winintro.ru Open in urlscan Pro
185.64.76.74 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://winintro.ru/
Submission: On September 07 via manual (September 7th 2022, 2:20:11 am UTC) from SG — Scanned from DE

Summary HTTP 102 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 23 IPs in 5 countries across 16 domains to perform 102 HTTP transactions. The main IP is 185.64.76.74, located in Russian Federation and belongs to SERV-TECH, RU. The main domain is winintro.ru.

This is the only time winintro.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	185.64.76.74 185.64.76.74	208626 (SERV-TECH) (SERV-TECH)
26	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
4	139.162.151.130 139.162.151.130	63949 (LINODE-AP...) (LINODE-AP Linode)
4 8	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
1	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE)
3 4	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
3 5	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	54.220.47.254 54.220.47.254	16509 (AMAZON-02) (AMAZON-02)
18	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
3	2600:9000:224... 2600:9000:2240:9c00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2600:1f18:1ac... 2600:1f18:1aca:4282:bee0:4676:e27e:8238	14618 (AMAZON-AES) (AMAZON-AES)
102	23

6 185.64.76.74 (Russian Federation)

ASN208626 (SERV-TECH, RU)
PTR: cpanel14.coopertino.ru

winintro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 139.162.151.130 (Frankfurt am Main, Germany)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: reformal.ru

widget.reformal.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
reformal.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
log.reformal.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:6b8::1:119 (Moscow, Russian Federation) 4 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.194 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f194.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.19.126 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.173.215 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.220.47.254 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-220-47-254.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2240:9c00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1f18:1aca:4282:bee0:4676:e27e:8238 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 129 tpc.googlesyndication.com — Cisco Umbrella Rank: 174	430 KB
18	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 350	1 MB
13	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 1021 static.adsafeprotected.com — Cisco Umbrella Rank: 791 dt.adsafeprotected.com — Cisco Umbrella Rank: 735	96 KB
13	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 73 cm.g.doubleclick.net — Cisco Umbrella Rank: 303 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 373	94 KB
6	google.com cse.google.com — Cisco Umbrella Rank: 4275 adservice.google.com — Cisco Umbrella Rank: 142 www.google.com — Cisco Umbrella Rank: 19	1 KB
6	winintro.ru winintro.ru	28 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 904	4 KB
5	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 8291	2 KB
4	reformal.ru widget.reformal.ru reformal.ru — Cisco Umbrella Rank: 366422 log.reformal.ru — Cisco Umbrella Rank: 807253	5 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 329	3 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 5202	1 KB
3	yandex.ru 2 redirects mc.yandex.ru — Cisco Umbrella Rank: 2143	56 KB
2	gstatic.com www.gstatic.com fonts.gstatic.com	42 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 234	88 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 120	1 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 972	644 B
102	16

	Domain	Requested by
18	s0.2mdn.net	winintro.ru s0.2mdn.net googleads.g.doubleclick.net
17	pagead2.googlesyndication.com	winintro.ru pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
13	tpc.googlesyndication.com	googleads.g.doubleclick.net winintro.ru tpc.googlesyndication.com pagead2.googlesyndication.com s0.2mdn.net
8	dt.adsafeprotected.com
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net winintro.ru
6	winintro.ru	winintro.ru
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	mc.yandex.com	2 redirects winintro.ru
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
3	static.adsafeprotected.com	fw.adsafeprotected.com googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	mc.yandex.ru	2 redirects winintro.ru
2	googleads4.g.doubleclick.net	winintro.ru
2	fw.adsafeprotected.com	1 redirects winintro.ru
2	www.google.com	winintro.ru tpc.googlesyndication.com
2	www.googletagservices.com	googleads.g.doubleclick.net winintro.ru
2	reformal.ru	winintro.ru
1	fonts.gstatic.com	fonts.googleapis.com
1	www.gstatic.com	googleads.g.doubleclick.net
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	log.reformal.ru	winintro.ru
1	cse.google.com	winintro.ru
1	widget.reformal.ru	winintro.ru
102	26

This site contains links to these domains. Also see Links.

Domain
getadmx.com
reformal.ru

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2022-05-21` - `2022-10-31`	5 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2022-04-28` - `2023-05-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2022-08-06` - `2023-09-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2022-04-10` - `2023-05-08`	a year	crt.sh

This page contains 14 frames:

Primary Page: http://winintro.ru/
Frame ID: DF895B61376E25C1FEFAE34744911D85
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220901/r20190131/zrt_lookup.html
Frame ID: 12EF0FF7033F5B9B70BEB7A7BC60EA38
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2339592383170032&output=html&h=280&slotname=9703837508&adk=1748934517&adf=3025194257&pi=t.ma~as.9703837508&w=1200&fwrn=4&fwrnh=100&lmt=1662517207&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwinintro.ru%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1662517206945&bpp=4&bdt=89&idt=98&shv=r20220901&mjsv=m202209010201&ptt=9&saldr=aa&abxe=1&correlator=1357325194016&frm=20&pv=2&ga_vid=2046137264.1662517207&ga_sid=1662517207&ga_hid=1878822407&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=8&ady=68&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760912%2C31068919&oid=2&pvsid=2430286127925473&tmod=1335232453&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=F2rhqDfYIo&p=http%3A//winintro.ru&dtd=110
Frame ID: 4ED125D82452345CC45B646FFA767989
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2339592383170032&output=html&adk=1812271804&adf=1573534164&lmt=1662517207&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwinintro.ru%2F&ea=0&pra=7&wgl=1&easpf=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&dt=1662517207288&bpp=2&bdt=431&idt=2&shv=r20220901&mjsv=m202209010201&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db2f71705e18d1b20-22b9181e15ce00fc%3AT%3D1662517207%3ART%3D1662517207%3AS%3DALNI_MZgIyQgBB22IUdNm3pQEIS4Vmce9Q&prev_fmts=1200x280&nras=1&correlator=1357325194016&frm=20&pv=1&ga_vid=2046137264.1662517207&ga_sid=1662517207&ga_hid=1878822407&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760912%2C31068919&oid=2&pvsid=2430286127925473&tmod=1335232453&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=2&uci=a!2&fsb=1&dtd=6
Frame ID: F562ECBCA0E7892ACA54C1097D537C06
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js
Frame ID: 86C62D4A611A83C217B439224C67F733
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220901/r20110914/zrt_lookup.html?fsb=1
Frame ID: D506AC36A85BCC5BA2D3A465EF748A6C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPn8nwEQlYnMjAMY0s3t0gEwAQ&v=APEucNWFcVlGEGyXAW368tb3PdMXQeyaBgJ8KhSaMtDcUSIucC1zX0DkdaOeCHThCErCSmyJg_dXDW63CDghforVcwYcROuYku33IfV9-Y5OXho0t2CGn9K-dWhG6CXkDYuaGDz3GPvYzeogihHYbhkDNvB_FsHZ9HgcjVE59vxq89eLTDwFznM
Frame ID: C4DFD137D70F77D350A109BEBB643FCC
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjkYNrV3Yo0N9bvaEc4VvfrGZdyuE1OR7H3fcByUl8JcsI5XmNcNfb4IcsxIF2rO9LwrVAn8IzoZoj6z4XkMuoIFhmBuxZCIFMHaP_X7VLzqk0sSdFjuiS6XKMG2AW9qOnAtM4CfnbnRTHJZa1vLBLr0IFHw&dbm_d=AKAmf-BVXjcKee_Kq9g_SiPTOIFVdUEM6LfpM3F1cNcIsVDpQR8yRRiDTT5QLvkyrd3cqx3m1GBr-ytAO8AD__zXBzb2jO9ccNY9dAsVS6T2mRFFkDqK521xby2tCaSFe44U6Q_wHK4lniuuLblGL6gUQDIXN0cY8zwXxiMtGiFJX18QgnQz0MwAAI5mc1BNXV66vTtl0N61YquUr8wfvM444fGntRQ8ihjV3vAlbvXITzr9CyfLSIiKkI5rPvDBg1bD9Kk56oxsiXwefCGiPdwQCuA5cmDk2-4Gon3680Zu-VkuebExgoHU6k4IDlx7AeGBznrYdbQF9bgGJSXKY2CreIQc2aePDoYNH0tzInCcyLSzwaqh4OCQffCGPkOpSDi3PBvCGCDOSf_AF2_7G8C_A7FFH7oyWxXPLBSxBGAqQPSNe5M5l-iBfFDqiDT-EBnwt6X7CfpIkZRnNv0XP2zBRLik_bQefPgAn1Ow18d3O5geLxOzBNlP6a0EMvt9IHxM1mJL_tdddoFIQIzGFpASLo4J5Yxu1M597Ae_A7NfkUQLA5khPXT3nWIhTgLts9FRIZWlucpsh5JbR2wl_6bcSB2Ff6fbbTtwMV5nyyBSJmD_icsyz-jIXg5FSg0_kd8iX2EUxvlssVrmSXF4ExzSv1IHyEZXuWQlSSWwX_dRiv5B3zjxcwBLMU0zHDjUKkrB-OLNjJcePuWggE21gV4SNU8dRm0LvLViJ5whEk2BW8iChOChJaGuAei5Wo7dlwNsJ67VlzfxylmD1PV8L_ckOod-LBFguGciAUwwUNnFNRHyfPDdpfEwQo3OMA_HJZhnv61ZrTr-r_bDNuM9U3IBPsysSnhylX-H8ablnw0x6USot_3kPsBqiqbySnD0_mSSKluMsfzi8Ic0nycroL0fyGsTcoXNGKD2HXB4ss8qIxnmmHCw2aXR6rNDQT19AxmV_x4XBVVhSBhnNvK9u1rvTv9-eqmMa1pPaRWcJ0_yjLAPzXz0U_4-HUSl2hy3KDM3TQCimxySWqXqTrJfqrirecmIHq2M8oJ2DYbCuE5B4InDRjINn35ghPjh005C9kfPCVW_6OTA7B6keBOZCthNeLmm4WqWm4t9x5-_6WKM-jegrpYE5ea1uZpI1yA4V1ytrrE4Tr4LSDn1lQzKun6b9D0Cqh8FmUTw773CSKrpuunHiuClGpsoBeH0oixT8HFCqZ7IDkMA3AvfDjMydrYZQpLffHNSPM2YnkoYOj6LMVc6LLO0aYj8Vfh6S6qgFZ3O-6XSrmkASSN8NDQOaGnMIvDHOOfo9nUdYodxA42Rst_jxhw5HtTawQeB5xA3YgSlnujSdKFFGrOhwyLZgRFvMjJewzhNZV6nrjDjUeOearcbVrVcx93M-kVzPIRcDjMlVj1ZLqP0Gx9fJ6O145FLhr_uK8GLQZWpmzfvBd8emSHm0p53KNdlEjEizQPj8Dupo6jUkxJuMiD0UK5T4rI-mIbKxf7f7gNbCQmFA2LGYp2dJeTtgAw1vCAJ18RY8V8Z1OCECJ9vTH1AqGl37K2dxqAzMFVNya3wznlWRRWFv9PCtzsg2ySJEgldCmk27yAHi0i3yeHaJUQ3kjJytuzRGFlG9aOhwgmSkaO1hPOrCmtCRPTI5XsAuraoqUAqDa6KB35yS3964XWD1aOjFYJNNku8GJPPusqRs8gF-n4QhSjKNMuVmOxx3vnfgMCi4BLHNwhkQ3ctfKBPQSaWlOnRHOozREg6hXycfqehYcivc_3FWdHY7wynANevZ0Q2TrRK6NjkL4sCPWdN0Nh45kzLv6-i0FZ_iwXqB3ZtHALR34Tfizqgu3GsgNIsyD_-w-bFmDTDr-DQU9ZwIU8aLgW47sU_HNA1YNo4dVVYqrvabikjoK-sbnhrpeoF7GlxyvO6Og9gIIiyHjoy00f4aU7LJODrlFg8Jz3kQap7Q2B4iew0R5n1oOLqUBwJDhr-3QfzIFQfnhvOGXpjNr5wSnbrkrsF2EkO4VwKgRzLIsV3lgrUk-zbdyqD373zq6wdqAYCbbg-OMJpUQ0kFimzxzP_3iZ0PFg9bCZ8ytD9kJEirbyJA4nOCvKyj9tn9P__RChX0IhfEG5lvRNeSOLpIOs2_GgaM1X4HF7J76YwjBdwJ4KskIT3fZLl3jA3CocQ6WhetH8yjYCqs3WvEu0XeDsG3HacqTI2NnOfvmRgMmEkqW5b2_eH1LYV-NS1F40sDDBptdR8pvtnhTU8_kbm3EwYRyiFYCCdRK3E3y62IydPSKSV3zJ2wo3yKmclTgKRyt5FruWc7Gs8K7npQJkFD7pM4MFxGBF32M64O3ABnTT9RFJ21QRiVgZkFLgVQBBKmKEh1LzIMGOz8zFLDYrnLrq5dsduF7M289P2LGodytyOfFWvQEz0Ms9sR-uojCJwrUkwLWUmdGDzvCpCu5ZeybU25jVVZwLH979yboj9kn0ZVCn3-5ivAqfhavZMXpQS4A4r-ys-m_HPmNxWLOHLRx9axz6Uy0UTvsBLrgh3jvgW5lyRtfU7wPhmEVcBjiL6Jf0ttHjeGikyRkdFFxWImF-NI3exk_uUbOETNwjV7uUAUWoGUJbT2seLw2wgkSIRToYape61zQ0EAbHB2zXCqB8UIcOi68kR7bGog5ld4Wopm509imlruaecvAQU5usUl6EMVZ-RHnMyABCGyZaRUaxsHBH3UFDi0EjemfIJuBCgNNF2Mdt5DfHGWsWahYEYk2MHI8lEBpSj0IaegS8AnDnLDaHjJ4ELn74Y9Z9HucIwB427GonrhUrh1il1HB8xp2d6GBryQO8ii5XBooAjZB_XORym0Su-hE5kDkByGyg-iVPthSVGZJBMXSmRxDI6obKRH6gQb4aMP6ur7squOruRqKg0yaTKU9b6SPwxdiLXLAkwMC89q43ogLQqtoB6h8BPMJPXzmVn_YGg-5pktt0_jMSbQiiSxDtJ5Qtcr0amZgEtgQam43xvyh1DsbhZFwR23hmsgwtYWUIgTo_HwZw56jd8N247p8JUQ0DTGe-YwBJAEK6vyWApQEQUIbpGL378CgVPmGie1_4ZWuzEfthTgk4Cb8rsbvHUWq-UgD4SnDxwDT2yWLVi5Vn0hoALoFiMr_3Q6qCViBgzheKXU4YM6NbOve2E6vZOW3vnR_pKb4XqM0jIVxUNiMvZpCb4FDJbK40khM9tH9-xcSJLLnP3w0rYkthHORagRswp-7WE680OFtEFxGMqn_2VPZs0NnUDEwUapMHKABE0KZmB2UsZ92pwwHtD6VaaZBzCpbCwkgowhJSQlku2BAT6G6JPsfxDXgxhYsBO4nRWeqxbC0N8_XkZs9ZSPxWjKI5EGf2Ds5m3-qLHFWE&cid=CAASKORozOFP0UsNlSYn9PxLwW5nHaasV7P6oakfy5CUfkLKAf1FPn3YD1o&rfl=2%2Chttp%253A%252F%252Fwinintro.ru%252F%240
Frame ID: 325DB3724A7F6E9568786FF92FAE16F0
Requests: 25 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 441929E547BDF1B5A404568AFE32BDF6
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
Frame ID: C1259A18A547A3FE463C46CBB404B65C
Requests: 19 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: BA9AE156CACA86F2F9F4605E96EBFAEB
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F5F37D20040FF044F82849FF8C978914
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F989CB00312E1BA737579F672D2ED243
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js
Frame ID: D66EF6F45EB3DB6333D435DE1B298680
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Русская документация для Windows Server 2008 R2 и Windows 7 (Service Pack 1)

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

102
Requests

80 %
HTTPS

64 %
IPv6

16
Domains

26
Subdomains

23
IPs

5
Countries

1998 kB
Transfer

3655 kB
Size

18
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://getadmx.com/
Title: Group Policy Administrative Templates

Search URL Search Domain Scan URL

URL: http://reformal.ru/
Title: Reformal.ru

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

http://mc.yandex.ru/metrika/watch.js HTTP 302
https://mc.yandex.ru/metrika/watch.js

Request Chain 18

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9753.f7qWprWBK9UloQpRRJ4Gp5SspM1SGnTbGlDpD1rg0j7FLuodfD9u3wY9tD8V4EtG.hFI2kvXIryBc9DTM-iYbwKrsj2c%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9753.LRb5eUTmfdIKYxf2b7m9Ah31ykO9iWgm5AVlJbEEUnJU7uL2Kqv4tBt06s9pJ13rjeH7_3oajEyxxH_O_VJjCA%2C%2C.UzKcqCf86OYlrfH4gc8VjyKmWjw%2C

Request Chain 23

https://mc.yandex.com/watch/490927?wmode=7&page-url=http%3A%2F%2Fwinintro.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ocpriggyfyr9aewcgvlq0%3Afp%3A720%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A799866990084%3Ahid%3A53170941%3Az%3A0%3Ai%3A20220907022007%3Aet%3A1662517207%3Ac%3A1%3Arn%3A748895586%3Arqn%3A1%3Au%3A1662517207923089073%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Antf%3A1%3Ans%3A1662517206207%3Ads%3A483%2C49%2C115%2C1%2C0%2C0%2C%2C119%2C%2C%2C%2C%2C%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1662517207%3At%3A%D0%A0%D1%83%D1%81%D1%81%D0%BA%D0%B0%D1%8F%20%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82%D0%B0%D1%86%D0%B8%D1%8F%20%D0%B4%D0%BB%D1%8F%20Windows%20Server%202008%20R2%20%D0%B8%20Windows%207%20(Service%20Pack%201)&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)rqnl(1)ti(2) HTTP 302
https://mc.yandex.com/watch/490927/1?wmode=7&page-url=http%3A%2F%2Fwinintro.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ocpriggyfyr9aewcgvlq0%3Afp%3A720%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A799866990084%3Ahid%3A53170941%3Az%3A0%3Ai%3A20220907022007%3Aet%3A1662517207%3Ac%3A1%3Arn%3A748895586%3Arqn%3A1%3Au%3A1662517207923089073%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Antf%3A1%3Ans%3A1662517206207%3Ads%3A483%2C49%2C115%2C1%2C0%2C0%2C%2C119%2C%2C%2C%2C%2C%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1662517207%3At%3A%D0%A0%D1%83%D1%81%D1%81%D0%BA%D0%B0%D1%8F%20%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82%D0%B0%D1%86%D0%B8%D1%8F%20%D0%B4%D0%BB%D1%8F%20Windows%20Server%202008%20R2%20%D0%B8%20Windows%207%20%28Service%20Pack%201%29&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29

Request Chain 49

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELdv-TuzjIvrLWzHGC6wibg&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELdv-TuzjIvrLWzHGC6wibg&google_cver=1&C=1

Request Chain 50

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yxf-2NzfNgHt9QBtJZMhfwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELdv-TuzjIvrLWzHGC6wibg&google_cver=1

Request Chain 51

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMDoXTDC9OOWu6NiHxUiHuw&google_cver=1

Request Chain 52

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ0OTE4MzA3NTYxMzczODgwNA%3D%3D

Request Chain 83

https://fw.adsafeprotected.com/rfw/st/1102854/65591570/skeleton.js?adsafe_url=http%3A%2F%2Fwinintro.ru&adsafe_type=g&adsafe_url=http%3A%2F%2Fwinintro.ru%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20220901%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20220901%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-0-%26adk%3D1812271801%26client%3Dca-pub-2339592383170032%26fa%3D1%26ifi%3D3%26uci%3Da!3%26btvi%3D1%26xpc%3DlXOd8xS3bb%26p%3Dhttp%253A%2F%2Fwinintro.ru&adsafe_type=be&adsafe_jsinfo=,id:20683240-b022-f409-cce4-6da44d80335a,c:nuw9C3,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-585d8b8594-bt9d7,rg:ie,pt:1-5-15,mu:10000,br:c,an:n,oam:0,scm:grpm1,mtim:100,mot:0,app:0,maw:0,fm:tgI8Mml+11%7C121%7C13%7C141*.1102854-65591570%7C1411%7C1412%7C1413,idMap:141*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:114,oid:97f60789-2e53-11ed-ae67-3a52a9207ad8,v:19.8.347,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

102 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
winintro.ru/ 39 KB
9 KB 648ms
115ms Document
text/html 185.64.76.74
SERV-TECH

General

Check archive.org

Show headers Download Go to

Full URL

http://winintro.ru/

Protocol

HTTP/1.1

Server

185.64.76.74 , Russian Federation, ASN208626 (SERV-TECH, RU),

Reverse DNS

cpanel14.coopertino.ru

Software

nginx /

Resource Hash

8cd23ec8376bd245aa627149f0670262553432dac78a0570d6fad0811df79db4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 07 Sep 2022 02:20:06 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK helpindex.css
winintro.ru/files/ 344 B
595 B 50ms
49ms Stylesheet
text/css 185.64.76.74
SERV-TECH

General

Check archive.org

Show headers Download Go to

Full URL

http://winintro.ru/files/helpindex.css

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

HTTP/1.1

Server

185.64.76.74 , Russian Federation, ASN208626 (SERV-TECH, RU),

Reverse DNS

cpanel14.coopertino.ru

Software

nginx /

Resource Hash

e731c18f5159e2612625f471352650417c4557851c7518a28a76a5bc6896f1b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 02:20:06 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 11 Jul 2016 10:36:53 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Expires: Fri, 07 Oct 2022 02:20:06 GMT
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
X-Server-Powered-By: Engintron
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
51 KB 35ms
27ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

HTTP/1.1

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47ef239537a3332c2eebcfd78aafb41d2ed93b7068ce334631c3e429e5b79584

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Wed, 07 Sep 2022 02:20:06 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 17830501173239177431
Vary: Accept-Encoding, Origin
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 51620
X-XSS-Protection: 0
Expires: Wed, 07 Sep 2022 02:20:06 GMT

GET
H/1.1 200
OK tabn2v2.js Show response
widget.reformal.ru/ 15 KB
4 KB 47ms
9ms Script
text/html 139.162.151.130
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: http://widget.reformal.ru/tabn2v2.js
Requested by: Host: winintro.ru
URL: http://winintro.ru/
Protocol: HTTP/1.1
Server: 139.162.151.130 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: reformal.ru
Software: nginx/1.16.1 /
Resource Hash: f3e87e6819c1a049789173a1c52e62edb0051c1a0af081f4dcac6613c16a367e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 02:20:06 GMT
Content-Encoding: gzip
Server: nginx/1.16.1
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

GET
H2

200

watch.js Show response
mc.yandex.ru/metrika/
Redirect Chain

http://mc.yandex.ru/metrika/watch.js
https://mc.yandex.ru/metrika/watch.js

158 KB
56 KB

222ms
109ms

Script
application/javascript

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

624d8f6e11b854e5a5261fe0397a27d044501253aa15d62327d408182ff9f09f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:20:07 GMT
content-encoding: br
last-modified: Mon, 05 Sep 2022 12:38:44 GMT
etag: "6315c3a4-de2c"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 56876
expires: Wed, 07 Sep 2022 03:20:07 GMT

Redirect headers

Location: https://mc.yandex.ru/metrika/watch.js
Content-Length: 0

GET
H/1.1 200
OK 90.gif
winintro.ru/files/ 69 B
485 B 64ms
64ms Image
image/gif 185.64.76.74
SERV-TECH

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://winintro.ru/files/90.gif

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

HTTP/1.1

Server

185.64.76.74 , Russian Federation, ASN208626 (SERV-TECH, RU),

Reverse DNS

cpanel14.coopertino.ru

Software

nginx /

Resource Hash

62200de6653947c8d8a7873631f78c2b8a564e40378b6b9d5713186cc1edcf8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 02:20:06 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 11 Jul 2016 10:36:52 GMT
Server: nginx
Content-Type: image/gif
Expires: Sun, 06 Nov 2022 02:20:06 GMT
Cache-Control: max-age=5184000
X-Server-Powered-By: Engintron
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 69
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 404
Not Found cse.js
cse.google.com/ 0
0 57ms
34ms Script
text/html 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://cse.google.com/cse.js?cx=011017919958926383041:ajfvtnc_f9s
Requested by: Host: winintro.ru
URL: http://winintro.ru/
Protocol: HTTP/1.1
Server: 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H/1.1 200
OK headerbgmain.png
winintro.ru/files/ 15 KB
16 KB 55ms
52ms Image
image/png 185.64.76.74
SERV-TECH

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://winintro.ru/files/headerbgmain.png

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

HTTP/1.1

Server

185.64.76.74 , Russian Federation, ASN208626 (SERV-TECH, RU),

Reverse DNS

cpanel14.coopertino.ru

Software

nginx /

Resource Hash

f2530ebfa7dd0eb27e3cfaf23a514aa2dc9ee553ce716036113a28a0e28aeb6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 02:20:06 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 11 Jul 2016 10:36:53 GMT
Server: nginx
Content-Type: image/png
Expires: Sun, 06 Nov 2022 02:20:06 GMT
Cache-Control: max-age=5184000
X-Server-Powered-By: Engintron
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15545
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK f_ru.gif
winintro.ru/files/ 580 B
997 B 51ms
50ms Image
image/gif 185.64.76.74
SERV-TECH

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://winintro.ru/files/f_ru.gif

Requested by

Host: winintro.ru
URL: http://winintro.ru/files/helpindex.css

Protocol

HTTP/1.1

Server

185.64.76.74 , Russian Federation, ASN208626 (SERV-TECH, RU),

Reverse DNS

cpanel14.coopertino.ru

Software

nginx /

Resource Hash

4a8eb3554b2b95adcc12d824a96898ed63071f1064e64f17ded9b371df4aa673

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/files/helpindex.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 02:20:06 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 11 Jul 2016 10:36:53 GMT
Server: nginx
Content-Type: image/gif
Expires: Sun, 06 Nov 2022 02:20:06 GMT
Cache-Control: max-age=5184000
X-Server-Powered-By: Engintron
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 580
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209010201/ 344 KB
122 KB 61ms
39ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209010201/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2339592383170032&plah=winintro.ru

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7fac58ceb02f4aa2c6197d5f45d89d9d4fc6d14b440bd8558c2e555152bd41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:20:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124218
x-xss-protection: 0
server: cafe
etag: 3196060846848283528
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 02:20:06 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220901/r20190131/ Frame 12EF 10 KB
5 KB 29ms
7ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220901/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://winintro.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 9267
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 06 Sep 2022 23:45:39 GMT
etag: 8616628553774171045
expires: Tue, 20 Sep 2022 23:45:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK f_en.gif
winintro.ru/files/ 612 B
1 KB 63ms
51ms Image
image/gif 185.64.76.74
SERV-TECH

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://winintro.ru/files/f_en.gif

Requested by

Host: winintro.ru
URL: http://winintro.ru/files/helpindex.css

Protocol

HTTP/1.1

Server

185.64.76.74 , Russian Federation, ASN208626 (SERV-TECH, RU),

Reverse DNS

cpanel14.coopertino.ru

Software

nginx /

Resource Hash

2a87dc466b3bf04d2af3c5444cf285b3f4e8e03a954322b01433d11b90793db6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/files/helpindex.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 02:20:07 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 11 Jul 2016 10:36:53 GMT
Server: nginx
Content-Type: image/gif
Expires: Sun, 06 Nov 2022 02:20:07 GMT
Cache-Control: max-age=5184000
X-Server-Powered-By: Engintron
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 612
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK transp.gif
reformal.ru/i/ 43 B
279 B 15ms
8ms Image
image/gif 139.162.151.130
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://reformal.ru/i/transp.gif
Requested by: Host: winintro.ru
URL: http://winintro.ru/
Protocol: HTTP/1.1
Server: 139.162.151.130 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: reformal.ru
Software: nginx/1.16.1 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 02:20:06 GMT
Last-Modified: Fri, 20 Dec 2013 07:24:29 GMT
Server: nginx/1.16.1
ETag: "52b3f0ad-2b"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43

GET
H/1.1 200
OK st.php
log.reformal.ru/ 43 B
209 B 16ms
8ms Image
image/gif 139.162.151.130
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://log.reformal.ru/st.php?w=tabn2m4&domain=winintro
Requested by: Host: winintro.ru
URL: http://winintro.ru/
Protocol: HTTP/1.1
Server: 139.162.151.130 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: reformal.ru
Software: nginx/1.16.1 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 02:20:06 GMT
Server: nginx/1.16.1
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

GET
H/1.1 200
OK winintro%7CaHR0cDovL3dpbmludHJvLnJ1Lw==%7C
reformal.ru/human_check/ 43 B
279 B 15ms
7ms Image
image/gif 139.162.151.130
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://reformal.ru/human_check/winintro%7CaHR0cDovL3dpbmludHJvLnJ1Lw==%7C
Requested by: Host: winintro.ru
URL: http://winintro.ru/
Protocol: HTTP/1.1
Server: 139.162.151.130 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: reformal.ru
Software: nginx/1.16.1 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 02:20:06 GMT
Last-Modified: Fri, 20 Dec 2013 07:24:29 GMT
Server: nginx/1.16.1
ETag: "52b3f0ad-2b"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 215 B
644 B 52ms
15ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=winintro.ru&callback=_gfp_s_&client=ca-pub-2339592383170032

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209010201/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2339592383170032&plah=winintro.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

55ba06e3657f8d877d02bb04fd7f12ff609c9bfcc720f36c4d3e486ed8f571d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:20:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 200
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 43ms
17ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=winintro.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 07 Sep 2022 02:20:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 43ms
17ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=winintro.ru

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 07 Sep 2022 02:20:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4ED1 94 KB
32 KB 503ms
501ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2339592383170032&output=html&h=280&slotname=9703837508&adk=1748934517&adf=3025194257&pi=t.ma~as.9703837508&w=1200&fwrn=4&fwrnh=100&lmt=1662517207&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwinintro.ru%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1662517206945&bpp=4&bdt=89&idt=98&shv=r20220901&mjsv=m202209010201&ptt=9&saldr=aa&abxe=1&correlator=1357325194016&frm=20&pv=2&ga_vid=2046137264.1662517207&ga_sid=1662517207&ga_hid=1878822407&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=8&ady=68&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760912%2C31068919&oid=2&pvsid=2430286127925473&tmod=1335232453&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=F2rhqDfYIo&p=http%3A//winintro.ru&dtd=110

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8bd1348aa73d4d2781bd115e716f3b4e15a0ab64178f0a78dae281a88cc293e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://winintro.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 32934
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 07 Sep 2022 02:20:07 GMT
expires: Wed, 07 Sep 2022 02:20:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

400

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9753.f7qWprWBK9UloQpRRJ4Gp5SspM1SGnTbGlDpD1rg0j7FLuodfD9u3wY9tD8V4EtG.hFI2kvXIryBc9DTM-iYbwKrsj2c%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9753.LRb5eUTmfdIKYxf2b7m9Ah31ykO9iWgm5AVlJbEEUnJU7uL2Kqv4tBt06s9pJ13rjeH7_3oajEyxxH_O_VJjCA%2C%2C.UzKcqCf86OYlrfH4gc8VjyKmWjw%2C

75 B
75 B

55ms
55ms

Image
text/html

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9753.LRb5eUTmfdIKYxf2b7m9Ah31ykO9iWgm5AVlJbEEUnJU7uL2Kqv4tBt06s9pJ13rjeH7_3oajEyxxH_O_VJjCA%2C%2C.UzKcqCf86OYlrfH4gc8VjyKmWjw%2C

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:20:07 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9753.LRb5eUTmfdIKYxf2b7m9Ah31ykO9iWgm5AVlJbEEUnJU7uL2Kqv4tBt06s9pJ13rjeH7_3oajEyxxH_O_VJjCA%2C%2C.UzKcqCf86OYlrfH4gc8VjyKmWjw%2C
date: Wed, 07 Sep 2022 02:20:07 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 33ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=winintro.ru

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 07 Sep 2022 02:20:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 36ms
18ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=winintro.ru

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 07 Sep 2022 02:20:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F562 41 KB
13 KB 512ms
511ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2339592383170032&output=html&adk=1812271804&adf=1573534164&lmt=1662517207&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwinintro.ru%2F&ea=0&pra=7&wgl=1&easpf=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&dt=1662517207288&bpp=2&bdt=431&idt=2&shv=r20220901&mjsv=m202209010201&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db2f71705e18d1b20-22b9181e15ce00fc%3AT%3D1662517207%3ART%3D1662517207%3AS%3DALNI_MZgIyQgBB22IUdNm3pQEIS4Vmce9Q&prev_fmts=1200x280&nras=1&correlator=1357325194016&frm=20&pv=1&ga_vid=2046137264.1662517207&ga_sid=1662517207&ga_hid=1878822407&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760912%2C31068919&oid=2&pvsid=2430286127925473&tmod=1335232453&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=2&uci=a!2&fsb=1&dtd=6

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d79cf5d48595923130c4bbed7d19592cc71f82c53d0b0e841dd7dde42d39c155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://winintro.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 13210
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 07 Sep 2022 02:20:07 GMT
expires: Wed, 07 Sep 2022 02:20:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
112 B 55ms
55ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:20:07 GMT
last-modified: Mon, 05 Sep 2022 12:38:44 GMT
etag: "6315c3a4-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Wed, 07 Sep 2022 03:20:07 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/490927/
Redirect Chain

https://mc.yandex.com/watch/490927?wmode=7&page-url=http%3A%2F%2Fwinintro.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ocpriggyfyr9aewcgvlq0%3Afp%3A720%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ae...
https://mc.yandex.com/watch/490927/1?wmode=7&page-url=http%3A%2F%2Fwinintro.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ocpriggyfyr9aewcgvlq0%3Afp%3A720%3Afu%3A0%3Aen%3Autf-8%3Ala%3...

427 B
509 B

58ms
58ms

XHR
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/490927/1?wmode=7&page-url=http%3A%2F%2Fwinintro.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ocpriggyfyr9aewcgvlq0%3Afp%3A720%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A799866990084%3Ahid%3A53170941%3Az%3A0%3Ai%3A20220907022007%3Aet%3A1662517207%3Ac%3A1%3Arn%3A748895586%3Arqn%3A1%3Au%3A1662517207923089073%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Antf%3A1%3Ans%3A1662517206207%3Ads%3A483%2C49%2C115%2C1%2C0%2C0%2C%2C119%2C%2C%2C%2C%2C%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1662517207%3At%3A%D0%A0%D1%83%D1%81%D1%81%D0%BA%D0%B0%D1%8F%20%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82%D0%B0%D1%86%D0%B8%D1%8F%20%D0%B4%D0%BB%D1%8F%20Windows%20Server%202008%20R2%20%D0%B8%20Windows%207%20%28Service%20Pack%201%29&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

f2a0b483672d87381dc2679493aa0d991f626e00690b5f45ca507d497fa5bf95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:07 GMT
x-content-type-options: nosniff
last-modified: Wed, 07-Sep-2022 02:20:07 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: http://winintro.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 427
x-xss-protection: 1; mode=block
expires: Wed, 07-Sep-2022 02:20:07 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:07 GMT
last-modified: Wed, 07-Sep-2022 02:20:07 GMT
location: /watch/490927/1?wmode=7&page-url=http%3A%2F%2Fwinintro.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ocpriggyfyr9aewcgvlq0%3Afp%3A720%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A799866990084%3Ahid%3A53170941%3Az%3A0%3Ai%3A20220907022007%3Aet%3A1662517207%3Ac%3A1%3Arn%3A748895586%3Arqn%3A1%3Au%3A1662517207923089073%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Antf%3A1%3Ans%3A1662517206207%3Ads%3A483%2C49%2C115%2C1%2C0%2C0%2C%2C119%2C%2C%2C%2C%2C%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1662517207%3At%3A%D0%A0%D1%83%D1%81%D1%81%D0%BA%D0%B0%D1%8F%20%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82%D0%B0%D1%86%D0%B8%D1%8F%20%D0%B4%D0%BB%D1%8F%20Windows%20Server%202008%20R2%20%D0%B8%20Windows%207%20%28Service%20Pack%201%29&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29
strict-transport-security: max-age=31536000
access-control-allow-origin: http://winintro.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Wed, 07-Sep-2022 02:20:07 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 4ED1 8 KB
1 KB 45ms
18ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2339592383170032&output=html&h=280&slotname=9703837508&adk=1748934517&adf=3025194257&pi=t.ma~as.9703837508&w=1200&fwrn=4&fwrnh=100&lmt=1662517207&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwinintro.ru%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1662517206945&bpp=4&bdt=89&idt=98&shv=r20220901&mjsv=m202209010201&ptt=9&saldr=aa&abxe=1&correlator=1357325194016&frm=20&pv=2&ga_vid=2046137264.1662517207&ga_sid=1662517207&ga_hid=1878822407&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=8&ady=68&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760912%2C31068919&oid=2&pvsid=2430286127925473&tmod=1335232453&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=F2rhqDfYIo&p=http%3A//winintro.ru&dtd=110

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Sep 2022 00:39:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 07 Sep 2022 02:20:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Sep 2022 02:20:07 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220901/r20110914/client/ Frame 4ED1 2 KB
983 B 37ms
11ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220901/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 01:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2131
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Sep 2022 01:44:36 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220901/r20110914/ Frame 4ED1 23 KB
10 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220901/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d3f0c278eba7ca4904ef08e954e5d21231a363ddf14d74592de748ec54aa299

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:14:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 345
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9663
x-xss-protection: 0
server: cafe
etag: 5256006603266553849
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Sep 2022 02:14:22 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220901/r20110914/client/ Frame 4ED1 3 KB
1 KB 35ms
11ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220901/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 01:52:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1640
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Sep 2022 01:52:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4ED1 142 KB
44 KB 64ms
27ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e851345505ee432c9397d60e5d91929ab4e5921f75c91f359b0939a879304b7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:20:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44792
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661945761880069"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 07 Sep 2022 02:20:07 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220901/r20110914/client/ Frame 4ED1 17 KB
8 KB 34ms
8ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220901/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

223699d3b640bd75dd3c7615cbbf5c37bfead5c28bfcf807c5ada05d021cbdf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:15:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 270
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7602
x-xss-protection: 0
server: cafe
etag: 8484125879011292595
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Sep 2022 02:15:37 GMT

GET
H2 200 e3ca5db921b3b46420ba257a4c2f6b26.js Show response
www.gstatic.com/mysidia/ Frame 4ED1 33 KB
14 KB 34ms
8ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e3ca5db921b3b46420ba257a4c2f6b26.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Fri, 02 Sep 2022 13:15:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 392694
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13683
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 19:26:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 13:15:13 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4ED1 0
0 55ms
55ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cy2gi1_8XY-nbBJHZ3wPbyrmADKPjmbtr2qzt0q8QwI23ARABIIOMikdglfrwgYwHoAHdvOCRAcgBCakCibQI536dsD6oAwHIA8sEqgTLAU_Ql-5nIwI-SSG9thkObSR3f1JGlypSotRBmUn97A_Xw8mW7JVGxFp4-ua-G0K9gzRCbRojXHA7gqln7bewGeX6fbWveISYk_sGQe_p8siUgCFOUfw17cSQIxjP0nm5A4IriUDnotOXl_aN07vZGG5tzmSJJtDGs8QHEhJbMKZ0vw6A82KAfHjIlhqf5gBcGaMIfG2J8unSsw34kO5ekGVz5YUemUHHNC_xYe2e3-3NEegiU4UKXEMT3WJUkN2URxdUaMM0LYnMBOP6wATg8Mn3kASSBQQIBBgBkgUECAUYBKAGLoAHi8Of7gKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDXgzrSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTCtAVAYAXAbIXHAoaCAASFHB1Yi0yMzM5NTkyMzgzMTcwMDMyGAA&sigh=_eQ-on0of14&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2339592383170032&output=html&h=280&slotname=9703837508&adk=1748934517&adf=3025194257&pi=t.ma~as.9703837508&w=1200&fwrn=4&fwrnh=100&lmt=1662517207&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwinintro.ru%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1662517206945&bpp=4&bdt=89&idt=98&shv=r20220901&mjsv=m202209010201&ptt=9&saldr=aa&abxe=1&correlator=1357325194016&frm=20&pv=2&ga_vid=2046137264.1662517207&ga_sid=1662517207&ga_hid=1878822407&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=8&ady=68&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44761793%2C44760912%2C31068919&oid=2&pvsid=2430286127925473&tmod=1335232453&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=F2rhqDfYIo&p=http%3A//winintro.ru&dtd=110
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 07 Sep 2022 02:20:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 07 Sep 2022 02:20:07 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14246566237385795826/ Frame 4ED1 41 KB
41 KB 28ms
12ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14246566237385795826/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b92ca98eea77f699a2aa0c7be7001ad8f1e939ce1376ee0766c35160737c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 04 Sep 2022 22:29:14 GMT
x-content-type-options: nosniff
age: 186653
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41578
x-xss-protection: 0
last-modified: Wed, 27 Jul 2022 09:23:13 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 04 Sep 2023 22:29:14 GMT

GET
DATA 200
OK truncated
/ Frame 4ED1 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4ED1 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4ED1 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 532ad0ff9f2efee7c83c11d6ec4896565349c11319f65a3f59585813e4789cf6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 4ED1 28 KB
28 KB 31ms
8ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 08:44:44 GMT
x-content-type-options: nosniff
age: 581723
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:44:44 GMT

GET
H3 200 CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 86C6 36 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a0113be1c9721892c8e956e64e882598645af74cd89c02dcfa86c8d854c1c24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 19:40:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23972
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15836
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 06 Sep 2023 19:40:35 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209010201/ 149 KB
53 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209010201/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87f844b88db4f15c54dd9272ca5a788ee53d2e08f27811ecfb419e4260da1068

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54590
x-xss-protection: 0
server: cafe
etag: 8085923009262337367
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 02:20:08 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=winintro.ru

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 07 Sep 2022 02:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=winintro.ru

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 07 Sep 2022 02:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220901/r20110914/ Frame D506 10 KB
4 KB 8ms
7ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220901/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://winintro.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 78209
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 06 Sep 2022 04:36:39 GMT
etag: 8616628553774171045
expires: Tue, 20 Sep 2022 04:36:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C4DF 624 B
299 B 18ms
18ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPn8nwEQlYnMjAMY0s3t0gEwAQ&v=APEucNWFcVlGEGyXAW368tb3PdMXQeyaBgJ8KhSaMtDcUSIucC1zX0DkdaOeCHThCErCSmyJg_dXDW63CDghforVcwYcROuYku33IfV9-Y5OXho0t2CGn9K-dWhG6CXkDYuaGDz3GPvYzeogihHYbhkDNvB_FsHZ9HgcjVE59vxq89eLTDwFznM

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20220901/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 07 Sep 2022 02:20:08 GMT
expires: Wed, 07 Sep 2022 02:20:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 325D 97 KB
37 KB 68ms
68ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjkYNrV3Yo0N9bvaEc4VvfrGZdyuE1OR7H3fcByUl8JcsI5XmNcNfb4IcsxIF2rO9LwrVAn8IzoZoj6z4XkMuoIFhmBuxZCIFMHaP_X7VLzqk0sSdFjuiS6XKMG2AW9qOnAtM4CfnbnRTHJZa1vLBLr0IFHw&dbm_d=AKAmf-BVXjcKee_Kq9g_SiPTOIFVdUEM6LfpM3F1cNcIsVDpQR8yRRiDTT5QLvkyrd3cqx3m1GBr-ytAO8AD__zXBzb2jO9ccNY9dAsVS6T2mRFFkDqK521xby2tCaSFe44U6Q_wHK4lniuuLblGL6gUQDIXN0cY8zwXxiMtGiFJX18QgnQz0MwAAI5mc1BNXV66vTtl0N61YquUr8wfvM444fGntRQ8ihjV3vAlbvXITzr9CyfLSIiKkI5rPvDBg1bD9Kk56oxsiXwefCGiPdwQCuA5cmDk2-4Gon3680Zu-VkuebExgoHU6k4IDlx7AeGBznrYdbQF9bgGJSXKY2CreIQc2aePDoYNH0tzInCcyLSzwaqh4OCQffCGPkOpSDi3PBvCGCDOSf_AF2_7G8C_A7FFH7oyWxXPLBSxBGAqQPSNe5M5l-iBfFDqiDT-EBnwt6X7CfpIkZRnNv0XP2zBRLik_bQefPgAn1Ow18d3O5geLxOzBNlP6a0EMvt9IHxM1mJL_tdddoFIQIzGFpASLo4J5Yxu1M597Ae_A7NfkUQLA5khPXT3nWIhTgLts9FRIZWlucpsh5JbR2wl_6bcSB2Ff6fbbTtwMV5nyyBSJmD_icsyz-jIXg5FSg0_kd8iX2EUxvlssVrmSXF4ExzSv1IHyEZXuWQlSSWwX_dRiv5B3zjxcwBLMU0zHDjUKkrB-OLNjJcePuWggE21gV4SNU8dRm0LvLViJ5whEk2BW8iChOChJaGuAei5Wo7dlwNsJ67VlzfxylmD1PV8L_ckOod-LBFguGciAUwwUNnFNRHyfPDdpfEwQo3OMA_HJZhnv61ZrTr-r_bDNuM9U3IBPsysSnhylX-H8ablnw0x6USot_3kPsBqiqbySnD0_mSSKluMsfzi8Ic0nycroL0fyGsTcoXNGKD2HXB4ss8qIxnmmHCw2aXR6rNDQT19AxmV_x4XBVVhSBhnNvK9u1rvTv9-eqmMa1pPaRWcJ0_yjLAPzXz0U_4-HUSl2hy3KDM3TQCimxySWqXqTrJfqrirecmIHq2M8oJ2DYbCuE5B4InDRjINn35ghPjh005C9kfPCVW_6OTA7B6keBOZCthNeLmm4WqWm4t9x5-_6WKM-jegrpYE5ea1uZpI1yA4V1ytrrE4Tr4LSDn1lQzKun6b9D0Cqh8FmUTw773CSKrpuunHiuClGpsoBeH0oixT8HFCqZ7IDkMA3AvfDjMydrYZQpLffHNSPM2YnkoYOj6LMVc6LLO0aYj8Vfh6S6qgFZ3O-6XSrmkASSN8NDQOaGnMIvDHOOfo9nUdYodxA42Rst_jxhw5HtTawQeB5xA3YgSlnujSdKFFGrOhwyLZgRFvMjJewzhNZV6nrjDjUeOearcbVrVcx93M-kVzPIRcDjMlVj1ZLqP0Gx9fJ6O145FLhr_uK8GLQZWpmzfvBd8emSHm0p53KNdlEjEizQPj8Dupo6jUkxJuMiD0UK5T4rI-mIbKxf7f7gNbCQmFA2LGYp2dJeTtgAw1vCAJ18RY8V8Z1OCECJ9vTH1AqGl37K2dxqAzMFVNya3wznlWRRWFv9PCtzsg2ySJEgldCmk27yAHi0i3yeHaJUQ3kjJytuzRGFlG9aOhwgmSkaO1hPOrCmtCRPTI5XsAuraoqUAqDa6KB35yS3964XWD1aOjFYJNNku8GJPPusqRs8gF-n4QhSjKNMuVmOxx3vnfgMCi4BLHNwhkQ3ctfKBPQSaWlOnRHOozREg6hXycfqehYcivc_3FWdHY7wynANevZ0Q2TrRK6NjkL4sCPWdN0Nh45kzLv6-i0FZ_iwXqB3ZtHALR34Tfizqgu3GsgNIsyD_-w-bFmDTDr-DQU9ZwIU8aLgW47sU_HNA1YNo4dVVYqrvabikjoK-sbnhrpeoF7GlxyvO6Og9gIIiyHjoy00f4aU7LJODrlFg8Jz3kQap7Q2B4iew0R5n1oOLqUBwJDhr-3QfzIFQfnhvOGXpjNr5wSnbrkrsF2EkO4VwKgRzLIsV3lgrUk-zbdyqD373zq6wdqAYCbbg-OMJpUQ0kFimzxzP_3iZ0PFg9bCZ8ytD9kJEirbyJA4nOCvKyj9tn9P__RChX0IhfEG5lvRNeSOLpIOs2_GgaM1X4HF7J76YwjBdwJ4KskIT3fZLl3jA3CocQ6WhetH8yjYCqs3WvEu0XeDsG3HacqTI2NnOfvmRgMmEkqW5b2_eH1LYV-NS1F40sDDBptdR8pvtnhTU8_kbm3EwYRyiFYCCdRK3E3y62IydPSKSV3zJ2wo3yKmclTgKRyt5FruWc7Gs8K7npQJkFD7pM4MFxGBF32M64O3ABnTT9RFJ21QRiVgZkFLgVQBBKmKEh1LzIMGOz8zFLDYrnLrq5dsduF7M289P2LGodytyOfFWvQEz0Ms9sR-uojCJwrUkwLWUmdGDzvCpCu5ZeybU25jVVZwLH979yboj9kn0ZVCn3-5ivAqfhavZMXpQS4A4r-ys-m_HPmNxWLOHLRx9axz6Uy0UTvsBLrgh3jvgW5lyRtfU7wPhmEVcBjiL6Jf0ttHjeGikyRkdFFxWImF-NI3exk_uUbOETNwjV7uUAUWoGUJbT2seLw2wgkSIRToYape61zQ0EAbHB2zXCqB8UIcOi68kR7bGog5ld4Wopm509imlruaecvAQU5usUl6EMVZ-RHnMyABCGyZaRUaxsHBH3UFDi0EjemfIJuBCgNNF2Mdt5DfHGWsWahYEYk2MHI8lEBpSj0IaegS8AnDnLDaHjJ4ELn74Y9Z9HucIwB427GonrhUrh1il1HB8xp2d6GBryQO8ii5XBooAjZB_XORym0Su-hE5kDkByGyg-iVPthSVGZJBMXSmRxDI6obKRH6gQb4aMP6ur7squOruRqKg0yaTKU9b6SPwxdiLXLAkwMC89q43ogLQqtoB6h8BPMJPXzmVn_YGg-5pktt0_jMSbQiiSxDtJ5Qtcr0amZgEtgQam43xvyh1DsbhZFwR23hmsgwtYWUIgTo_HwZw56jd8N247p8JUQ0DTGe-YwBJAEK6vyWApQEQUIbpGL378CgVPmGie1_4ZWuzEfthTgk4Cb8rsbvHUWq-UgD4SnDxwDT2yWLVi5Vn0hoALoFiMr_3Q6qCViBgzheKXU4YM6NbOve2E6vZOW3vnR_pKb4XqM0jIVxUNiMvZpCb4FDJbK40khM9tH9-xcSJLLnP3w0rYkthHORagRswp-7WE680OFtEFxGMqn_2VPZs0NnUDEwUapMHKABE0KZmB2UsZ92pwwHtD6VaaZBzCpbCwkgowhJSQlku2BAT6G6JPsfxDXgxhYsBO4nRWeqxbC0N8_XkZs9ZSPxWjKI5EGf2Ds5m3-qLHFWE&cid=CAASKORozOFP0UsNlSYn9PxLwW5nHaasV7P6oakfy5CUfkLKAf1FPn3YD1o&rfl=2%2Chttp%253A%252F%252Fwinintro.ru%252F%240

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5391764776f433d7ed81cb34951f5a41994c6f07c5f56a76b9a4d78bda800aea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220901/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38247
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220901/r20110914/client/ Frame 325D 3 KB
1 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220901/r20110914/client/window_focus_fy2021.js

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 01:52:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1641
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Sep 2022 01:52:47 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220901/r20110914/client/ Frame 325D 17 KB
7 KB 27ms
8ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220901/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

223699d3b640bd75dd3c7615cbbf5c37bfead5c28bfcf807c5ada05d021cbdf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:01:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1096
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7602
x-xss-protection: 0
server: cafe
etag: 8484125879011292595
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Sep 2022 02:01:52 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 325D 0
0 38ms
15ms Image
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTIYJf2EgRySI-CMdI-P-ZusmKyF9y-WPZCKm7_zavPPzGp15Dy7ghTP5L2CKjzQQq3LgE7y2YtEFp5p6nRdakfb58slQ
Requested by: Host: winintro.ru
URL: http://winintro.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 325D 142 KB
44 KB 44ms
27ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e851345505ee432c9397d60e5d91929ab4e5921f75c91f359b0939a879304b7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44792
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661945761880069"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 07 Sep 2022 02:20:08 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 325D 42 B
63 B 41ms
41ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Av6GLPfb2x3Mw7TF4D2VjtNzz8WCLapphZ_h0u-Z-cfomkgybcVkzWEkQDAVQykKDikmu7tNgQa-LlHZh05zbwWhJjOwVxHKoJYk2siKOUg9mXT7A

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame C4DF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELdv-TuzjIvrLWzHGC6wibg&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELdv-TuzjIvrLWzHGC6wibg&google_cver=1&C=1

43 B
845 B

34ms
28ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELdv-TuzjIvrLWzHGC6wibg&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPn8nwEQlYnMjAMY0s3t0gEwAQ&v=APEucNWFcVlGEGyXAW368tb3PdMXQeyaBgJ8KhSaMtDcUSIucC1zX0DkdaOeCHThCErCSmyJg_dXDW63CDghforVcwYcROuYku33IfV9-Y5OXho0t2CGn9K-dWhG6CXkDYuaGDz3GPvYzeogihHYbhkDNvB_FsHZ9HgcjVE59vxq89eLTDwFznM
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 746bf6a7eacfbb53-FRA
pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9smg%2BrcHtix%2BO3IK%2FPw3y4Sas%2BofI14te3Cp04iKIivlU1ttGGNKgxTKGuVegym8TGrnRmnYYMIyqWKDUs1mJSmFs4eDrWbuKusOvsNU54N9vO%2FOBAvlQ8%2BNwaBSd3QHRNhQCkRMmBLFeg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=47i30KsgiqhPPDYCFtEt%2Bu2d4NGEpV%2F0cmHQwsNJSKGDRdn8oKe8s7pU259Y1PebFxHxpxpmb0jXqErmZuHUN3k%2Fi29YhgKuVOdXVuKhtpJX9ASRwgsGS0g4U0Sb2AyJogkq4uRvPqipnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESELdv-TuzjIvrLWzHGC6wibg&google_cver=1&C=1
cache-control: no-cache
cf-ray: 746bf6a7bcc0bb8f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame C4DF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yxf-2NzfNgHt9QBtJZMhfwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELdv-TuzjIvrLWzHGC6wibg&google_cver=1

43 B
845 B

23ms
22ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELdv-TuzjIvrLWzHGC6wibg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPn8nwEQlYnMjAMY0s3t0gEwAQ&v=APEucNWFcVlGEGyXAW368tb3PdMXQeyaBgJ8KhSaMtDcUSIucC1zX0DkdaOeCHThCErCSmyJg_dXDW63CDghforVcwYcROuYku33IfV9-Y5OXho0t2CGn9K-dWhG6CXkDYuaGDz3GPvYzeogihHYbhkDNvB_FsHZ9HgcjVE59vxq89eLTDwFznM
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 746bf6a85b16bb53-FRA
pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SXHaU45WJxSfRa%2BBYvWgXjXKcvpfFL41Unhfp46ZDl6WaSf1Yvla6D3tp8jH2XaEHR%2BrkL%2FespgDBQxMFNyvySGENQEeN50t2yHISwRCT%2Fs7eFm4OfMk2Ovc%2FiwJNj4wrjz3j7b1XPritg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELdv-TuzjIvrLWzHGC6wibg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame C4DF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMDoXTDC9OOWu6NiHxUiHuw&google_cver=1

43 B
1010 B

7ms
7ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMDoXTDC9OOWu6NiHxUiHuw&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPn8nwEQlYnMjAMY0s3t0gEwAQ&v=APEucNWFcVlGEGyXAW368tb3PdMXQeyaBgJ8KhSaMtDcUSIucC1zX0DkdaOeCHThCErCSmyJg_dXDW63CDghforVcwYcROuYku33IfV9-Y5OXho0t2CGn9K-dWhG6CXkDYuaGDz3GPvYzeogihHYbhkDNvB_FsHZ9HgcjVE59vxq89eLTDwFznM

Protocol

HTTP/1.1

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Sep 2022 02:20:08 GMT
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 5dda090b-403d-42bc-968f-f48831bcb5cb
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMDoXTDC9OOWu6NiHxUiHuw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame C4DF
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ0OTE4MzA3NTYxMzczODgwNA%3D%3D

170 B
243 B

17ms
17ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ0OTE4MzA3NTYxMzczODgwNA%3D%3D

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 07 Sep 2022 02:20:08 GMT
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 1d7cd27c-58fa-40b8-8fe1-5c1817f88be8
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ0OTE4MzA3NTYxMzczODgwNA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1102854/65591570/ Frame 325D 47 KB
12 KB 235ms
31ms Script
application/javascript 54.220.47.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1102854/65591570/skeleton.js
Requested by: Host: winintro.ru
URL: http://winintro.ru/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.220.47.254 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-220-47-254.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 1239bc4b6714a8433d859fdd51a6d5fa021b2e0f2e5ff339141cc5eb5765a5a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 325D 170 KB
59 KB 62ms
7ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 16:51:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34116
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 07 Sep 2022 16:51:32 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220901/r20110914/elements/html/ Frame 325D 8 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220901/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjkYNrV3Yo0N9bvaEc4VvfrGZdyuE1OR7H3fcByUl8JcsI5XmNcNfb4IcsxIF2rO9LwrVAn8IzoZoj6z4XkMuoIFhmBuxZCIFMHaP_X7VLzqk0sSdFjuiS6XKMG2AW9qOnAtM4CfnbnRTHJZa1vLBLr0IFHw&dbm_d=AKAmf-BVXjcKee_Kq9g_SiPTOIFVdUEM6LfpM3F1cNcIsVDpQR8yRRiDTT5QLvkyrd3cqx3m1GBr-ytAO8AD__zXBzb2jO9ccNY9dAsVS6T2mRFFkDqK521xby2tCaSFe44U6Q_wHK4lniuuLblGL6gUQDIXN0cY8zwXxiMtGiFJX18QgnQz0MwAAI5mc1BNXV66vTtl0N61YquUr8wfvM444fGntRQ8ihjV3vAlbvXITzr9CyfLSIiKkI5rPvDBg1bD9Kk56oxsiXwefCGiPdwQCuA5cmDk2-4Gon3680Zu-VkuebExgoHU6k4IDlx7AeGBznrYdbQF9bgGJSXKY2CreIQc2aePDoYNH0tzInCcyLSzwaqh4OCQffCGPkOpSDi3PBvCGCDOSf_AF2_7G8C_A7FFH7oyWxXPLBSxBGAqQPSNe5M5l-iBfFDqiDT-EBnwt6X7CfpIkZRnNv0XP2zBRLik_bQefPgAn1Ow18d3O5geLxOzBNlP6a0EMvt9IHxM1mJL_tdddoFIQIzGFpASLo4J5Yxu1M597Ae_A7NfkUQLA5khPXT3nWIhTgLts9FRIZWlucpsh5JbR2wl_6bcSB2Ff6fbbTtwMV5nyyBSJmD_icsyz-jIXg5FSg0_kd8iX2EUxvlssVrmSXF4ExzSv1IHyEZXuWQlSSWwX_dRiv5B3zjxcwBLMU0zHDjUKkrB-OLNjJcePuWggE21gV4SNU8dRm0LvLViJ5whEk2BW8iChOChJaGuAei5Wo7dlwNsJ67VlzfxylmD1PV8L_ckOod-LBFguGciAUwwUNnFNRHyfPDdpfEwQo3OMA_HJZhnv61ZrTr-r_bDNuM9U3IBPsysSnhylX-H8ablnw0x6USot_3kPsBqiqbySnD0_mSSKluMsfzi8Ic0nycroL0fyGsTcoXNGKD2HXB4ss8qIxnmmHCw2aXR6rNDQT19AxmV_x4XBVVhSBhnNvK9u1rvTv9-eqmMa1pPaRWcJ0_yjLAPzXz0U_4-HUSl2hy3KDM3TQCimxySWqXqTrJfqrirecmIHq2M8oJ2DYbCuE5B4InDRjINn35ghPjh005C9kfPCVW_6OTA7B6keBOZCthNeLmm4WqWm4t9x5-_6WKM-jegrpYE5ea1uZpI1yA4V1ytrrE4Tr4LSDn1lQzKun6b9D0Cqh8FmUTw773CSKrpuunHiuClGpsoBeH0oixT8HFCqZ7IDkMA3AvfDjMydrYZQpLffHNSPM2YnkoYOj6LMVc6LLO0aYj8Vfh6S6qgFZ3O-6XSrmkASSN8NDQOaGnMIvDHOOfo9nUdYodxA42Rst_jxhw5HtTawQeB5xA3YgSlnujSdKFFGrOhwyLZgRFvMjJewzhNZV6nrjDjUeOearcbVrVcx93M-kVzPIRcDjMlVj1ZLqP0Gx9fJ6O145FLhr_uK8GLQZWpmzfvBd8emSHm0p53KNdlEjEizQPj8Dupo6jUkxJuMiD0UK5T4rI-mIbKxf7f7gNbCQmFA2LGYp2dJeTtgAw1vCAJ18RY8V8Z1OCECJ9vTH1AqGl37K2dxqAzMFVNya3wznlWRRWFv9PCtzsg2ySJEgldCmk27yAHi0i3yeHaJUQ3kjJytuzRGFlG9aOhwgmSkaO1hPOrCmtCRPTI5XsAuraoqUAqDa6KB35yS3964XWD1aOjFYJNNku8GJPPusqRs8gF-n4QhSjKNMuVmOxx3vnfgMCi4BLHNwhkQ3ctfKBPQSaWlOnRHOozREg6hXycfqehYcivc_3FWdHY7wynANevZ0Q2TrRK6NjkL4sCPWdN0Nh45kzLv6-i0FZ_iwXqB3ZtHALR34Tfizqgu3GsgNIsyD_-w-bFmDTDr-DQU9ZwIU8aLgW47sU_HNA1YNo4dVVYqrvabikjoK-sbnhrpeoF7GlxyvO6Og9gIIiyHjoy00f4aU7LJODrlFg8Jz3kQap7Q2B4iew0R5n1oOLqUBwJDhr-3QfzIFQfnhvOGXpjNr5wSnbrkrsF2EkO4VwKgRzLIsV3lgrUk-zbdyqD373zq6wdqAYCbbg-OMJpUQ0kFimzxzP_3iZ0PFg9bCZ8ytD9kJEirbyJA4nOCvKyj9tn9P__RChX0IhfEG5lvRNeSOLpIOs2_GgaM1X4HF7J76YwjBdwJ4KskIT3fZLl3jA3CocQ6WhetH8yjYCqs3WvEu0XeDsG3HacqTI2NnOfvmRgMmEkqW5b2_eH1LYV-NS1F40sDDBptdR8pvtnhTU8_kbm3EwYRyiFYCCdRK3E3y62IydPSKSV3zJ2wo3yKmclTgKRyt5FruWc7Gs8K7npQJkFD7pM4MFxGBF32M64O3ABnTT9RFJ21QRiVgZkFLgVQBBKmKEh1LzIMGOz8zFLDYrnLrq5dsduF7M289P2LGodytyOfFWvQEz0Ms9sR-uojCJwrUkwLWUmdGDzvCpCu5ZeybU25jVVZwLH979yboj9kn0ZVCn3-5ivAqfhavZMXpQS4A4r-ys-m_HPmNxWLOHLRx9axz6Uy0UTvsBLrgh3jvgW5lyRtfU7wPhmEVcBjiL6Jf0ttHjeGikyRkdFFxWImF-NI3exk_uUbOETNwjV7uUAUWoGUJbT2seLw2wgkSIRToYape61zQ0EAbHB2zXCqB8UIcOi68kR7bGog5ld4Wopm509imlruaecvAQU5usUl6EMVZ-RHnMyABCGyZaRUaxsHBH3UFDi0EjemfIJuBCgNNF2Mdt5DfHGWsWahYEYk2MHI8lEBpSj0IaegS8AnDnLDaHjJ4ELn74Y9Z9HucIwB427GonrhUrh1il1HB8xp2d6GBryQO8ii5XBooAjZB_XORym0Su-hE5kDkByGyg-iVPthSVGZJBMXSmRxDI6obKRH6gQb4aMP6ur7squOruRqKg0yaTKU9b6SPwxdiLXLAkwMC89q43ogLQqtoB6h8BPMJPXzmVn_YGg-5pktt0_jMSbQiiSxDtJ5Qtcr0amZgEtgQam43xvyh1DsbhZFwR23hmsgwtYWUIgTo_HwZw56jd8N247p8JUQ0DTGe-YwBJAEK6vyWApQEQUIbpGL378CgVPmGie1_4ZWuzEfthTgk4Cb8rsbvHUWq-UgD4SnDxwDT2yWLVi5Vn0hoALoFiMr_3Q6qCViBgzheKXU4YM6NbOve2E6vZOW3vnR_pKb4XqM0jIVxUNiMvZpCb4FDJbK40khM9tH9-xcSJLLnP3w0rYkthHORagRswp-7WE680OFtEFxGMqn_2VPZs0NnUDEwUapMHKABE0KZmB2UsZ92pwwHtD6VaaZBzCpbCwkgowhJSQlku2BAT6G6JPsfxDXgxhYsBO4nRWeqxbC0N8_XkZs9ZSPxWjKI5EGf2Ds5m3-qLHFWE&cid=CAASKORozOFP0UsNlSYn9PxLwW5nHaasV7P6oakfy5CUfkLKAf1FPn3YD1o&rfl=2%2Chttp%253A%252F%252Fwinintro.ru%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 01:33:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2815
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3181
x-xss-protection: 0
server: cafe
etag: 10699485926258732851
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Sep 2022 01:33:13 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220901/r20110914/ Frame 325D 30 KB
12 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220901/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e370c81321b940bfffa16037e9e0c265b2256ff4d545d9768dba9ee441392588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 01:34:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2733
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11802
x-xss-protection: 0
server: cafe
etag: 16304758110791105277
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 21 Sep 2022 01:34:35 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 325D 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220901/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 11:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54778
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Sep 2023 11:07:10 GMT

GET
DATA 200
OK truncated
/ Frame 325D 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe6d68fdcf5a8cb02ae363dfa1f88ff5fbd92a669a57ad304f6fb1ecb8d91962

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4419 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 54778
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 06 Sep 2022 11:07:10 GMT
expires: Wed, 06 Sep 2023 11:07:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 4419 36 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a0113be1c9721892c8e956e64e882598645af74cd89c02dcfa86c8d854c1c24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 19:40:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15836
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 06 Sep 2023 19:40:35 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10076116771959472128/728x90/ Frame C125 2 KB
763 B 32ms
16ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af6069c9dbdffca6dcb6c65c7ea92687825049df56801a42da739188bcdf688d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 735
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 07 Sep 2022 02:20:08 GMT
expires: Thu, 07 Sep 2023 02:20:08 GMT
last-modified: Wed, 06 Apr 2022 14:21:21 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 325D 0
622 B 154ms
56ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss03_uCM98HOYLGm4VczGYmkEUNkdieixTo5b7CFkXDllf0YFmfhp6gCBmXBe7ytf3BuRDk6Fas0WZKxpgmK6EqNTjf2_tr4twPGKQbyTVZJ4sC5nRhhUEV9q8DxZkhcI3PtXchL2LMR947oBpc7v15qKRg67j_5VuEost8lH09Ns2iz2GOxHz2svPa9SF3fg9OAKaPe32YanghnMSiYkb9TxS2VNi--4WT8oezrKBOoftWAp3SKPh3LM_Q-B4aonGE3qgVEt27ZPsU0CF2tcsHQuPOymh8JoIrhvnOd0FAi36ql0YGxLWco1626vBYbEwgbK_L4Qzlq2Kr-y-G7O0tbNqG_55-qE6uvx3MGqzPVvG2i8QNpvSX5ginz4di7jdGG_4N2v_czbCNYp1GFZZwLLZgeAIui4Cya5YDYlGVpP1qVQhOgYUqvrwOz046nYmJmyMYwLyvfTb1SKlPBEsE-woula6P2Lq0E8lrm64e7RCj_flFbp29RUxnqe05CwfRqhZvZmE7kX01eMnThft3eMO2zIDW9C_gQdrdwJUbsShzEdYTxvLb0Y_b6JWOMNfoFpWQNi2PWizX34M6uFMk3K6c7HEVWZOl3HKjC09YMt-_hQQ23UTmC9_kWjn7LXnDTzeclirBlBqvVxVGsKqCsdkq9tqf-eS_ps2bwZ9GHe1rPrqYQOFeDi4LaH0tBXRf3cUmskzYR0j9D5txIcYIVT2TANKxxedT8nMm0NRikI4BUJhdYB_xbSWwI9OJFLMYs3Y2xQ-bcgVIf6Jz65METZVmf_uLclJLgJyNElAFqwlIv4CkV3MoogXf3GR6YiJXT8MTS8G8xcB4lrZwhq3ZDzTLsz5-UKLKzf8uvrJXipgXTD-84AwfhhiGpW5l8yM-GJabbopA3i1dPkWOv-St6kwDa3_JUfzV_n5m_Hu9ixu8_DU-9qbYo63eBW-aXVL4KvfnORRMBlC4HhdgNTlafOsjdTibHbiAA9hM7wj_k5XFHOCnpFBgEd-1HZUwuhH26n6tHV3c3x3UR5ilBXAmCOy4jT9OYLuWGwMKHwSR8VoSuR_3jtvnxHMpt_RoUwjfCBIwS5__4ZI8aBauBXthghavLbSHkus2VEO4BKhUv0cVclBGKJ4iOSYrv-ts3YLyqbi6YuAM__EuJSpJthzjACzg&sai=AMfl-YTek8QhZVESt1rg8VstAG6JaQOtltbcDsVyv3d6rHSdbJ0O7Y4IhOa9QEFlChKz9rt60GcU8RVep3Fu37GLLzwwToqLYbwW5Kv6bSpVx3x2bm3Kejl1vzlWISMCiqPEnofJJwpdvXNCFWE2sA8nC0UHz-EJNt5RIpZnayh-db-Zbnto3-e5qvvN-azwj7taox-fXz6wx9PR_n0q0G3gKyhOlEP9jKKpQg&sig=Cg0ArKJSzGqcIwFR-HeREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=101&cbvp=1&cstd=97&cisv=r20220901.70446&adurl=

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Wed, 07 Sep 2022 02:20:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4419 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B9gFB2P8XY_7zDNu6gAf_x4n4DgAAAAA4AeAEAg&bg=!h4SlhMDNAAZTikH4c4o7ACkAdvg8Wl4fsuLbUQ6mBtZRAcHkjv4_RolbNCERrMO6rM-almU8vhjdLQIAAACEUgAAAAJoAQeZAttHV-Hur97t57MHlSjJfxxqr9V_LfErci_TEceJj4bCW_jb5jk7dx7XwLBIxmaoutkAGxPqYLlUKMAeubSJmsWpqLr2cT5yhA7nbAHuX19FxIvQ9mtu1E20Bc9V7SRcfgIEn7OyJUa00dCAAJaTwOFWve_oAZhE43NwCu3yTsBSkPPkXKXfabkltgSJzWHT5lAeqawzATkUh4i3AnElXYPMSMmb0ag1sU7p1q5Zu8g21YjG7Xa1nog5Zoe4y-3KLHmKAF3M45LK0JFDgDkviw339W5vFxRlqaqSxR4TEYl5ybEMl3CmYgF0yQM2bRNAPVnw9z8kF-ilRSRskHLEOjcr9HynTCDLmOMPzDB8rzJiCq3_xXiUWPbFUfkCTPTOq2rVpeZNGAX9D3cQ1X_Zt6OG-C2E8oxY0KRTnD-s41ow_eV5OZwkXQEICNax0P_fHbVoeMeKfrKk-goq3Z9DYXwaU3Uzhf_CgkXovx5W2wZ8WA35SFlCi_5zGwc7oN5HvWriqEInolqvuocu7bT4QGGefXzeKcshUNGuLyh0O0WGZkV1lLDVG5i5D0Gj4cFRYUBVNAMcqPPF3gjAt6A3_n6O3X5q1Z0X0Mr56v5uSs7k15jNME-2Z_eIuDYy7mS1AGHSM4MknvF5NSOtai5KjVZgFfNpw6aglZOGPrLwKMG43l7uGb_DzPKYRG4uDtC2AR-RUI0xHjayNjFikiYXhwQmsjeIBFEGW3B-sfGYnaqjIqs_9SOrjICXLib0YmRSm2vdaTM0F1qfaCbD2yojAaaoARf3dcTolrSpJVl2qZpLnIZC0UXSy_Kmas7OwGqYiAZXR7s6Bxs7ql7pfH05pL71wtGvPC5JNiRcEP0TP_P-fepmsbQRyv0TGM4AHMEJninSQ8OuEVEjfAiEGjppN8HN5x-59OMrf_dWSPKeXh5EZ46tjq54bt_seC0BWZ7CdEwkMcAMs_caO5GbAA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220901/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enabler_01_248.js Show response
s0.2mdn.net/879366/ Frame C125 118 KB
40 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_248.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4701dc5781a4f2bcdddd33cfe6b025b2e532b562faae5f3756973975556b4a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 21:45:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16469
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41094
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:45:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 07 Sep 2022 21:45:39 GMT

GET
H3 200 normalize.css
s0.2mdn.net/sadbundle/10076116771959472128/728x90/ Frame C125 2 KB
998 B 9ms
8ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/normalize.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45009a4360ffe5364e2be9bea31dfdec6eedf10e6649bdaecf011ff88ba928a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 16:41:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34712
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 969
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 14:21:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 16:41:36 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/10076116771959472128/728x90/ Frame C125 9 KB
2 KB 11ms
11ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e986864cf622912ce4d48a3096f3c894f8080402da60fb71bb1f5e174029226

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 16:41:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34712
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2348
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 14:21:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 16:41:36 GMT

GET
H3 200 scroll.css
s0.2mdn.net/sadbundle/10076116771959472128/728x90/ Frame C125 849 B
381 B 11ms
10ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/scroll.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d20906865f2913634eb6b902ad4270939a7ea347c8901bd241d86734e036c97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 16:41:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34712
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 352
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 14:21:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 16:41:36 GMT

GET
H3 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame C125 57 KB
23 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 07 Sep 2022 02:20:08 GMT

GET
H3 200 preloadjs_0.6.2_d7b96570d4552592ae479162e546cb25_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame C125 55 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/preloadjs_0.6.2_d7b96570d4552592ae479162e546cb25_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

291fcf6b0aea583079f4ea7c943852ddd668ad895ee08b0b557b372040d205a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14120
x-xss-protection: 0
last-modified: Wed, 16 Mar 2016 13:51:39 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 07 Sep 2022 02:20:08 GMT

GET
H3 200 pixel.png
s0.2mdn.net/sadbundle/10076116771959472128/728x90/img/ Frame C125 3 KB
4 KB 8ms
7ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/img/pixel.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c835ee88b96ea90b7a8aff875a23ee80a6ac74fce186a84eebcec9d6fd068dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 16:21:52 GMT
x-content-type-options: nosniff
age: 35896
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3569
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 14:21:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 16:21:52 GMT

GET
H3 200 dws-xtrackers-logo.svg
s0.2mdn.net/sadbundle/10076116771959472128/728x90/img/ Frame C125 7 KB
3 KB 9ms
8ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/img/dws-xtrackers-logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f799afebaa0125cc2e1d05bb4559d198d1092b87f20951d3a3d84994e07561de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 16:41:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34712
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3264
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 14:21:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 16:41:36 GMT

GET
H3 200 btn-right.svg
s0.2mdn.net/sadbundle/10076116771959472128/728x90/img/ Frame C125 946 B
503 B 8ms
8ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/img/btn-right.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5aa7357513ae62edeec06a9ff700c76e506a6d54945a572ac16249e8048e55af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 16:41:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34712
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 474
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 14:21:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 16:41:36 GMT

GET
H3 200 logic.js Show response
s0.2mdn.net/sadbundle/10076116771959472128/728x90/ Frame C125 16 KB
5 KB 8ms
8ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/logic.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26abc6684af8d5cd249b016c221a9b8032cdd92682f0ea468f887a378268a084

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 16:41:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34712
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4675
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 14:21:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 16:41:36 GMT

GET
H3 200 scroll.js Show response
s0.2mdn.net/sadbundle/10076116771959472128/728x90/ Frame C125 5 KB
2 KB 9ms
8ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/scroll.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4261168c69b8f0887385e3f95c5f7ea90f52d428ad1fe827a6d4beb5e36f9546

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 16:41:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34712
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1703
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 14:21:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 16:41:36 GMT

GET
H2 200 main.19.8.347.js Show response
static.adsafeprotected.com/ Frame 325D 193 KB
60 KB 68ms
8ms Script
application/javascript 2600:9000:2240:9c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.347.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1102854/65591570/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:9c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c5416216b0fe28010c8cd584a8385540ad3752bf10b51313a2cfd2a34a68bc1c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 20:15:30 GMT
content-encoding: gzip
age: 21879
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 06 Sep 2022 16:08:06 GMT
server: AmazonS3
etag: W/"e927bffc67fcecad60e9746daaea058f"
vary: Accept-Encoding
x-amz-version-id: QooUCynUyoisOuMsBpfQ7BsIRfzSsh4_
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA60-P1
content-type: application/javascript
x-amz-cf-id: bmRyiy6YdLlrs0YR8MsMHTmMStVnqQ5wTvPlbrVGIwkoP1ZcEPrrRQ==

GET
H3 200 open-icon.svg
s0.2mdn.net/sadbundle/10076116771959472128/728x90/img/ Frame C125 739 B
500 B 7ms
7ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/img/open-icon.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

658b15da00eeb4c46131024f30119f582d0c4d46e3434ba2a1045999de575c7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 16:41:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34712
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 471
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 14:21:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 16:41:36 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 325D 0
26 B 71ms
49ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: winintro.ru
URL: http://winintro.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 07 Sep 2022 02:20:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 DWSSlabWeb-Regular.woff2
s0.2mdn.net/creatives/assets/4369730/ Frame C125 31 KB
31 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4369730/DWSSlabWeb-Regular.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd6058bab23892b96292f3ee138daa1661219bf2e117acd6252a2f90c517dc4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:06:52 GMT
x-content-type-options: nosniff
age: 796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31535
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:05:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 07 Sep 2022 02:21:52 GMT

GET
H3 200 DWSSansWeb-Regular.woff2
s0.2mdn.net/creatives/assets/4369730/ Frame C125 28 KB
28 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4369730/DWSSansWeb-Regular.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac20dcf13424aa4a54bfb9a97b3630e410f1b121c001399297d78b248e71e24a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:06:27 GMT
x-content-type-options: nosniff
age: 821
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29036
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:05:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 07 Sep 2022 02:21:27 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C125 7 KB
5 KB 55ms
27ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_248&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_248.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

94dffacb8b287bfda0782648f251ef7ab63de30565ce12dde4a4e7e58ce98565

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 07 Sep 2022 02:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5595
x-xss-protection: 0

GET
H3 200 dco_banner_sparplan_2021.png-v=874293489_1645715296956_dco_banner_sparplan_2021.png
s0.2mdn.net/dynamic/2/10927394/etf.dws.com/globalassets/_-graphics/graphics-germany/ Frame C125 469 KB
469 KB 9ms
9ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10927394/etf.dws.com/globalassets/_-graphics/graphics-germany/dco_banner_sparplan_2021.png-v=874293489_1645715296956_dco_banner_sparplan_2021.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220901/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec47100cf226fe6baf86a75108cacba539bf34eeea008612fd08ad7ce454e18e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 08:50:53 GMT
x-content-type-options: nosniff
age: 62955
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 480315
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 15:08:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 06 Sep 2023 08:50:53 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 23ms
22ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220901&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

234d4396213c09dba6fe2c4fe464390977a54169faf347b0cbea7370453b4eae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 07 Sep 2022 02:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11159
x-xss-protection: 0

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 325D
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1102854/65591570/skeleton.js?adsafe_url=http%3A%2F%2Fwinintro.ru&adsafe_type=g&adsafe_url=http%3A%2F%2Fwinintro.ru%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgo...
https://static.adsafeprotected.com/skeleton.js

17 B
464 B

237ms
236ms

Script
application/javascript

2600:9000:2240:9c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Protocol: H2
Server: 2600:9000:2240:9c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 02:01:00 GMT
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
age: 5876349
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
cache-control: max-age=315360000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: MHvQnqCknUDCxkiwp3OM-geTcW5hvoZ_8N-xqi8j8einefcx0zzW5w==

Redirect headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
x-server-name: app04.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame BA9A 80 KB
21 KB 16ms
16ms Script
application/javascript 2600:9000:2240:9c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220901/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:9c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 16 May 2022 08:34:34 GMT
content-encoding: gzip
age: 9827135
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA60-P1
content-type: application/javascript
x-amz-cf-id: As13G442PpxtjOLjr-ERA6n1CTYzqlA2aVOBBVHBX3Z0Zr0iG7o9bQ==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 325D 43 B
215 B 334ms
92ms Image
image/gif 2600:1f18:1aca:4282:bee0:4676:e27e:8238
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1102854&asId=20683240-b022-f409-cce4-6da44d80335a&tv=%7Bc:nuw9Ci,pingTime:-3,time:129,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:114%7D,%7Bpiv:0,vs:o,r:l,t:129%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:130,n:129,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:114,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B26~1,0~0%5D,as:%5B26~728.90%5D%7D%7D,%7Bsl:o,t:129,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tgI8Mml+11%7C121%7C13%7C141*.1102854-65591570%7C1411%7C1412%7C1413,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:bee0:4676:e27e:8238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 325D 43 B
215 B 330ms
93ms Image
image/gif 2600:1f18:1aca:4282:bee0:4676:e27e:8238
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1102854&asId=20683240-b022-f409-cce4-6da44d80335a&tv=%7Bc:nuw9Cl,pingTime:-6,time:132,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:132,n:129,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:114,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B26~1,0~0%5D,as:%5B26~728.90%5D%7D%7D,%7Bsl:o,t:129,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B3~0%5D,as:%5B3~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tgI8Mml+11%7C121%7C13%7C141*.1102854-65591570%7C1411%7C1412%7C1413,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&tpiLookup=ao:winintro.ru%2Cgoogleads.g.doubleclick.net*&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:bee0:4676:e27e:8238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 07 Sep 2022 02:20:08 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C125 17 KB
6 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_248.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 07 Sep 2022 02:20:08 GMT

GET
H3 200 dco_banner_sparplan_2021.png-v=874293489_1645715296956_dco_banner_sparplan_2021.png
s0.2mdn.net/dynamic/2/10927394/etf.dws.com/globalassets/_-graphics/graphics-germany/ Frame C125 469 KB
469 KB 14ms
14ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10927394/etf.dws.com/globalassets/_-graphics/graphics-germany/dco_banner_sparplan_2021.png-v=874293489_1645715296956_dco_banner_sparplan_2021.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/logic.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec47100cf226fe6baf86a75108cacba539bf34eeea008612fd08ad7ce454e18e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10076116771959472128/728x90/index.html?e=69&leftOffset=0&topOffset=0&c=rDU5pypNOt&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 08:50:53 GMT
x-content-type-options: nosniff
age: 62955
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 480315
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 15:08:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 06 Sep 2023 08:50:53 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 325D 43 B
216 B 321ms
92ms Image
image/gif 2600:1f18:1aca:4282:bee0:4676:e27e:8238
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1102854&asId=20683240-b022-f409-cce4-6da44d80335a&tv=%7Bc:nuw9Cv,pingTime:-2,time:142,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:93,bdZ:356,beA:366,beZ:367,mfA:465,cmA:466,inA:466,inZ:471,prA:471,prZ:475,si:479,poA:480,poZ:491,cmZ:491,mfZ:491,loA:497,loZ:499,ltA:507,ltZ:507,mdA:367,mdZ:444%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:114%7D,%7Bpiv:0,vs:o,r:l,t:129%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:142,n:129,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:114,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B26~1,0~0%5D,as:%5B26~728.90%5D%7D%7D,%7Bsl:o,t:129,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B13~0%5D,as:%5B13~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tgI8Mml+11%7C121%7C13%7C141*.1102854-65591570%7C1411%7C1412%7C1413,idMap:141*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,sinceFw:27,readyFired:true%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:bee0:4676:e27e:8238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4ED1 42 B
64 B 48ms
48ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvm8S-Vk7cVaWh8zfivKNu68Z3CgaopgNm1VcRear06i6th21MdLxZihFEquPwz_h-hCFTiy2ZDGYrzrQ0pq3WXFwtBlBO0KXN4-K6OMpbILRhidKZ1XoErxn0wpCMh-0UjsKJh1w&sai=AMfl-YRJR39UIVeSFbd-KVWGRt6Aak3BIjVOy34oCVNH0GfB1Tz3m7a0c1cPF4pFiBQbt-EopVM9bHAOlKAv&sig=Cg0ArKJSzAByJeqrC4pQEAE&id=lidar2&mcvt=1005&p=0,0,280,1200&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20220831&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1748934517&rs=2&la=1&cr=0&vs=4&r=v&rst=1662517207056&rpt=631&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F5F3 13 KB
5 KB 10ms
8ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://winintro.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 20652
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 06 Sep 2022 20:35:56 GMT
expires: Wed, 06 Sep 2023 20:35:56 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F989 783 B
537 B 39ms
16ms Document
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b44c4000665c6a14144d403e65498496738c790ed0892be156464cb02e3c483e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-H6VpyU4Bxy5ABAkCRuJ-Jg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://winintro.ru/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 515
content-security-policy: script-src 'report-sample' 'nonce-H6VpyU4Bxy5ABAkCRuJ-Jg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 07 Sep 2022 02:20:08 GMT
expires: Wed, 07 Sep 2022 02:20:08 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js Show response
pagead2.googlesyndication.com/bg/ Frame D66E 36 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a0113be1c9721892c8e956e64e882598645af74cd89c02dcfa86c8d854c1c24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 19:40:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15836
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 06 Sep 2023 19:40:35 GMT

GET
H3 200 CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js Show response
pagead2.googlesyndication.com/bg/ Frame F5F3 36 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CgETvhyXIYksjpVuZOiCWYZFr3TNicAtz6hsjYVMHCQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a0113be1c9721892c8e956e64e882598645af74cd89c02dcfa86c8d854c1c24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 19:40:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15836
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 06 Sep 2023 19:40:35 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F989 0
0 43ms
43ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220901&jk=2430286127925473&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F5F3 0
10 B 7ms
7ms Image
text/plain 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?GqXiYg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:20:08 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 325D 43 B
215 B 92ms
92ms Image
image/gif 2600:1f18:1aca:4282:bee0:4676:e27e:8238
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1102854&asId=20683240-b022-f409-cce4-6da44d80335a&tv=%7Bc:nuw9Hf,pingTime:-10,time:436,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwNS4wLjUxOTUuMTAyIFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000002002220000022220200000222200022020002022022022222202002220222022222022222000000200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022020000000020000000000000000000020220202220000022200202202220022000200222022200200022202220020222202000220000222202222202222000002002002222222202220022202200022002220202202,asp:1662517208989%7C%7C0fac9499fa16d0cd6c3a3b0776141e25%7C%7C56c24cb524127a0f41136c1e5c39617f%7C%7Cfef1a460e2948fed65465022229d0fd7%7C%7Cf7a2a4e18f5c6436b45e6c6bf6dfaacf%7C%7Cf9fb4b51e65dfb071d083d7af5d6c4c0%7C%7C3b3b37c5d7422173e5830b6977aa466d%7C%7Cdce298836076aa97750176b4aea6c066%7C%7C1629390669%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:bee0:4676:e27e:8238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:09 GMT
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 325D 43 B
215 B 93ms
93ms Image
image/gif 2600:1f18:1aca:4282:bee0:4676:e27e:8238
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1102854&asId=20683240-b022-f409-cce4-6da44d80335a&tv=%7Bc:nuw9HK,time:467,type:e,im:%7Bimprf:%7Bttecl:710,ecd:285,tsecr:38%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:323,o:144,n:129,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:114,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B26~1,0~0%5D,as:%5B26~728.90%5D%7D%7D,%7Bsl:o,t:129,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B15~0%5D,as:%5B15~728.90%5D%7D%7D,%7Bsl:i,t:144,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:80,obst:0,th:0,reas:,bkn:%7Bpiv:%5B323~75%5D,as:%5B323~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:334,fm:tgI8Mml+11%7C121%7C13%7C141*.1102854-65591570%7C1411%7C1412%7C1413,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:bee0:4676:e27e:8238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:09 GMT
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 325D 43 B
215 B 92ms
92ms Image
image/gif 2600:1f18:1aca:4282:bee0:4676:e27e:8238
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1102854&asId=20683240-b022-f409-cce4-6da44d80335a&tv=%7Bc:nuw9KC,pingTime:0,time:645,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:114%7D,%7Bpiv:0,vs:o,r:l,t:129%7D,%7Bpiv:76,vs:i,r:,t:144%7D,%7Bpiv:80,t:262%7D,%7Bpiv:100,t:645%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:501,o:144,n:129,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:114,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B26~1,0~0%5D,as:%5B26~728.90%5D%7D%7D,%7Bsl:o,t:129,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B15~0%5D,as:%5B15~728.90%5D%7D%7D,%7Bsl:i,t:144,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B501~75,0~100%5D,as:%5B501~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:95,fm:tgI8Mml+11%7C121%7C13%7C141*.1102854-65591570%7C1411%7C1412%7C1413,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:bee0:4676:e27e:8238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:09 GMT
x-server-name: dt03.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 47ms
46ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220901&jk=2430286127925473&bg=!o6CloOTNAAZTikH4c4o7ACkAdvg8Wv3YUCspLciIf8H2LuUzqOZrHpcqvlFrREqK8FuKwk2fIr3bCwIAAABYUgAAAAJoAQcKAEG-QwsfkV0V0BZK15HemfHXQ1Yf4j3kZzgwm_DEiliu12c8gitccibOw8YQF16Fdk7rQky2zDsJqs6BAFaoO2TDTpkCmLwO9akYg3uvTM5DAO0iKs-5gPyaMSebEWkj2v8msmaivWfBr5anNyevhDoDZTyt8wf37bgUAVIS4ffTN27ScPnLMKStSVNm6upgy5-VZ9OiTuSsHp_OLF8k3lNkK3GaDCBG7JyvO7nLAbPDckrofTCf6kba6tIj6pya0a_B93oxPHXiinmyNbP7ua6UhZqlHb_coktdeSbmRenA10iPdLo-SKDuXvO0QK284jRSzSPIO6ZT8QfqIi46tWCPilVlzolbFZZ_QOIMdhlmVSnQ0ixyE-HwdAHDJq1_mprBP2_d0i_N9OmZBUqPG2nC6RNEybxXgddVDRWLixBE_i2mCa8Noi2GdPjE2JS822g5CBqs-78v9rcxhqpDLXfRha3_m83h1kd-uTikuV3gOFlYkPAa-E7heRViQ53eU2B9LYgugwWZKG7xt0xYPVsgOYF_Y8zGPFM7wmVkL3VPl3qQgKFWMefprcOtsPBOOFG2XK9DT-pBRldRaRCmLv317ACbaDTdiq9mH37JAyFHSeZ0uI-ZboNSJRf7juwW5tCUrXbDAPZsUYgRNThqNckCc5pFK5vU__hTDUhnXMPVlRujAlKEf6ln0fmIp6igPn5dNh_beDVKJLus7perFjt2z2UOGE6UamH94WFMFVh0xbhS2amqBBY_iZbEo6g-7XiSf_cYNvV2w12RFpPKoz6IYLdnXtpzIcDJSASB364MOQu1Agkpwc_XYQ_jtRWTHF76O_gpgz7pBNULLVHc48PkvDBl0KqB0Qb8g5In_10E9WSj1qSJR9pOHY1L88o378WBxD8ZMkSnNy8Tfpwa3yAJnmiD4z06VK5327dUZKQmUtbfCjM51TAE1EWS0Mg_y9lU6yiYxOOEnwXBwfg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://winintro.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 325D 42 B
64 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssfUaPvvLLnmqWoH3V6wNj9LY5On2gnUkMEiGCMVC2LkmkHTgiTZbiusG5ny6Igc9L-3dJcstFjPRwP6dv4wH_7_0X9SXpt_c_xTLP7OTxb0jwUpo0f8HcbAYxjg-eGACtVm0EkKcQ&sai=AMfl-YRXcEthiTsuRuOu0WcD1mAG5toi2v_VKWTfbm5W1CpoZeUbJhGR9LNICeI699i-b8MdhEQAo56xd9FvhERuyoLBAS9xPvOA2xpF4ZYDyX2tCIrbxtGRiGiGrY6rHONJ&sig=Cg0ArKJSzAQ7LZHv2SHGEAE&cid=CAASKORozOFP0UsNlSYn9PxLwW5nHaasV7P6oakfy5CUfkLKAf1FPn3YD1o&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=318,807,1000,1069,1069&tos=318,489,193,69,0&v=20220831&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1662517208188&rpt=235&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 325D 43 B
215 B 96ms
96ms Image
image/gif 2600:1f18:1aca:4282:bee0:4676:e27e:8238
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1102854&asId=20683240-b022-f409-cce4-6da44d80335a&tv=%7Bc:nuw9SG,pingTime:1,time:1145,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:114%7D,%7Bpiv:0,vs:o,r:l,t:129%7D,%7Bpiv:76,vs:i,r:,t:144%7D,%7Bpiv:80,t:262%7D,%7Bpiv:100,t:645%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1001,o:144,n:129,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:114,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B26~1,0~0%5D,as:%5B26~728.90%5D%7D%7D,%7Bsl:o,t:129,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B15~0%5D,as:%5B15~728.90%5D%7D%7D,%7Bsl:i,t:144,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B501~75,500~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:94,fm:tgI8Mml+11%7C121%7C13%7C141*.1102854-65591570%7C1411%7C1412%7C1413,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:bee0:4676:e27e:8238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:09 GMT
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 325D 43 B
215 B 92ms
92ms Image
image/gif 2600:1f18:1aca:4282:bee0:4676:e27e:8238
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1102854&asId=20683240-b022-f409-cce4-6da44d80335a&tv=%7Bc:nuwa0K,pingTime:1,time:1645,type:c,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:114%7D,%7Bpiv:0,vs:o,r:l,t:129%7D,%7Bpiv:76,vs:i,r:,t:144%7D,%7Bpiv:80,t:262%7D,%7Bpiv:100,t:645%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1501,o:144,n:129,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:114,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B26~1,0~0%5D,as:%5B26~728.90%5D%7D%7D,%7Bsl:o,t:129,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B15~0%5D,as:%5B15~728.90%5D%7D%7D,%7Bsl:i,t:144,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B501~75,1000~100%5D,as:%5B1501~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:98,fm:tgI8Mml+11%7C121%7C13%7C141*.1102854-65591570%7C1411%7C1412%7C1413,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,metricId:grpm1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:bee0:4676:e27e:8238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 02:20:10 GMT
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

Verdicts & Comments Add Verdict or Comment

98 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.winintro.ru/	1970-01-20 15:10:13	Name: __gads Value: ID=b2f71705e18d1b20-22b9181e15ce00fc:T=1662517207:RT=1662517207:S=ALNI_MZgIyQgBB22IUdNm3pQEIS4Vmce9Q
.winintro.ru/	1970-01-20 14:34:13	Name: _ym_uid Value: 1662517207923089073
.winintro.ru/	1970-01-20 14:34:13	Name: _ym_d Value: 1662517207
.mc.yandex.com/	1970-01-20 05:48:37	Name: sync_cookie_csrf Value: 2337077228fake
.winintro.ru/	1970-01-20 05:49:49	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-20 05:48:37	Name: sync_cookie_csrf Value: 3108961451fake
.yandex.com/	1970-01-20 14:34:13	Name: yandexuid Value: 2221298411662517207
.yandex.com/	1970-01-20 14:34:13	Name: yuidss Value: 2221298411662517207
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 1907694361662517207
.yandex.com/	1970-01-20 15:24:37	Name: i Value: aPaKcOFcb150fqB69PSYHsv/dvk7t4qyXre89sScE4GDqcr9dAnEEOckQHGCFdH2OYk+T+NIydxMiNoz3zN37PQoSlI=
.yandex.com/	1970-01-20 14:34:13	Name: ymex Value: 1694053207.yrts.1662517207#1694053207.yrtsi.1662517207
.doubleclick.net/	1970-01-20 15:10:13	Name: IDE Value: AHWqTUmo4_ruejG-9HH7-kGz_pZsXJpl29AHLPtm0Mtp3lIbicD6-W3wjgBbgOZT928
.adnxs.com/	1970-01-20 07:58:13	Name: uuid2 Value: 2449183075613738804
.adnxs.com/	1970-01-20 07:58:13	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVHx<N!C!]tbPl1M>e)ZlrFUfJ+tGXxpG=:F=gQrO:uMxDwaCe%AcFZs>9aaS7+uPlc'3If)y3KL9D3I?+Y/t:])
.casalemedia.com/	1970-01-20 07:58:13	Name: CMPS Value: 5132
.casalemedia.com/	1970-01-20 14:34:13	Name: CMID Value: Yxf-2Ll5uPKZSup5BOaECAAA
.casalemedia.com/	1970-01-20 07:58:13	Name: CMTS Value: 1210
.casalemedia.com/	1970-01-20 07:58:13	Name: CMPRO Value: 5132

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://cse.google.com/cse.js?cx=011017919958926383041:ajfvtnc_f9s Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://mc.yandex.com/sync_cookie_image_decide?token=9753.LRb5eUTmfdIKYxf2b7m9Ah31ykO9iWgm5AVlJbEEUnJU7uL2Kqv4tBt06s9pJ13rjeH7_3oajEyxxH_O_VJjCA%2C%2C.UzKcqCf86OYlrfH4gc8VjyKmWjw%2C Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cm.g.doubleclick.net
cse.google.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
log.reformal.ru
mc.yandex.com
mc.yandex.ru
pagead2.googlesyndication.com
partner.googleadservices.com
reformal.ru
s0.2mdn.net
static.adsafeprotected.com
tpc.googlesyndication.com
widget.reformal.ru
winintro.ru
www.google.com
www.googletagservices.com
www.gstatic.com
104.18.19.126
139.162.151.130
142.250.185.66
142.250.186.98
172.217.16.194
185.64.76.74
2600:1f18:1aca:4282:bee0:4676:e27e:8238
2600:9000:2240:9c00:8:48e:53c0:93a1
2a00:1450:4001:800::2003
2a00:1450:4001:800::2004
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:810::2006
2a00:1450:4001:811::2001
2a00:1450:4001:813::2002
2a00:1450:4001:813::200e
2a00:1450:4001:827::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::200a
2a02:6b8::1:119
37.252.173.215
54.220.47.254
0a0113be1c9721892c8e956e64e882598645af74cd89c02dcfa86c8d854c1c24
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
1239bc4b6714a8433d859fdd51a6d5fa021b2e0f2e5ff339141cc5eb5765a5a1
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1c835ee88b96ea90b7a8aff875a23ee80a6ac74fce186a84eebcec9d6fd068dc
223699d3b640bd75dd3c7615cbbf5c37bfead5c28bfcf807c5ada05d021cbdf7
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
234d4396213c09dba6fe2c4fe464390977a54169faf347b0cbea7370453b4eae
24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b
26abc6684af8d5cd249b016c221a9b8032cdd92682f0ea468f887a378268a084
291fcf6b0aea583079f4ea7c943852ddd668ad895ee08b0b557b372040d205a0
2a87dc466b3bf04d2af3c5444cf285b3f4e8e03a954322b01433d11b90793db6
4261168c69b8f0887385e3f95c5f7ea90f52d428ad1fe827a6d4beb5e36f9546
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
45009a4360ffe5364e2be9bea31dfdec6eedf10e6649bdaecf011ff88ba928a2
4701dc5781a4f2bcdddd33cfe6b025b2e532b562faae5f3756973975556b4a38
47ef239537a3332c2eebcfd78aafb41d2ed93b7068ce334631c3e429e5b79584
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4a8eb3554b2b95adcc12d824a96898ed63071f1064e64f17ded9b371df4aa673
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
532ad0ff9f2efee7c83c11d6ec4896565349c11319f65a3f59585813e4789cf6
5391764776f433d7ed81cb34951f5a41994c6f07c5f56a76b9a4d78bda800aea
53b92ca98eea77f699a2aa0c7be7001ad8f1e939ce1376ee0766c35160737c1f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55ba06e3657f8d877d02bb04fd7f12ff609c9bfcc720f36c4d3e486ed8f571d2
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
5aa7357513ae62edeec06a9ff700c76e506a6d54945a572ac16249e8048e55af
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62200de6653947c8d8a7873631f78c2b8a564e40378b6b9d5713186cc1edcf8b
624d8f6e11b854e5a5261fe0397a27d044501253aa15d62327d408182ff9f09f
658b15da00eeb4c46131024f30119f582d0c4d46e3434ba2a1045999de575c7f
6e986864cf622912ce4d48a3096f3c894f8080402da60fb71bb1f5e174029226
7d20906865f2913634eb6b902ad4270939a7ea347c8901bd241d86734e036c97
7d3f0c278eba7ca4904ef08e954e5d21231a363ddf14d74592de748ec54aa299
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
87f844b88db4f15c54dd9272ca5a788ee53d2e08f27811ecfb419e4260da1068
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8bd1348aa73d4d2781bd115e716f3b4e15a0ab64178f0a78dae281a88cc293e1
8cd23ec8376bd245aa627149f0670262553432dac78a0570d6fad0811df79db4
94dffacb8b287bfda0782648f251ef7ab63de30565ce12dde4a4e7e58ce98565
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
ac20dcf13424aa4a54bfb9a97b3630e410f1b121c001399297d78b248e71e24a
af6069c9dbdffca6dcb6c65c7ea92687825049df56801a42da739188bcdf688d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b44c4000665c6a14144d403e65498496738c790ed0892be156464cb02e3c483e
ba7fac58ceb02f4aa2c6197d5f45d89d9d4fc6d14b440bd8558c2e555152bd41
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
c5416216b0fe28010c8cd584a8385540ad3752bf10b51313a2cfd2a34a68bc1c
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d79cf5d48595923130c4bbed7d19592cc71f82c53d0b0e841dd7dde42d39c155
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
e370c81321b940bfffa16037e9e0c265b2256ff4d545d9768dba9ee441392588
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e731c18f5159e2612625f471352650417c4557851c7518a28a76a5bc6896f1b6
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
e851345505ee432c9397d60e5d91929ab4e5921f75c91f359b0939a879304b7a
ec47100cf226fe6baf86a75108cacba539bf34eeea008612fd08ad7ce454e18e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2530ebfa7dd0eb27e3cfaf23a514aa2dc9ee553ce716036113a28a0e28aeb6b
f2a0b483672d87381dc2679493aa0d991f626e00690b5f45ca507d497fa5bf95
f3e87e6819c1a049789173a1c52e62edb0051c1a0af081f4dcac6613c16a367e
f799afebaa0125cc2e1d05bb4559d198d1092b87f20951d3a3d84994e07561de
fd6058bab23892b96292f3ee138daa1661219bf2e117acd6252a2f90c517dc4e
fe6d68fdcf5a8cb02ae363dfa1f88ff5fbd92a669a57ad304f6fb1ecb8d91962

winintro.ru Open in urlscan Pro 185.64.76.74 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

102 Requests

80 %HTTPS

64 %IPv6

16 Domains

26 Subdomains

23 IPs

5 Countries

1998 kBTransfer

3655 kBSize

18 Cookies

2 Outgoing links

Redirected requests

102 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

winintro.ru Open in urlscan Pro
185.64.76.74 Public Scan

Screenshot
Live screenshot

Full Image

102
Requests

80 %
HTTPS

64 %
IPv6

16
Domains

26
Subdomains

23
IPs

5
Countries

1998 kB
Transfer

3655 kB
Size

18
Cookies

102 HTTP transactions
4 data transactions