS7jprVdwwl4p9nwltRXNmCqp4cPGadLssD9fgLymlyJEDL0JyO6jgwQz9jMvfaawE6fG7yi0kaMWbWuzMARIjDTj62uy0rQkW86zWyrQvpZ82wO_X_JlacUtjZc88fx3w2O3xcU8HB1anotdtMh8VsEq6lB9XyAICBt7_bKyCBGUvsJo_qKBUIoWcqSxqFYcT5y_Xe3_3RgK22U-rePlA-KXEzgftqojRAxGtBijN99LZfgdQO-fW6r2VCycPq22ERmBp3Y2ncQfM1BXLaZdOakfS3TJe7_OpxmMK6eZLraeFYIaRoGso5hb-Y1t3cCuZkA9q1nCAYRg1Zr6poIH1HkvNOrfaOZFvVxyDXubltmKblv1PLTM3evLGNxQmzOTGCGRxOu-TUuIUBJccKoIVFPMSz6Q39BLNYz15ju8xyJYmsDhREA2HlSqtJEqBnZoTNLXEeZxtJfjDjKzyFCF0ucYBRWvY_76vPd_PK1rh5XirIhkVtSTz48-s-L0hh_UUEhXP_I_fofNIKcRSQ5HeNbSxexot6ZXDqAmZEb_7Bm_Ox1vjXGxASl8wgeYmjQt_kSvSwnTLcBNP6xM4VzAiiRtHe2nf-0d1kIVYepMQU8JVCdGINw8TqEoVlku2K2WkKfVZbYOjro0HSkomKGAMLsbws_TdC-Pc6qfkigWHGhlxKx9KvKKeclCS7shJrxNwhYARsaEDG0sSjgJsBSb2Jq89SYzeRUKyQmTK5uo-gbyq

Requested by

Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 69B2 7 KB
5 KB 133ms
51ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3629036ea09905965abbec2576a47fa0840741562ae50655567a2f5bd763cabf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Aug 2022 02:34:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5517
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 6219 170 KB
59 KB 122ms
41ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
Origin: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 07:50:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67393
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Aug 2022 07:50:59 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220817/r20110914/elements/html/ Frame 6219 8 KB
3 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220817/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N962070.4061249MIQUK/B28287778.343251070;dc_ver=90.265;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=2228999113;ord=mm91rq;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCKmJuI-sCY86nK6Sl9u8Pk4a8kAvt3orya7jaot-HEPAuEAEgjLXie2C7hoCA0AqgAdKx0-MoyAEJqQJuc2GIZdizPqgDAaoE1gFP0ANIZbwWGu6mfKul6jfBNZU9nHH2q0zGVEE2VtviBDPujX5HZsAG1dJeu0CLxw92rL6q-odGFrqQuCG1wIiYIBJ8PHunNjB18ZSbuYbSzNIDBHCnqQLFy2TPd-kX8_o54U48pEAh1scl6PvOXsVS9joIuQmr7IjvgyBL8OuR2p6zHj4GhXcsDykGZYukv-WAorzrzJtx-iRC7C1QWNuf8F6Rsw74qERzfyv2ZBhlM7aOFiPx2VSgrtC6-OihESnmOejGEkJWlNYLvtEI7ddYWDTNNxq4wATcu97nnQTgBAOQBgGgBk2AB9Lpo8MDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEgiI4YAQEAEYHTIDqoIBOgKAQIAKA5gLAcgLAYAMAbATo_uYENATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASKORovITRzYf8sSd1lvmSWX5YclDD71BFELFLUO3zfwapa3JWyhi2lU0%26sig%3DAOD64_3yMerytkXEWUZ8kAuL_yo7IyocJw%26client%3Dca-pub-8417126197537762%26dbm_c%3DAKAmf-A_8wYfB5tcla6zeu7FTXJah94tOZdVRd9FWg0B1jK8M1dx_Ghx5XroS1EUVPl4DguP3Wl_4mGn-wSKek5QtVLOOZUPrX2wd_sMEz9BRYOuxFy0FLLnemonP0pZbq3df1R6c9hi6WsvvX6fle1ARRGuAlwy8Q%26cry%3D1%26dbm_d%3DAKAmf-CWXYTQf9-XFRt4MpdfGlj3verTpJXG_TckI2aYgQYbqu1bBAm-AIYNsTqurLZMlHCaSSJdZcUQWQslvJNo-I0K9FqBU6gvRI7gI-Q5UhIqCfdvUJQ-a0DVlvh13dyw8xklbUWHeIZ9SRtnoCBUH7EIhyTq8KTXT5gcy2luW2ErsskYySozshUvthlySeevSMQxdTzXbmdJXezMOqzpTu3GOBZnlgii2QJQ_LQCKzyR1fINrdNBUXxpT2R7lHMqyHQ4fQk9urkN5aQ5l9vgx4D4kVQuFE8GqfJkoVH8eP3uQL0P8MD3KAenvbIuwt8tFqCWGYzQDi1nncMiriW-RKP-X05GU6qt1S6lwSFpalpZN8qq1Tfb0lejySRktUnvx_6wHj6vgnaQjoTmhbldXS4eXtNYvQA2dCLCdD4vOoI1YzV2zDV4sjTQVTw4NMw-ZbS_hxmM%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fznaj.ua%2F$0;xdt=1;crlt=m9nFSW1rbl;stc=1;chaa=1;sttr=58;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:14:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1170
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3181
x-xss-protection: 0
server: cafe
etag: 18418590997839133011
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Sep 2022 02:14:42 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9013 22 KB
8 KB 40ms
39ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 390408
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 17 Aug 2022 14:07:24 GMT
expires: Thu, 17 Aug 2023 14:07:24 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 main.19.8.343.js Show response
static.adsafeprotected.com/ Frame 6219 193 KB
60 KB 48ms
47ms Script
application/javascript 2600:9000:214f:ac00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.343.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=10933&advId=1008855322&campId=18082815512&pubId=1&chanId=134288234697&placementId=439230887&dealId=&adsafe_par&impId=ABAjH0gQW6gwRNilMcIT30IbnOUo&bidurl=https://znaj.ua/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ac00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2d58d46be1f35b78ccafcab30011144eeaf985c95227ab27d683fbb46cdf2ca9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 16:34:22 GMT
content-encoding: gzip
age: 899990
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 10 Aug 2022 18:33:46 GMT
server: AmazonS3
etag: W/"2a354ce8135fe47396c547d298dd1c1f"
vary: Accept-Encoding
x-amz-version-id: XdaPczT9hxfpUjvYqrD4cnU5x3Jkt2N0
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: 1laoXUwEyS5ZWx9jgz8C0V8-dzHKH0FaeFG7W9SjpoUgoqmsEw4WaQ==

GET
DATA 200
OK truncated
/ Frame 6219 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f963bb190eeddca38c46a47c1cf18eae4da0aee4beffe3adff88951a4226ab2a

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js Show response
pagead2.googlesyndication.com/bg/ Frame 9013 36 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 18:36:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28679
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14092
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 21 Aug 2023 18:36:13 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 69B2 17 KB
6 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 22 Aug 2022 02:34:12 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 112ms
112ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1140803&asId=f995df1e-782f-979f-49b5-2aeb47c17789&tv=%7Bc:lZ1hQv,pingTime:-10,time:569,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1661135652899%7C%7Cde54e8a2870cf58055a7a2aa605bd635%7C%7C6b9a00393fb1607b0ada13520f814ab5%7C%7Cef4ca071f7d0c60f437bd19e27319e87%7C%7C915182c3103906ac4af0951b38392243%7C%7Cffa983df55e6243119c9ba31c76cb468%7C%7C91d051c69b8ecd2ef9b8492064f84435%7C%7C898834cb5778ba4535897b6390177ded%7C%7C1629390669,im:%7Bpci:%7Btdr:508%7D%7D%7D
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 780B 80 KB
21 KB 44ms
43ms Script
application/javascript 2600:9000:214f:ac00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ac00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 11:54:48 GMT
content-encoding: gzip
age: 1089565
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: iZcNx77DLW0BKQVzWPBcMf4qHJ4iqxEHHR8dwatHk4z5G8LfUQI9fw==

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame 6219 43 B
216 B 48ms
48ms Image
image/gif 52.48.15.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=10933&advId=1008855322&campId=18082815512&pubId=1&chanId=134288234697&placementId=439230887&dealId=&adsafe_par&impId=ABAjH0gQW6gwRNilMcIT30IbnOUo&bidurl=https://znaj.ua/&adsafe_url=https%3A%2F%2Fznaj.ua%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fadb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fadb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:c0900d69-5257-731b-b3e9-bf5c948b94f3,c:lZ1hRc,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-94958994c-9mwsw,rg:ie,pt:1-5-15,mu:10000,br:c,an:n,oam:0,scm:publ1.grpm1,mtim:127,mot:0,app:0,maw:0,fm:tfcDUB2+11%7C12%7C13%7C14%7C1511%7C1512%7C1513%7C16*.10933%7C161%7C162%7C163%7C164,idMap:16*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:142,oid:e83e6a63-21c2-11ed-b699-661cff3de0a5,v:19.8.343,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.15.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-15-19.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:12 GMT
x-server-name: app04.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 113ms
113ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1140803&asId=f995df1e-782f-979f-49b5-2aeb47c17789&tv=%7Bc:lZ1hRt,pingTime:-2.1,time:629,type:a,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:590%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:39,o:590,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B584~0%5D,as:%5B584~728.90%5D%7D%7D,%7Bsl:i,t:590,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B39~100%5D,as:%5B39~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:330,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C16*.1140803-65042364%7C161%7C162,idMap:16.c0900d69-5257-731b-b3e9-bf5c948b94f3.24_10933%7C16*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:40,readyFired:false%7D&br=c
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:13 GMT
x-server-name: dt09.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 112ms
112ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=c0900d69-5257-731b-b3e9-bf5c948b94f3&tv=%7Bc:lZ1hRy,pingTime:-3,time:164,type:v,im:%7BpBlk:157%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:141%7D,%7Bpiv:0,vs:o,r:l,t:163%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:164,n:163,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:141,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B34~1,0~0%5D,as:%5B34~728.90%5D%7D%7D,%7Bsl:o,t:163,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B0~0%5D,as:%5B0~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tfcDUB2+11%7C12%7C13%7C14%7C1511%7C1512%7C1513%7C16*.10933%7C161%7C162%7C163%7C164,idMap:16*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:13 GMT
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 113ms
112ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=c0900d69-5257-731b-b3e9-bf5c948b94f3&tv=%7Bc:lZ1hRz,pingTime:-6,time:165,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:166,n:163,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:141,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B34~1,0~0%5D,as:%5B34~728.90%5D%7D%7D,%7Bsl:o,t:163,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B2~0%5D,as:%5B2~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tfcDUB2+11%7C12%7C13%7C14%7C1511%7C1512%7C1513%7C16*.10933%7C161%7C162%7C163%7C164,idMap:16*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&tpiLookup=ao:znaj.ua*&br=c
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:13 GMT
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 Grocery%20Top%20Up%20300x250_0_0_1.00.png_1659622119971_Grocery%20Top%20Up%20300x250_0_0_1.00.png
s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62a34312f1833dea5f348a60/original/ Frame 69B2 142 KB
142 KB 44ms
43ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62a34312f1833dea5f348a60/original/Grocery%20Top%20Up%20300x250_0_0_1.00.png_1659622119971_Grocery%20Top%20Up%20300x250_0_0_1.00.png

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c2635d9c37b1c0115d11a1763173935240d3543f725b3fa3c71e8535786a0a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 23:35:59 GMT
x-content-type-options: nosniff
age: 269893
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145752
x-xss-protection: 0
last-modified: Thu, 04 Aug 2022 14:08:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 23:35:59 GMT

GET
H3 200 300x600%20Black%20end%20Frame_31_376_1.34.jpeg_1659622119971_300x600%20Black%20end%20Frame_31_376_1.34.jpeg
s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62a33a1ef1833dccc9339036/original/ Frame 69B2 3 KB
3 KB 47ms
45ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62a33a1ef1833dccc9339036/original/300x600%20Black%20end%20Frame_31_376_1.34.jpeg_1659622119971_300x600%20Black%20end%20Frame_31_376_1.34.jpeg

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8df3737e35252890e3265f583bcb8fe43eeaf5184790f8cb71b874d0935e449

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 23:06:13 GMT
x-content-type-options: nosniff
age: 271679
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2662
x-xss-protection: 0
last-modified: Thu, 04 Aug 2022 14:08:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 23:06:13 GMT

GET
H3 200 blank.png_1659622119971_blank.png
s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/6270abe4fb31e77be3c52f66/original/ Frame 69B2 927 B
952 B 46ms
44ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/6270abe4fb31e77be3c52f66/original/blank.png_1659622119971_blank.png

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c45dbdb7b09412d6e8d0a108245bf284d53a80fe178119869ca65654c0621a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 23:06:13 GMT
x-content-type-options: nosniff
age: 271679
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 927
x-xss-protection: 0
last-modified: Thu, 04 Aug 2022 14:08:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 23:06:13 GMT

GET
H3 200 logoTeal_300x250.png_1659622119971_logoTeal_300x250.png
s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62a332a3f1833d647c3317c7/original/ Frame 69B2 3 KB
3 KB 50ms
49ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62a332a3f1833d647c3317c7/original/logoTeal_300x250.png_1659622119971_logoTeal_300x250.png

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8037f05bdb35a9d2605250c954836af6ed4c286963ad010cc5a0a00acb1ca863

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 23:06:13 GMT
x-content-type-options: nosniff
age: 271679
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3504
x-xss-protection: 0
last-modified: Thu, 04 Aug 2022 14:08:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 23:06:13 GMT

GET
H3 200 deliverooPresents_300x250.png_1659622119971_deliverooPresents_300x250.png
s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62a34461f1833dfdee34ae4e/original/ Frame 69B2 4 KB
4 KB 49ms
48ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62a34461f1833dfdee34ae4e/original/deliverooPresents_300x250.png_1659622119971_deliverooPresents_300x250.png

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40ae08ee0e301b4ef9a77f75aaa680ddafa332205c2a561f052bcbad06458ecf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 23:06:13 GMT
x-content-type-options: nosniff
age: 271679
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3688
x-xss-protection: 0
last-modified: Thu, 04 Aug 2022 14:08:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 23:06:13 GMT

GET
H3 200 deliverooLogoTeal_300x250.png_1659622119971_deliverooLogoTeal_300x250.png
s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62a33d96f1833d64de33e320/original/ Frame 69B2 5 KB
5 KB 48ms
47ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62a33d96f1833d64de33e320/original/deliverooLogoTeal_300x250.png_1659622119971_deliverooLogoTeal_300x250.png

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

679228128c055c95c964d662c30d47f041c778c8656c0613095cb8d90967e5b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 23:02:13 GMT
x-content-type-options: nosniff
age: 271919
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4715
x-xss-protection: 0
last-modified: Thu, 04 Aug 2022 14:08:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 23:02:13 GMT

GET
H3 200 300x250_4logo_Jun17_0_0_1.00.png_1659622119971_300x250_4logo_Jun17_0_0_1.00.png
s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62ac57106d9b2bd27c45c02c/original/ Frame 69B2 10 KB
10 KB 47ms
46ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62ac57106d9b2bd27c45c02c/original/300x250_4logo_Jun17_0_0_1.00.png_1659622119971_300x250_4logo_Jun17_0_0_1.00.png

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a27d4721d81f0986c6999946d5155f3940298cd14445218aef9b32b76595a58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 23:35:59 GMT
x-content-type-options: nosniff
age: 269893
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10459
x-xss-protection: 0
last-modified: Thu, 04 Aug 2022 14:08:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 23:35:59 GMT

GET
H3 200 300x250_FoodWeGetIt@2x.png_1659622119971_300x250_FoodWeGetIt@2x.png
s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62727bdafb31e7a3ecd5b8b2/original/ Frame 69B2 11 KB
11 KB 48ms
47ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10991353/cdn.ad-lib.io/v3/partners/5f97d957694f690006bb0887/assets/singleFiles/62727bdafb31e7a3ecd5b8b2/original/300x250_FoodWeGetIt@2x.png_1659622119971_300x250_FoodWeGetIt@2x.png

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63e1ad7a4f622e66907b25e98acaaec19bcb6e32e5cdbb75a52000a58f79492b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4365170200954273792/300x250-Spring2022/index.html?e=69&leftOffset=0&topOffset=0&c=hFCG9vnYYN&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 23:06:13 GMT
x-content-type-options: nosniff
age: 271679
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11732
x-xss-protection: 0
last-modified: Thu, 04 Aug 2022 14:08:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Aug 2023 23:06:13 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 113ms
112ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=c0900d69-5257-731b-b3e9-bf5c948b94f3&tv=%7Bc:lZ1hS2,pingTime:-2,time:194,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:842,beZ:843,mfA:969,cmA:970,inA:970,inZ:974,prA:974,prZ:978,si:984,poA:984,bl:999,poZ:999,cmZ:999,mfZ:999,loA:1007,loZ:1010,ltA:1036,ltZ:1036,mdA:843,mdZ:926%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.94,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:141%7D,%7Bpiv:0,vs:o,r:l,t:163%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:194,n:163,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:141,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B34~1,0~0%5D,as:%5B34~728.90%5D%7D%7D,%7Bsl:o,t:163,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B30~0%5D,as:%5B30~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C1512%7C1513%7C16*.10933%7C161%7C162%7C163%7C164,idMap:16.f995df1e-782f-979f-49b5-2aeb47c17789.31_1140803-65042364%7C16*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:51,readyFired:true%7D&br=c
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:13 GMT
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js Show response
pagead2.googlesyndication.com/bg/ Frame 3141 36 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12974
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14118
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 21 Aug 2023 22:57:59 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 112ms
112ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=c0900d69-5257-731b-b3e9-bf5c948b94f3&tv=%7Bc:lZ1hSf,pingTime:0,time:207,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:141%7D,%7Bpiv:0,vs:o,r:l,t:163%7D,%7Bpiv:100,vs:i,r:,t:206%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1,o:206,n:163,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:141,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B34~1,0~0%5D,as:%5B34~728.90%5D%7D%7D,%7Bsl:o,t:163,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B42~0%5D,as:%5B42~728.90%5D%7D%7D,%7Bsl:i,t:206,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~100%5D,as:%5B1~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:0,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C1512%7C1513%7C16*.10933%7C161%7C162%7C163%7C164,idMap:16.f995df1e-782f-979f-49b5-2aeb47c17789.31_1140803-65042364%7C16*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com
URL: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:13 GMT
x-server-name: dt11.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 dreamgirls-2022-02-11-tour-728x90.html Show response
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/ Frame EE1F 7 KB
3 KB 50ms
50ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69f015086a5f31adcbb81e1235b6c5a4bda89f7fbf21f3fde35e70ac900b7cd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2822
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Aug 2022 02:34:13 GMT
expires: Tue, 22 Aug 2023 02:34:13 GMT
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6219 0
575 B 208ms
81ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsud_TUHjvO4otWaLvrVHcDpHYTTDipfVBs8CKIsXZlUEO2_ns7yItNQCrZN9DTCacGwl_A7Q8m9CoBo7Owo5OHhuq29bpkXkOjU3SFO0A0niNzpNbkj6LBFYAfUzLcXuiKW6A37N0T2NmJNZUfrEjup&sig=Cg0ArKJSzHL136Iv1ueAEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=221&cbvp=1&cstd=218&cisv=r20220817.86214&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Aug 2022 02:34:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame EE1F 118 KB
40 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 07:51:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67393
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Aug 2022 07:51:00 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6219 0
63 B 79ms
79ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsud_TUHjvO4otWaLvrVHcDpHYTTDipfVBs8CKIsXZlUEO2_ns7yItNQCrZN9DTCacGwl_A7Q8m9CoBo7Owo5OHhuq29bpkXkOjU3SFO0A0niNzpNbkj6LBFYAfUzLcXuiKW6A37N0T2NmJNZUfrEjup&sig=Cg0ArKJSzHL136Iv1ueAEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=377&vt=11&dtpt=156&dett=3&cstd=218&cisv=r20220817.86214&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: znaj.ua
URL: https://znaj.ua/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Aug 2022 02:34:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 65ms
64ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022081701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js?cb=31069059

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd24044e3e18bb2acb67d8e3fc65e4ea2a9d68afa97d042d420a533c5218dd5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Aug 2022 02:34:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11104
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 2A50 15 KB
6 KB 184ms
61ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=znaj.ua

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6145
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 22 Aug 2022 02:34:12 GMT
server-processing-duration-in-ticks: 2200
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9013 0
20 B 77ms
76ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BGqh1JOsCY9LEKrXK7_UP5ZmJmAMAAAAAOAHgBAI&bg=!r6ylrOjNAAYUOm8VNDo7ACkAdvg8Wj5bAlEbPn4bP-9DyDO-B8RkhxNwmoAa_TZAgGN3csWICwCDgwIAAADUUgAAAAJoAQeZAtjo_giuIECOlSeYTDV3o52Dui1h0pgwDp_Qx0HQYPL9NF7rzZJMa1HNAedZtXoHIYDVa8l4wjBmRLLXZunJifcuu_8fmv4z2tTIiAhEvDuC2DWFDt8FonrQ68Xja6kQZWt1hqkJv-2v7N0Ak3NhvYjiKVWsAPQe4GyG_a7olKwL2qG1g6Af7uCcyLrYtb70jLI3J1OeIAvwX1CHhQGJZ96fJf6_Wb5wnYteSklHIJ1PVPy3oZjYM2_OmERMONezLyvM7EiavI4Fn2BAIs8wSBFVvTtj7jvxyUsmpS3AiFKc1medT-O-wkzGJlBAUcKbUAAbDIQdJkA8aKngl7gkvEMGV4wG85HiaSGMS84OnVvYQ_EHh19AG7rFKHAEa8dxrszHGEW_z6fa7z6EIMk7iT236pj1A9Gw7FuUqDjH4CMs4-i49jGqxRpIq7XRireolRSGoqql-XeE8PQv12x8kZxnRCdGmOpjI9XHQElbXXrTeRiFUl0Hgx5kJGimiLpjiq8OowI-Q7YCj8DH89L5OoxX6yqlV4HkSsrt7CLrPK-IjbtnkikDryFAflsiYAs-QXVQf9qQ76hdS-_rH8cDk4gcPChDtXcUVELEq_yFkyUvQ099YECwZ7D2zJ7KMbAuNqxaTZ8wap8cCXJQe-qg4in7PEz_O3dVMmTRJ9e5OnFoU862oaTNDKmlqNGbRnu66wz71xovPmC8gFKjs1LR-k7a-p54pOdZeygVvrdLiKRfk42nE24Py8ER-XzojIoTDH4CvORgeuMfTG3QLy_WNNUPfaSy9JxDPgCfGESr5SS3G7ruA2rrH0CqTtS7O-ZLWsGxcBj-r_19PzrjEsETbAIvkB_O9mRIcDhwccqN2q4GuDqY3csJcZqnG2UfgUJZZOU_sG0xL24oiGP19p84EuMGudB7pfYh_9PSDglkkVHI8rdcQP9eiTQga88MH-nyxMqLP9wpg4JiHQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 113ms
112ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=c0900d69-5257-731b-b3e9-bf5c948b94f3&tv=%7Bc:lZ1hVz,time:413,type:e,im:%7BpWait:27,pLoad:372%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:207,o:206,n:163,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:141,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B34~1,0~0%5D,as:%5B34~728.90%5D%7D%7D,%7Bsl:o,t:163,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B42~0%5D,as:%5B42~728.90%5D%7D%7D,%7Bsl:i,t:206,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B207~100%5D,as:%5B207~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:131,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C1512%7C1513%7C16*.10933%7C161%7C162%7C163%7C164,idMap:16.f995df1e-782f-979f-49b5-2aeb47c17789.31_1140803-65042364%7C16*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:13 GMT
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame EE1F 236 KB
63 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Aug 2022 02:34:13 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame EE1F 7 KB
6 KB 53ms
53ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99b6b313c8220f21faf2c3b25f92230a90f9bc263a1149927c4e813a59848466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Aug 2022 02:34:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5628
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081701.js?cb=31069059

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 22 Aug 2022 02:34:13 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame EE1F 17 KB
6 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 22 Aug 2022 02:34:13 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F79C 13 KB
5 KB 41ms
40ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 2999
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Aug 2022 01:44:14 GMT
expires: Tue, 22 Aug 2023 01:44:14 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D4FB 783 B
535 B 50ms
50ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7351553cdba1f119aaa6cc3f914b4a9e107801e99ea6224003e2c2ef7a4517b0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HSuZN3Ygy7bexzaN6op11A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-HSuZN3Ygy7bexzaN6op11A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 22 Aug 2022 02:34:13 GMT
expires: Mon, 22 Aug 2022 02:34:13 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 dreamgirls-2022-02-11-tour-728x90.js Show response
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/ Frame EE1F 32 KB
6 KB 42ms
41ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5d0175e1eb04eb4bf21c993a5e838eeed6a8c53861a0ce3eb540af9bb269a03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 18:41:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287574
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5880
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 18:41:19 GMT

GET
H3 200 oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js Show response
pagead2.googlesyndication.com/bg/ Frame 707D 36 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12974
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14118
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 21 Aug 2023 22:57:59 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 2A50
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=znaj.ua&sn=ChromeSyncframe&so=0&topUrl=znaj.ua&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=iBPhc3xWNTlQbzhYVmJxZjNacjUvUnh6a1hkcDVQZUNBRDBnaHQzU1p1Y0ZWQmZIZ00xWTNkR2lrd1o3cWx5UjhicStuSGlxRkNhV2VIeGgxS1orbVN1akltdVk3MW5sOTVLa2p3NCtoMUs1TWlndndmaVZyZGc3UHBQS2...

430 B
634 B

284ms
37ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=iBPhc3xWNTlQbzhYVmJxZjNacjUvUnh6a1hkcDVQZUNBRDBnaHQzU1p1Y0ZWQmZIZ00xWTNkR2lrd1o3cWx5UjhicStuSGlxRkNhV2VIeGgxS1orbVN1akltdVk3MW5sOTVLa2p3NCtoMUs1TWlndndmaVZyZGc3UHBQS21wQk9NL3J5SVRaY1lPSWFIaHhSSEQ1cEE3YTNFNnJLL2tLb2JRcFU0NGQvUzlnOVhCQ2RvclJOSE1NdVN5RWt4OXhwM2ZNcHZOb0xpUUl5STUyb3JNbjNDV3kydk9hVEZ6aGdLaFh0cUJTNG5CeTZBVGZ3Tk56QVhCeGVVMERSRmJ1THIyS3ZoK0EwR2xrVTlMeE9sWUUyd3Z0c283UT09fA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

6ea0994670c2393722a77f1c130597318d8abb89e6ee5dc09b753d4ac9d12dbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:13 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4527
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:13 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=iBPhc3xWNTlQbzhYVmJxZjNacjUvUnh6a1hkcDVQZUNBRDBnaHQzU1p1Y0ZWQmZIZ00xWTNkR2lrd1o3cWx5UjhicStuSGlxRkNhV2VIeGgxS1orbVN1akltdVk3MW5sOTVLa2p3NCtoMUs1TWlndndmaVZyZGc3UHBQS21wQk9NL3J5SVRaY1lPSWFIaHhSSEQ1cEE3YTNFNnJLL2tLb2JRcFU0NGQvUzlnOVhCQ2RvclJOSE1NdVN5RWt4OXhwM2ZNcHZOb0xpUUl5STUyb3JNbjNDV3kydk9hVEZ6aGdLaFh0cUJTNG5CeTZBVGZ3Tk56QVhCeGVVMERSRmJ1THIyS3ZoK0EwR2xrVTlMeE9sWUUyd3Z0c283UT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2016
content-length: 541
expires: 0

GET
H3 200 btnbooknow_off.png
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 10 KB
11 KB 41ms
41ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/btnbooknow_off.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1db60ba82b881d9af3697e233a6f02276713c2b375b19c2579ed53eda722f8a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:47 GMT
x-content-type-options: nosniff
age: 338906
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10721
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:47 GMT

GET
H3 200 oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js Show response
pagead2.googlesyndication.com/bg/ Frame F79C 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 22:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12974
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14118
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 21 Aug 2023 22:57:59 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D4FB 0
0 74ms
73ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022081701&jk=3760901169620905&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 btnbooknow_over.png
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 10 KB
10 KB 42ms
41ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/btnbooknow_over.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9638307069cbe334e9976df3f7821d8636dbe75ffcbbf88428f43199e93a1988

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:47 GMT
x-content-type-options: nosniff
age: 338906
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10278
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:47 GMT

GET
H3 200 dglbdreamgirls.png
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 28 KB
28 KB 42ms
42ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dglbdreamgirls.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28330bcd707be0cf81788de1c9f37b3378f9f812cba4d84e8bdfd33d6870a360

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:47 GMT
x-content-type-options: nosniff
age: 338906
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29036
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:47 GMT

GET
H3 200 dglbgirls.png
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 28 KB
28 KB 41ms
41ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dglbgirls.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

276120fe65d94ca153a9bda5a5cf039f04a83c49f065bef3df03a8fadf37d71c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:48 GMT
x-content-type-options: nosniff
age: 338905
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28883
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:48 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F79C 0
10 B 40ms
39ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?cpQkaQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:13 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 dglbquoteandimtellingyou.png
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 17 KB
17 KB 42ms
42ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dglbquoteandimtellingyou.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48321f0229cffbd1758272a53a07dd76bca1813c470639a9a43e0d282c063b57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:48 GMT
x-content-type-options: nosniff
age: 338905
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16917
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:48 GMT

GET
H3 200 dglbquotethedazzlingsoul.png
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 18 KB
18 KB 43ms
42ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dglbquotethedazzlingsoul.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e1dbadfbfa3484a8577de6b69dde3ae9fb0e68bd46a16c78011a88df2e8eb1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:48 GMT
x-content-type-options: nosniff
age: 338905
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18398
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:48 GMT

GET
H3 200 dglbthemultiawardwinning.png
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 14 KB
14 KB 43ms
42ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dglbthemultiawardwinning.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fafb3c75b7dcc2f2f3f85e5c5f97da32440d0a8e07abdc4459c69252db4b577

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:48 GMT
x-content-type-options: nosniff
age: 338905
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14312
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:48 GMT

GET
H3 200 dgleaderbgloop_00000.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00000.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e47337a15b8ab65f010139720ded635c7a0e7c080d5e0b95db5e2577e2bc536

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:48 GMT
x-content-type-options: nosniff
age: 338905
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23670
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:48 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6219 42 B
64 B 78ms
77ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstdjEc1GlH142ez05hTPwwnHfETQqjDxXOUIM71RIAqwCbNxKoZZeEwdDvs5gOdGmBnUDaj6-fSpaM_5prJF8prpfb4qQjmEfUOPN1AaVBffs78G-wLvQGshrNOzapllE6iyALuoR7pUN7XWw&sai=AMfl-YQ-kKO9m0tAmwmqppMJbU1icHlVcRI0YNMLjdIADp5oS02Kr3_jFb7nIRz1-ZhXGLodGMhNQmaTbtvczhibnjr1QcJj-DpSZ1WqAolYfSwfytuWSsfiK0zyADvig0vE&sig=Cg0ArKJSzIm7eqSRs2UWEAE&cid=CAASKORovITRzYf8sSd1lvmSWX5YclDD71BFELFLUO3zfwapa3JWyhi2lU0&id=lidar2&mcvt=1000&p=162,436,252,1164&mtos=801,1000,1000,1000,1000&tos=801,199,0,0,0&v=20220817&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3085723817&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1661135651958&rpt=854&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dgleaderbgloop_00001.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00001.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d4de0e3fd0954b59194f1c508e63b8178ea801a1a0fae2f8a2f97f44efb0681

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 20:01:43 GMT
x-content-type-options: nosniff
age: 369150
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23652
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 17 Aug 2023 20:01:43 GMT

GET
H3 200 dgleaderbgloop_00002.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00002.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

380b4b11473c388bbf8f3fc721c4fc25a7338e977e77630d8b5c567eb6c40587

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:48 GMT
x-content-type-options: nosniff
age: 338905
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23649
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:48 GMT

GET
H3 200 dgleaderbgloop_00003.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00003.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

67cb8600d30531d205f37094cbecfbc80818980fba2289ac596a262bfbe73045

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:48 GMT
x-content-type-options: nosniff
age: 338905
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23687
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:48 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 113ms
113ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1140803&asId=f995df1e-782f-979f-49b5-2aeb47c17789&tv=%7Bc:lZ1i6Y,pingTime:1,time:1590,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:590%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1000,o:590,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B584~0%5D,as:%5B584~728.90%5D%7D%7D,%7Bsl:i,t:590,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:144,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C16*.1140803-65042364%7C161%7C162,idMap:16.c0900d69-5257-731b-b3e9-bf5c948b94f3.24_10933%7C16*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:13 GMT
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 112ms
112ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1140803&asId=f995df1e-782f-979f-49b5-2aeb47c17789&tv=%7Bc:lZ1i6Z,pingTime:1,time:1591,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:590%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:590,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B584~0%5D,as:%5B584~728.90%5D%7D%7D,%7Bsl:i,t:590,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:144,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C16*.1140803-65042364%7C161%7C162,idMap:16.c0900d69-5257-731b-b3e9-bf5c948b94f3.24_10933%7C16*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:13 GMT
x-server-name: dt09.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 dgleaderbgloop_00004.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00004.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75da4d0539daa7d209a8f7f7dcbe934cf258e31c9e8671a635ef523e4d81544f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:49 GMT
x-content-type-options: nosniff
age: 338904
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23697
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:49 GMT

GET
H3 200 dgleaderbgloop_00005.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00005.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74f9cbbca53b9c55d8b06898a5ef81f8f6f36c81b1a275f3ee9d7c5544e6bf85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:49 GMT
x-content-type-options: nosniff
age: 338905
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23718
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:49 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 113ms
113ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=c0900d69-5257-731b-b3e9-bf5c948b94f3&tv=%7Bc:lZ1i8o,pingTime:1,time:1208,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:141%7D,%7Bpiv:0,vs:o,r:l,t:163%7D,%7Bpiv:100,vs:i,r:,t:206%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1002,o:206,n:163,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:141,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B34~1,0~0%5D,as:%5B34~728.90%5D%7D%7D,%7Bsl:o,t:163,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B42~0%5D,as:%5B42~728.90%5D%7D%7D,%7Bsl:i,t:206,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:116,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C1512%7C1513%7C16*.10933%7C161%7C162%7C163%7C164,idMap:16.f995df1e-782f-979f-49b5-2aeb47c17789.31_1140803-65042364%7C16*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:14 GMT
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 115ms
115ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=c0900d69-5257-731b-b3e9-bf5c948b94f3&tv=%7Bc:lZ1i8o,pingTime:1,time:1208,type:c,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:141%7D,%7Bpiv:0,vs:o,r:l,t:163%7D,%7Bpiv:100,vs:i,r:,t:206%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1002,o:206,n:163,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:141,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B34~1,0~0%5D,as:%5B34~728.90%5D%7D%7D,%7Bsl:o,t:163,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B42~0%5D,as:%5B42~728.90%5D%7D%7D,%7Bsl:i,t:206,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:116,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C1512%7C1513%7C16*.10933%7C161%7C162%7C163%7C164,idMap:16.f995df1e-782f-979f-49b5-2aeb47c17789.31_1140803-65042364%7C16*,rmeas:1,rend:1,renddet:DIV.qs.sn,metricId:publ1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:14 GMT
x-server-name: dt11.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 117ms
117ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=c0900d69-5257-731b-b3e9-bf5c948b94f3&tv=%7Bc:lZ1i8p,pingTime:1,time:1209,type:c,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:141%7D,%7Bpiv:0,vs:o,r:l,t:163%7D,%7Bpiv:100,vs:i,r:,t:206%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1003,o:206,n:163,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:141,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B34~1,0~0%5D,as:%5B34~728.90%5D%7D%7D,%7Bsl:o,t:163,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B42~0%5D,as:%5B42~728.90%5D%7D%7D,%7Bsl:i,t:206,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1003~100%5D,as:%5B1003~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:116,fm:tfcDUts+11%7C12%7C13%7C14%7C1511%7C1512%7C1513%7C16*.10933%7C161%7C162%7C163%7C164,idMap:16.f995df1e-782f-979f-49b5-2aeb47c17789.31_1140803-65042364%7C16*,rmeas:1,rend:1,renddet:DIV.qs.sn,metricId:grpm1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:14 GMT
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 dgleaderbgloop_00006.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00006.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbcf1c032da7bd6c82af25c445ae9e4f39dff4ffc9646791b0f4ca52aec69986

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:49 GMT
x-content-type-options: nosniff
age: 338905
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23729
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:49 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6219 42 B
64 B 75ms
74ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvw3A3ubcIHtf0boijVEMT4PWUX0ob5_TVrUZNnUeqGYakIIVSzpEKZmWrEbiXWPYGfky5JG8CR0zB0OPFJLvLcAosrJXXU&sig=Cg0ArKJSzBlXJ7gqjD-LEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220817&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=34&adk=2228999113&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1661135651958&rpt=1093&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dgleaderbgloop_00007.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 45ms
44ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00007.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

121d0ae80fda296d9745c565494113cada3389dc30440314f8febb497a80d1ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:49 GMT
x-content-type-options: nosniff
age: 338905
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23728
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:49 GMT

GET
H3 200 dgleaderbgloop_00008.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00008.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c5b38ee9f007462c83b2d5f73c9a0c6ed35bf3ea4b0585457e1da9789fb309a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:50 GMT
x-content-type-options: nosniff
age: 338904
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23706
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:50 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 78ms
77ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022081701&jk=3760901169620905&bg=!ERKlElbNAAYUOm8VNDo7ACkAdvg8WkBk5U1Ikws-Asg6u8nLbwYAhjq2gWITmpjlSUEzRNsJIuxRGAIAAACHUgAAAAhoAQeZAqNdGWxaoto1nPLwuyHtV7Hk4LZt0a1A1L8BdfIUWb5wjBlCbdWs1A_y2BHgCJ7JYsXY4NxUMR-HcOhmst0ifE_DUARIZpPk6TVKrA9bNQNhU_neWXUt_HBYKNIO3-CCpwKTi9Q8d4H_Z9Q6p5SW5SVduHPzir9U8_Kj_c6iwS9VR6WW9owblYpWZPtSqYlciWBfsGWE5sYtK-eK1CEXNrFidAdwTEUZBGlb1lzOgGQCAudEBR6qdoKH7FQxpzpvlvA1my13FxzJLSvMUgd9GfT9yM45Y1nLbKxc9sswRqZzrey531rdCue_lznuqPEKgJVZScVJSBM0BBrhKjtrHoGNczrM1KVTMech4xlFHXSci1YwYZTmoPy7tN6LmgYwT7905jhGt9uzGxqzbGZgVu_PuKLc9gD_nJJ-nE_Bdx8sbIUStInEvYf_f01ScZut8JXsX_LHREze1K1C4O0IKahEcsyMC5PPYPquMsbt3VwIEiqJPbrCtAjRlHfXQM27P42KLhodlp9Ml67muYhFDe7BxC-vLaN0q_LrX5i2WSJD8IOWIKZv70TgIVdcpVLg6PESrUmDlKe1yeBgNXKYGJAYRC8rV9W9p-OQ3Tu3m_OEyfk0kVh-plEO4JTtD_utXwY-NP7gBe4S3hXS-Y_ePboH_IEBzA71pZzldPv_N0Pp_Gwo9_qLOb4Ddb78Ap9G3cpEXlSSqZHXR-DsDJzDS7vmvpzVFG1sasR-Vr6P-dSn4Cn4QAbWdgY_iBrmSHym5kDdpTk-Jysswy5zHYL3-J_qJWGd4oWcfaUFbeV_PODcO7x3ovcYcJjPj7LiuPZSEG9CZrzWm4KQp1VOHIlxt24RT44fbRlmC4FGUa1SM21J18pEzYww6oU7QGH23KCLSqir_pA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 dgleaderbgloop_00009.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00009.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ddeba3ee9fe36ab82fdd487aabf1a1e536c22554712d7552f8f8a5fab83ec9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:50 GMT
x-content-type-options: nosniff
age: 338904
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23655
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:50 GMT

GET
H3 200 dgleaderbgloop_00010.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00010.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de8c741693fe280acb143395db07491670bec31eb3f346dc0a88b2b594b2b871

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:50 GMT
x-content-type-options: nosniff
age: 338904
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23654
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:50 GMT

GET
H3 200 dgleaderbgloop_00011.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00011.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddfb2aa96a02cde12d251663848edc78a9a96835ef3749351f47c83af75c83dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:50 GMT
x-content-type-options: nosniff
age: 338904
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23579
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:50 GMT

GET
H3 200 dgleaderbgloop_00012.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00012.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41132953ff612049f9c7cfb96f3919f224991f04bec8f4ab9fb0e0f5653963d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:51 GMT
x-content-type-options: nosniff
age: 338903
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23553
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:51 GMT

GET
H3 200 dgleaderbgloop_00013.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00013.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6fef7d468b0afeef1156901f01c927e0be3d641b5b97e5d2dd1214001ffa1df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:51 GMT
x-content-type-options: nosniff
age: 338903
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23572
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:51 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6219 43 B
215 B 113ms
112ms Image
image/gif 67.202.46.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=c0900d69-5257-731b-b3e9-bf5c948b94f3&tv=%7Bc:lZ1ieF,pingTime:-10,time:1597,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1661135652899%7C%7Cde54e8a2870cf58055a7a2aa605bd635%7C%7C6b9a00393fb1607b0ada13520f814ab5%7C%7Cef4ca071f7d0c60f437bd19e27319e87%7C%7C915182c3103906ac4af0951b38392243%7C%7Cffa983df55e6243119c9ba31c76cb468%7C%7C91d051c69b8ecd2ef9b8492064f84435%7C%7C898834cb5778ba4535897b6390177ded%7C%7C1629390669,sca:%7Bspg:f995df1e-782f-979f-49b5-2aeb47c17789%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.202.46.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-67-202-46-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adb6180ba519c7b3bb7cb1255eeeb83f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:14 GMT
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 dgleaderbgloop_00014.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00014.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

615262d5111f22a0a9424d01819bd1e251235fbe7cba08a0ba0318f5f37467a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:51 GMT
x-content-type-options: nosniff
age: 338903
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23653
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:51 GMT

GET
H3 200 dgleaderbgloop_00015.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00015.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6724a0e6d61fb2a7136d5c60e5658c5829bb3f2ce8bc00581677390c887e56da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:51 GMT
x-content-type-options: nosniff
age: 338903
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23666
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:51 GMT

GET
H3 200 dgleaderbgloop_00016.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00016.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

880db62d367dc489e3f3b706fc993d33378d1d3d25d3ad42b605755b0d32dc9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:51 GMT
x-content-type-options: nosniff
age: 338903
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23666
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:51 GMT

GET
H3 200 dgleaderbgloop_00017.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00017.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25a789aef9368a83a42bddf61fca01ea06b5ac9983098a17ab1c868b8d180b8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:51 GMT
x-content-type-options: nosniff
age: 338903
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23689
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:51 GMT

GET
H3 200 dgleaderbgloop_00018.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 43ms
43ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00018.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efc23e854b2f8e8decb55eac2047c189acd85513c01cf0118fc7a13f458c22b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:51 GMT
x-content-type-options: nosniff
age: 338903
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23687
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:51 GMT

GET
H2 200 sync Show response
eb2.3lift.com/ Frame E464 37 B
140 B 158ms
41ms Document
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Mon, 22 Aug 2022 02:34:14 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame B610 52 KB
17 KB 252ms
29ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 78365
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 22 Aug 2022 02:34:14 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 3, 322674
X-Served-By: cache-lga13621-LGA, cache-lcy19246-LCY
X-Timer: S1661135655.902174,VS0,VE0

GET
H/1.1 200
OK sync.html Show response
s.console.adtarget.com.tr/ Frame C021 1 KB
994 B 737ms
255ms Document
text/html 2a06:8640:684:0:ae1f:6bff:fec1:b314
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.console.adtarget.com.tr/sync.html?aid=755289
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:8640:684:0:ae1f:6bff:fec1:b314 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 8a77716d191bdcbb71ccafbe17e67b9e6f45d58e3c7477e3c9b7d7b9321c6f5a

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://znaj.ua
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 699
Content-Type: text/html; charset=UTF-8
Date: Mon, 22 Aug 2022 02:34:14 GMT
Server: Adtelligent
X-Robots-Tag: noindex

GET
H2

200

/ Show response
ads.us.e-planning.net/uspd/1/ Frame 6600
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID

985 B
1 KB

38ms
38ms

Document
text/html

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Rijswijk, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: c6dbbd98b053209d7de4f0df63e6be55a56fc5400c59dfbcf0f3352d951eded1

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: max-age=0, no-cache
content-length: 985
content-type: text/html
date: Mon, 22 Aug 2022 02:34:14 GMT
expires: Mon, 22 Aug 2022 02:34:14 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: AMS-611

Redirect headers

content-type: text/html; charset=iso-8859-1
date: Mon, 22 Aug 2022 02:34:14 GMT
location: /uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: AMS-611

GET
H2 204 d
ic.tynt.com/r/ Frame D990 0
0 551ms
112ms Document
text/plain 67.202.105.34
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ic.tynt.com/r/d?m=xch&rt=html&gdpr={gdpr}gdpr_consent={gdpr_consent}&us_privacy={us_privacy}&ru=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D304056%26extuid%3D33XUSERID33X
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.34 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip34.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
date: Mon, 22 Aug 2022 02:34:15 GMT
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
server: nginx/1.16.1

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame CB92 3 KB
2 KB 237ms
53ms Document
text/html 23.47.209.6
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.209.6 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-209-6.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Mon, 22 Aug 2022 02:34:14 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame C7A8 281 B
554 B 187ms
53ms Document
text/html 92.123.9.160
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-9-160.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 22 Aug 2022 02:34:14 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK sync.html Show response
s.adtelligent.com/ Frame 4632 1 KB
1 KB 739ms
28ms Document
text/html 2a0c:5c81:5139::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=651796
Requested by: Host: cdn-b.notsy.io
URL: https://cdn-b.notsy.io/zna/ym.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5139::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 2da35fbda1d1846dafe19cd1bc79afce518145cf24e6e7f318c5c4a18b811a0b

Request headers

Referer: https://znaj.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://znaj.ua
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 788
Content-Type: text/html; charset=UTF-8
Date: Mon, 22 Aug 2022 02:34:14 GMT
Server: Adtelligent
X-Robots-Tag: noindex

GET
H/1.1

200
OK

csync
sync.adtelligent.com/
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D297253%26extuid%3D%24UID
https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=2827802056166109103

0
387 B

885ms
183ms

Image
text/plain

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=2827802056166109103
Protocol: HTTP/1.1
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 22 Aug 2022 02:34:14 GMT
Server: Adtelligent
Etag: bb064b5d644cb8ca
Content-Length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:14 GMT
X-Proxy-Origin: 217.138.196.103; 217.138.196.103; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 2ccfc9b0-2921-47a4-9008-5a30fbf3a9f5
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=2827802056166109103
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 dgleaderbgloop_00019.jpg
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00019.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f35777e2957a688bb14618c07aa6275f9f2d0dca45925e8c5cc2e74257da0657

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:52 GMT
x-content-type-options: nosniff
age: 338902
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23653
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:52 GMT

GET
H3 200 logoatgtickets.png
s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/ Frame EE1F 3 KB
3 KB 42ms
41ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/images/logoatgtickets.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15bc29f24f0d6bed39a0f91906b52cec8faa9aeff44a3ae7e7d03c2b32bd29cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18053586476339298304/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=zIj6HvKJDC&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 04:25:52 GMT
x-content-type-options: nosniff
age: 338902
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3174
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 09:10:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Aug 2023 04:25:52 GMT

GET
H/1.1 200 ptag Show response
a.audrte.com/ Frame 6600 5 KB
2 KB 492ms
114ms Script
text/plain 18.210.31.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.audrte.com/ptag?p=M1353665098
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.210.31.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-210-31-151.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 1a951a5fd0223bbda430873cec8b3f62d64e53cca21ec7934fd1cb6f7ec883fd

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 22 Aug 2022 02:34:15 GMT
Content-Encoding: gzip
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/plain;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-transform, public, max-age=3600
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1683

GET
H2

200

um
u-ams02.e-planning.net/ Frame 6600
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D183ae50b0d9ddbbe%26uid%3D%24UID
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=183ae50b0d9ddbbe&uid=2827802056166109103

42 B
104 B

120ms
35ms

Image
image/gif

5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=183ae50b0d9ddbbe&uid=2827802056166109103
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Server: 5.178.65.246 Rijswijk, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
server: openresty
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:14 GMT
X-Proxy-Origin: 217.138.196.103; 217.138.196.103; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 75dd7a84-ea78-4033-92f2-daf3c12df857
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=183ae50b0d9ddbbe&uid=2827802056166109103
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 5EB8
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_eu&endpoint=eu
https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu

281 B
554 B

52ms
52ms

Document
text/html

92.123.9.160
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-9-160.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 22 Aug 2022 02:34:15 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 22 Aug 2022 02:34:15 GMT
location: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
server: AkamaiGHost

GET
H2 200 navegg_2022_01_br.html Show response
i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/ Frame D911 1 KB
988 B 219ms
59ms Document
text/html 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=157680000
cf4age: 46
cf4ttl: 157680000.000
content-encoding: gzip
content-length: 624
content-type: text/html
date: Mon, 22 Aug 2022 02:34:15 GMT
etag: W/"61ddbb71-5f5"
expires: Sun, 10 Jan 2027 17:30:12 GMT
last-modified: Tue, 11 Jan 2022 17:16:33 GMT
server: CFS 0215
x-cf-rand: 58.812
x-cf-tsc: 1641922259
x-cf1: 29080:dC.waw1:co:1585621119:cacheN.waw1-01:D
x-cf2: H
x-cf3: H
x-cff: B

GET
H2 204 /
onetag-sys.com/usync/ Frame 149A 0
0 130ms
41ms Document
text/plain 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=5927d926323dc2c

Requested by

Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 / Show response
spl.zeotap.com/ Frame 0EDD 8 KB
2 KB 176ms
71ms Document
text/html 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 572102d99918e4120437dbadb2f9a6456187056005dfaaf32f1c32d91238fe68

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://ads.us.e-planning.net
cf-cache-status: DYNAMIC
cf-ray: 73e83553ad5f23c7-ZRH
content-encoding: br
content-type: text/html
date: Mon, 22 Aug 2022 02:34:15 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
vary: Origin
via: 1.1 google

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame C7A8 31 KB
10 KB 53ms
52ms Script
text/html 92.123.9.160
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-9-160.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ebf9218a016a4a06e257c70b58ebef5da0dc3ae22a3e28b9d394e688f54a228a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 22 Aug 2022 02:34:14 GMT
Content-Encoding: gzip
Last-Modified: Wed, 17 Aug 2022 13:55:35 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=41800
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9442
Expires: Mon, 22 Aug 2022 14:10:54 GMT

GET
H2 200 usermatch Show response
ssum-sec.casalemedia.com/ Frame B5FA 2 KB
2 KB 189ms
84ms Document
text/html 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fznaj.ua%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 072ce8b9527168472aa0060e296a9204f9041c272df57405a140cc003a4645a5

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73e835541e548879-LHR
content-encoding: br
content-type: text/html
date: Mon, 22 Aug 2022 02:34:15 GMT
dropped-udsids: 39|230|241|46|206|195|13|188
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DQXka596nt1d4VPKThSUD6wiM9WSovUN%2BloSqDHkQBatqkMXE%2BbSoQpINwjFw7ZN2BYEOwRI1uj9xB1rnbxR4iqPTBi6m%2B0qWtPF44IUxq923xDBSIV7TVAJTvuA7yDinK9JWVHk6%2FFRCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame B610 0
747 B 41ms
41ms Script
text/html 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:14 GMT
X-Proxy-Origin: 217.138.196.103; 217.138.196.103; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: dce5b3cb-52c6-4ba5-b993-da6d5dad5f80
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame 0EDD 0
0 42ms
41ms Image
text/html 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 0EDD 170 B
188 B 51ms
50ms Image
image/png 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 0EDD
Redirect Chain

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
https://mwzeom.zeotap.com/mw?cid=b8fdb45a-b905-47a5-a939-db37d7be1f9a&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64...

95 B
153 B

86ms
73ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=b8fdb45a-b905-47a5-a939-db37d7be1f9a&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 73e835556e3023c7-ZRH
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://mwzeom.zeotap.com/mw?cid=b8fdb45a-b905-47a5-a939-db37d7be1f9a&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2 403 /
dmp.adform.net/serving/cookie/match/ Frame 0EDD 0
331 B 342ms
45ms Image
text/plain 37.157.4.40
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 0EDD 70 B
264 B 147ms
40ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3fa5-7fbf-4ec8-460b-ff099b3c5218%26reqId%3D4c5e1d18-ad8e-4e64-4dfe-ae78351325ad%26zdid%3D1361&gdpr=0&gdpr_consent=
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 cm
trc.taboola.com/sg/zeotap/1/ Frame 0EDD 0
163 B 225ms
86ms Image
text/plain 2a04:4e42:200::300
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms: 26
date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 varnish
server: nginx
x-timer: S1661135655.219783,VS0,VE26
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-mxp6968-MXP

GET
H/1.1 200
OK u
dmp.v.fwmrm.net/ad/ Frame 0EDD 0
411 B 591ms
105ms Image
text/html 2600:1f18:6593:f601:611c:90e2:c181:1fe2
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:6593:f601:611c:90e2:c181:1fe2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:15 GMT
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control: no-store
Connection: keep-alive
Content-Type: text/html
Keep-Alive: timeout=300
Content-Length: 0
Expires: 0

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 0EDD 0
166 B 340ms
34ms Image
text/html 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=0&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3fa5-7fbf-4ec8-460b-ff099b3c5218%26reqId%3D4c5e1d18-ad8e-4e64-4dfe-ae78351325ad%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:14 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 0EDD
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=136...
https://mwzeom.zeotap.com/mw?cid=7f35fb6f-8721-4036-b7fe-3b643022d64b&zpartnerid=317&gdpr=1&gdpr_consent=

95 B
153 B

86ms
72ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=7f35fb6f-8721-4036-b7fe-3b643022d64b&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 73e83555ee8023c7-ZRH
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://mwzeom.zeotap.com/mw?cid=7f35fb6f-8721-4036-b7fe-3b643022d64b&zpartnerid=317&gdpr=1&gdpr_consent=
pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 0EDD
Redirect Chain

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
https://mwzeom.zeotap.com/mw?cid=60534346777315418983856663766662412598&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-...

95 B
153 B

70ms
69ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=60534346777315418983856663766662412598&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 73e83555be6c23c7-ZRH
access-control-allow-headers: *
content-length: 95

Redirect headers

DCS: dcs-prod-irl1-2-v038-043538ae8.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: gaxFWX12TEU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://mwzeom.zeotap.com/mw?cid=60534346777315418983856663766662412598&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 204 /
loadeu.exelator.com/load/ Frame 0EDD 0
324 B 250ms
44ms Image
text/plain 34.254.143.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 0EDD
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
https://mwzeom.zeotap.com/mw?cid=7134523312449124502&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-...

95 B
181 B

85ms
71ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=7134523312449124502&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 73e835556e3123c7-ZRH
access-control-allow-headers: *
content-length: 95

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=7134523312449124502&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Date: Mon, 22 Aug 2022 02:34:15 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3 200 receive
pixel.tapad.com/idsync/ex/ Frame 0EDD 95 B
113 B 37ms
36ms Image
image/png 35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

QUIC, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 0EDD
Redirect Chain

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://mwzeom.zeotap.com/mw?webouuid=3D4nXXdZtXmYeURuUssj8e&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e...

95 B
153 B

70ms
70ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?webouuid=3D4nXXdZtXmYeURuUssj8e&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 73e83556aeca23c7-ZRH
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
last-modified: Mon, 22 Aug 2022 02:34:15 GMT
server: Weborama Collect Frontend
location: https://mwzeom.zeotap.com/mw?webouuid=3D4nXXdZtXmYeURuUssj8e&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 0EDD
Redirect Chain

https://sync.smartadserver.com/getuid?gdpr=0&gdpr_consent=&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D[sas_uid]%26zpartnerid%3D592%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%...
https://sync.smartadserver.com/getuid?gdpr=0&gdpr_consent=&url=https://mwzeom.zeotap.com/mw?cid=[sas_uid]&zpartnerid=592&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b...
https://mwzeom.zeotap.com/mw?cid=

95 B
153 B

70ms
70ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 73e83557cf4a23c7-ZRH
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://mwzeom.zeotap.com/mw?cid=
pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 0EDD
Redirect Chain

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=0&gdpr_consent=&env=mWeb&eventTyp...
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=0&gdpr_consent=&env=mWeb&eve...
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=0&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4df...

95 B
153 B

69ms
68ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=0&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 73e835573ef923c7-ZRH
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=0&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
expires: 0
cache-control: no-cache
x-server: 10.45.21.20
content-length: 0
x-consent: absent

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 0EDD
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
https://mwzeom.zeotap.com/mw?cid=y-o7OAr1JE2oq3wcVo.7aiAX20g8XR7M9AlQ--~A&zpartnerid=570&env=mWeb

95 B
176 B

70ms
70ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=y-o7OAr1JE2oq3wcVo.7aiAX20g8XR7M9AlQ--~A&zpartnerid=570&env=mWeb
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:16 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 73e83559f87e23c7-ZRH
access-control-allow-headers: *
content-length: 95

Redirect headers

date: Mon, 22 Aug 2022 02:34:15 GMT
via: http/1.1 spdc0106.pbp.ir2.yahoo.com (ApacheTrafficServer)
server: ATS
age: 0
strict-transport-security: max-age=31536000
content-type: text/html;charset=utf-8
location: https://mwzeom.zeotap.com/mw?cid=y-o7OAr1JE2oq3wcVo.7aiAX20g8XR7M9AlQ--~A&zpartnerid=570&env=mWeb
content-length: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 0EDD
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=GBR&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zd...
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=GBR&zdid=1361&cid=2AlcFsEkph48Zu19kO054Z19%2BCFNcfZk%2BS41iYitP1U%3D

95 B
153 B

78ms
77ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=GBR&zdid=1361&cid=2AlcFsEkph48Zu19kO054Z19%2BCFNcfZk%2BS41iYitP1U%3D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 73e83556fee323c7-ZRH
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
server: AAWebServer
location: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=GBR&zdid=1361&cid=2AlcFsEkph48Zu19kO054Z19%2BCFNcfZk%2BS41iYitP1U%3D
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires: 0

GET
H2 200 v2
odr.mookie1.com/t/ Frame 0EDD 43 B
356 B 120ms
40ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 0EDD 0
338 B 218ms
43ms Image
text/plain 52.48.55.168
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.55.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-55-168.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
cache-control: private, no-cache, no-store
x-request-time: D=54 t=1661135655
x-served-by: beacon-n019-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 /
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame 0EDD 95 B
361 B 141ms
46ms Image
image/png 138.201.8.249
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 138.201.8.249 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.249.8.201.138.clients.your-server.de
Software: nginx/1.14.2 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
server: nginx/1.14.2
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 0EDD
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YwLrJwABdtHNBABN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae7...

95 B
153 B

72ms
72ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YwLrJwABdtHNBABN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361&_test=YwLrJwABdtHNBABN
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 73e835580f6a23c7-ZRH
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1661135656.651658,VS0,VE0
x-served-by: cache-lcy19267-LCY
x-cache: HIT
location: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YwLrJwABdtHNBABN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361&_test=YwLrJwABdtHNBABN
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 0EDD
Redirect Chain

https://engine.widespace.com/map/ext/api/trackingcallback/v1?accessToken=zeotap-user-sync&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad...
https://mwzeom.zeotap.com/mw?zpartnerid=395&ws_uid=ck.31b012ad-ca60-485e-97f2-cd7d0d890078&zdid=1361

95 B
153 B

70ms
69ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=395&ws_uid=ck.31b012ad-ca60-485e-97f2-cd7d0d890078&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 73e835583f9023c7-ZRH
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 43c19aee1cbb38bf37ea4d5265ba1f54.cloudfront.net (CloudFront)
server: nginx/1.20.1
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
location: https://mwzeom.zeotap.com/mw?zpartnerid=395&ws_uid=ck.31b012ad-ca60-485e-97f2-cd7d0d890078&zdid=1361
cache-control: must-revalidate, no-store, no-cache
content-length: 0
x-amz-cf-id: au0yWdoUiTbU6F8ykqwXk_w1BUa8vNgyD1vx75pTISfKO8_tddcYiQ==
expires: -1

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 0EDD
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae783513...

0
337 B

44ms
44ms

Image
text/plain

52.48.55.168
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 52.48.55.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-55-168.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
cache-control: private, no-cache, no-store
x-request-time: D=33 t=1661135655
x-served-by: beacon-n023-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
date: Mon, 22 Aug 2022 02:34:15 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a005-ash-prod.krxd.net

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame 0EDD
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460...
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460...

43 B
645 B

43ms
41ms

Image
image/gif

52.95.122.74
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361&dcc=t

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

HTTP/1.1

Server

52.95.122.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:15 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: WVB85WAJXHMS90KW745P
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:15 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: VMC9ES9BTKCW70RB3SAX
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 0EDD
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099...
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099...

43 B
645 B

116ms
115ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361&dcc=t

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:15 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: B2XQYKCY53BPWMZ4VZ18
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:15 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 4P6XPKFE956RVN72SCYS
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 400 87734
tags.bluekai.com/site/ Frame 0EDD 0
145 B 308ms
185ms Image
text/plain 104.111.215.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/87734?id=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-191.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
content-length: 0
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 0EDD
Redirect Chain

https://obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D76aa3...
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361

95 B
153 B

69ms
69ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 73e83559a86523c7-ZRH
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=76aa3fa5-7fbf-4ec8-460b-ff099b3c5218&reqId=4c5e1d18-ad8e-4e64-4dfe-ae78351325ad&zdid=1361
date: Mon, 22 Aug 2022 02:34:15 GMT
cross-origin-resource-policy: cross-origin
content-length: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame C7A8
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/qBjJlh_Qm8Z3Wgbc8da2zsn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1948821359541361808

0
239 B

42ms
42ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1948821359541361808
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

Redirect headers

date: Mon, 22 Aug 2022 02:34:15 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1948821359541361808
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2

204

v1
ads.yahoo.com/cms/ Frame C7A8
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L7459ZSY-1Y-G6MQ&sigv=1&esig=2~484ebe4d5813fa663ff3749aca1785ef214a8292

0
194 B

172ms
51ms

Image
text/plain

2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L7459ZSY-1Y-G6MQ&sigv=1&esig=2~484ebe4d5813fa663ff3749aca1785ef214a8292

Protocol

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L7459ZSY-1Y-G6MQ&sigv=1&esig=2~484ebe4d5813fa663ff3749aca1785ef214a8292
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame C7A8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESENq2d6PzJ__UMIWNKW1XblA&google_cver=1

0
239 B

189ms
43ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESENq2d6PzJ__UMIWNKW1XblA&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESENq2d6PzJ__UMIWNKW1XblA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 709414.gif
id.rlcdn.com/ Frame C7A8 0
0 113ms
36ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C7A8
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Yzc2Zjc1MjI3Mjk2ODAwNzNkNjc1ZDM0ZTZhNGE4NDUyZWQzNDQ1OQ

170 B
188 B

56ms
56ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Yzc2Zjc1MjI3Mjk2ODAwNzNkNjc1ZDM0ZTZhNGE4NDUyZWQzNDQ1OQ

Protocol

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Yzc2Zjc1MjI3Mjk2ODAwNzNkNjc1ZDM0ZTZhNGE4NDUyZWQzNDQ1OQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame C7A8 70 B
265 B 135ms
39ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

setuid
px.ads.linkedin.com/ Frame C7A8
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L7459ZSY-1Y-G6MQ

0
707 B

262ms
167ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L7459ZSY-1Y-G6MQ
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 481E401681F8495FAF91F1634A48F1A1 Ref B: LON04EDGE1206 Ref C: 2022-08-22T02:34:15Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXmy0iqW9c93AUEtsTGgw==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L7459ZSY-1Y-G6MQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C7A8
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=ay4UNH43QsaGkrpCo_oehA&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ay4UNH43QsaGkrpCo_oehA

43 B
556 B

190ms
120ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ay4UNH43QsaGkrpCo_oehA

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:15 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 77QDR343K6XECBPWZWGZ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ay4UNH43QsaGkrpCo_oehA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 5EB8 31 KB
10 KB 58ms
58ms Script
text/html 92.123.9.160
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-9-160.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ebf9218a016a4a06e257c70b58ebef5da0dc3ae22a3e28b9d394e688f54a228a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 22 Aug 2022 02:34:15 GMT
Content-Encoding: gzip
Last-Modified: Wed, 17 Aug 2022 13:55:35 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=41799
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9442
Expires: Mon, 22 Aug 2022 14:10:54 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame B5FA 70 B
264 B 65ms
40ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fznaj.ua%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame B5FA 170 B
188 B 53ms
53ms Image
image/png 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YwLrJDtuUFlOXibAFIzsjQAAEUwAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fznaj.ua%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame B5FA
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwLrJDtuUFlOXibAFIzsjQAAEUwAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwLrJDtuUFlOXibAFIzsjQAAEUwAAAIB&dcc=t

43 B
645 B

195ms
116ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwLrJDtuUFlOXibAFIzsjQAAEUwAAAIB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fznaj.ua%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:15 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 40CY4NPAZ2E57224KZVQ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:15 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 8VVP7YFH0E2JQYNQBWKJ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwLrJDtuUFlOXibAFIzsjQAAEUwAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame B5FA 0
0 125ms
41ms Image
text/html 37.252.172.249
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fznaj.ua%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.172.249 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 204 sync
ups.analytics.yahoo.com/ups/55940/ Frame B5FA 0
125 B 226ms
42ms Image
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YwLrJDtuUFlOXibAFIzsjQAAEUwAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fznaj.ua%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
server: ATS/9.1.10.25
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame B5FA
Redirect Chain

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-f5a10fb8-6b5e-47d1-af50-3cb2daba4965

43 B
909 B

73ms
60ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-f5a10fb8-6b5e-47d1-af50-3cb2daba4965
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fznaj.ua%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 73e8355728140686-LHR
pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SWV7%2FgXrzfTkhjqDpfzpizyQb2AwotEZUqltzMZoaCiApLNk7VkFg6TYXoTLemnz6LqNzySNKJ6tzcEkXBAYo7zoOxsgT3rzD64ZAL%2Fae05BWvPUBaYHKcvxx91s%2FHBZp08o5Z1uwProgA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-f5a10fb8-6b5e-47d1-af50-3cb2daba4965
date: Mon, 22 Aug 2022 02:34:15 GMT
server: Apache-Coyote/1.1
content-length: 0

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame B5FA
Redirect Chain

https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1

43 B
911 B

66ms
66ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fznaj.ua%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray: 73e835559f1c0686-LHR
pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6jHGSHB5MLzoUL7%2B97%2B%2FVT9GoOxi0mSf7CS6l02CPj25i2RGkqbrzl2XvnHBFzwyzlRpnK43hQnNfe9XiCXjwelandsNEmvo6wr%2FNoBypUY7LZYv5dOrcZqN9W2WwMubYiE4RNrHiO78A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
date: Mon, 22 Aug 2022 02:34:15 GMT
access-control-allow-credentials: true
x-powered-by: Express
content-length: 0
vary: Origin
keep-alive: timeout=5

GET
H2 204 CookieIndex
rtb.adentifi.com/ Frame B5FA 0
35 B 372ms
113ms Image
text/plain 44.196.141.245
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieIndex
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fznaj.ua%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.196.141.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-196-141-245.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame B5FA 43 B
426 B 161ms
51ms Image
image/gif 2606:4700::6812:c4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?YwLrJDtuUFlOXibAFIzsjQAA%264428
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fznaj.ua%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
cf-cache-status: HIT
age: 294
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
content-length: 43
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
etag: "da1f1d-2b-546dc3a097100"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 73e835557f6501db-ZRH
expires: Mon, 22 Aug 2022 06:34:15 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 5EB8 0
239 B 227ms
44ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=eplanning_eu&khaos=L7459ZSY-1Y-G6MQ
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

GET
H2 200 lotame20220804.html Show response
s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/ Frame CE6A 627 B
544 B 116ms
34ms Document
text/html 5.178.65.253
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.253 Rijswijk, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: i.e-planning.net
Software: openresty /
Resource Hash: 30fe2b4dd3ea9446d92fa0dad1ce04ad1fb0729696ca6e04d6bfaacfb5681ed6

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=157680000
content-encoding: gzip
content-type: text/html
date: Mon, 22 Aug 2022 02:34:15 GMT
etag: W/"62ec189b-273"
expires: Sat, 21 Aug 2027 02:34:15 GMT
last-modified: Thu, 04 Aug 2022 19:06:03 GMT
server: openresty

GET
H2 200 sirdata_03022021.html Show response
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 0CB8 636 B
577 B 115ms
35ms Document
text/html 5.178.65.253
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.253 Rijswijk, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: i.e-planning.net
Software: openresty /
Resource Hash: 14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=157680000
content-encoding: gzip
content-type: text/html
date: Mon, 22 Aug 2022 02:34:15 GMT
etag: W/"601b131c-27c"
expires: Sat, 21 Aug 2027 02:34:15 GMT
last-modified: Wed, 03 Feb 2021 21:18:20 GMT
server: openresty

GET
H/1.1 200
OK csync Show response
sync.adtelligent.com/ Frame D416 0
384 B 195ms
185ms Document
text/plain 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adtelligent.com/csync?t=a&ep=307971&extuid=ABZ-%2fwZ3oiu8uyC1
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D307971%26extuid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.us.e-planning.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Content-Length: 0
Date: Mon, 22 Aug 2022 02:34:14 GMT
Etag: adba2aabfaddac77
Server: Adtelligent

GET
H2 200 cookie Show response
cm.adform.net/ Frame 713E 43 B
106 B 168ms
60ms Document
image/gif 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=755289
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

content-length: 43
content-type: image/gif
date: Mon, 22 Aug 2022 02:34:15 GMT
server: nginx

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame C021
Redirect Chain

https://sync.console.adtarget.com.tr/csync?redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D318342%26extuid%3D%7Buid%7D
https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=367b36af039ffec7

0
384 B

75ms
74ms

Image
text/plain

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=367b36af039ffec7
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=755289
Protocol: HTTP/1.1
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s.console.adtarget.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 22 Aug 2022 02:34:15 GMT
Server: Adtelligent
Etag: 91a7f2c3773c77f2
Content-Length: 0

Redirect headers

Location: https://sync.adtelligent.com/csync?t=a&ep=318342&extuid=367b36af039ffec7
Date: Mon, 22 Aug 2022 02:34:15 GMT
Server: Adtelligent
Etag: 367b36af039ffec7
Content-Length: 0

GET
H2 204 /
onetag-sys.com/usync/ Frame 1E4E 0
0 41ms
41ms Document
text/plain 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=75a1922f904cc20

Requested by

Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame A8C0 15 KB
6 KB 193ms
53ms Document
text/html 23.47.208.212
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.208.212 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-208-212.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=169684
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 22 Aug 2022 02:34:15 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Wed, 24 Aug 2022 01:42:19 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 200C
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17184-d
https://eus.rubiconproject.com/usync.html?p=17184-d

281 B
554 B

52ms
52ms

Document
text/html

92.123.9.160
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=17184-d
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-9-160.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://s.adtelligent.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 22 Aug 2022 02:34:15 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 22 Aug 2022 02:34:15 GMT
location: https://eus.rubiconproject.com/usync.html?p=17184-d
server: AkamaiGHost

GET
H/1.1 200
OK csync
sync.adtelligent.com/ Frame 4632 43 B
320 B 183ms
74ms Image
image/gif 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?redir=
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=651796
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: Adtelligent /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 22 Aug 2022 02:34:14 GMT
Server: Adtelligent
Etag: 91a7f2c3773c77f2
Content-Length: 43
Content-Type: image/gif

GET
H2 200 lt.min.js Show response
tags.crwdcntrl.net/lt/c/15238/ Frame CE6A 49 KB
15 KB 137ms
45ms Script
text/javascript 65.9.66.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Requested by: Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9466e9e7baf16cf5f9f787bec7685504c8c228cab66a7d871983d223c67a1ade

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 11:54:21 GMT
content-encoding: gzip
etag: W/"fdcd13007d5be3c218bd461a6aad998b"
last-modified: Wed, 03 Aug 2022 18:30:08 GMT
server: AmazonS3
age: 52795
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 2fc0d20914c32e5cd76477ed042298d0.cloudfront.net (CloudFront)
cache-control: max-age: 86400
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: KzBWAtOnwZwpCl5aEpx6nxB44fuiBn01XMgMWHE3Dbzj5LNqPGHOyw==

GET
H/1.1 200
OK GS.d Show response
js.cookieless-data.com/ Frame 0CB8 0
535 B 235ms
55ms Script
text/plain 212.129.3.113
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL

https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1661135655488

Requested by

Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.129.3.113 , France, ASN12876 (Online SAS, FR),

Reverse DNS

212-129-3-113.rev.poneytelecom.eu

Software

nginx/1.11.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains; preload
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Aug 2022 02:34:15 GMT
Server: nginx/1.11.3
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
P3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 0
X-Xss-Protection: 0
Expires: Tue, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 200C 31 KB
10 KB 59ms
58ms Script
text/html 92.123.9.160
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17184-d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-9-160.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ebf9218a016a4a06e257c70b58ebef5da0dc3ae22a3e28b9d394e688f54a228a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=17184-d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 22 Aug 2022 02:34:15 GMT
Content-Encoding: gzip
Last-Modified: Wed, 17 Aug 2022 13:55:35 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=41799
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9442
Expires: Mon, 22 Aug 2022 14:10:54 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 200C 0
239 B 42ms
42ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=17184-d&khaos=L7459ZSY-1Y-G6MQ
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17184-d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

GET
H2 200 optimus_rules.json Show response
tags.crwdcntrl.net/lt/c/15238/ Frame CE6A 155 B
629 B 119ms
39ms XHR
application/json 65.9.66.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/15238/optimus_rules.json
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff

Request headers

Referer: https://s.e-planning.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 22 Aug 2022 00:05:23 GMT
via: 1.1 43c19aee1cbb38bf37ea4d5265ba1f54.cloudfront.net (CloudFront)
age: 8933
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 155
last-modified: Wed, 03 Aug 2022 18:30:08 GMT
server: AmazonS3
etag: "1a1722e9cedbdc8af0dcd3345e46c73a"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age: 86400
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: uRMd3NX78CGdoxzJd3VfOHDaPlqstiC0vR57RRZNEExP5YS2cPRsjg==

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame A8C0 0
39 B 33ms
33ms Script
text/plain 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=66633327&p=156813&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
content-length: 0

GET
H3 200 BTi51yVvyPLXEo4rx37a5udoelhueuco3724Tff1.png
znaj.ua/crops/2243c3/150x100/2/0/2022/08/21/ 4 KB
5 KB 68ms
68ms Image
image/jpeg 2606:4700:20::681a:2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://znaj.ua/crops/2243c3/150x100/2/0/2022/08/21/BTi51yVvyPLXEo4rx37a5udoelhueuco3724Tff1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:2a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a3ad5f89bcaae33946166c2a87b191d8b34c186e3f89aa37ac5ae53809ac19a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 23667
cf-polished: origSize=4145, status=webp_bigger
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3988
last-modified: Sun, 21 Aug 2022 12:41:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I9ZxosfvhfKCRCrpKhdY3JPocNlFoHL8D9zaLwTy4kpA8v68jZGnkCSbBWxs6zZwz6KMI1WuWhVz9SiG4gSgPPASXo%2Bc9hyhyaBRMPZixiFc0IyYcblan77LkLXPSl3r6zG0smI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=315360000, public
accept-ranges: bytes
cf-ray: 73e835582d82baff-MXP
cf-bgj: imgq:100,h2pri

POST
H2 200 data Show response
bcp.crwdcntrl.net/6/ Frame CE6A 20 B
307 B 51ms
51ms XHR
application/json 52.30.246.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/data
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.246.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-246-43.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e

Request headers

Referer: https://s.e-planning.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 02:34:15 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://s.e-planning.net
expires: 0
cache-control: no-cache
x-server: 10.45.21.20
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 20
x-consent: absent

GET
H3 200 QtjNyyxCw6HRX8Q2V1TKwcxXkaACW6OX8cWLcTGL.jpg
znaj.ua/crops/93c5fb/735x400/2/0/2022/08/20/ 46 KB
46 KB 86ms
86ms Image
image/jpeg 2606:4700:20::681a:2a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://znaj.ua/crops/93c5fb/735x400/2/0/2022/08/20/QtjNyyxCw6HRX8Q2V1TKwcxXkaACW6OX8cWLcTGL.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:2a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6d551fb002d9561997a6ffe578632a764e8d078653aaf9b5bdcf8d6fa374f93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://znaj.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 02:34:15 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=46966, status=webp_bigger
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 46655
last-modified: Sun, 21 Aug 2022 20:42:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2HoNH%2FZa5WeFM%2BvJi9VqmoENryxDQsUiEijknnSAZ1fsvLZj%2Ftt0naS0gQuxP6RKtzweGH56UMa5fSmEt3CmBvCQPq35GWTRnbz0Zbagv%2BAT1Z0QlTy11rgIGWeS9WX6pBE4el0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=315360000, public
accept-ranges: bytes
cf-ray: 73e83559be2ebaff-MXP
cf-bgj: imgq:100,h2pri

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame B610 0
747 B 41ms
41ms Script
text/html 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS