anticollector.org.ua Open in urlscan Pro
2a00:7a60:0:1018::1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://anticollector.org.ua/
Effective URL:
https://anticollector.org.ua/
Submission: On December 01 via api (December 1st 2022, 1:32:21 pm UTC) from GB — Scanned from GB

Summary HTTP 175 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 42 IPs in 10 countries across 37 domains to perform 175 HTTP transactions. The main IP is 2a00:7a60:0:1018::1, located in Ukraine and belongs to UKRAINE-AS, UA. The main domain is anticollector.org.ua.
TLS certificate: Issued by R3 on October 19th 2022. Valid for: 3 months.

This is the only time anticollector.org.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	2a00:7a60:0:1... 2a00:7a60:0:1018::1	200000 (UKRAINE-AS) (UKRAINE-AS)
9	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3 7	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
1	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
29	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638::b 2a02:2638::b	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
9	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.0.160 178.250.0.160	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2a02:2638:1::8 2a02:2638:1::8	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638::21 2a02:2638::21	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
3	103.229.205.242 103.229.205.242	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 4	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2620:116:800d... 2620:116:800d:21:5ed4:8d5d:fed7:f5ef	16509 (AMAZON-02) (AMAZON-02)
1 1	35.157.182.139 35.157.182.139	16509 (AMAZON-02) (AMAZON-02)
12	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3 3	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	172.64.154.237 172.64.154.237	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8100:2de7:20d7:fcf5:3f3d	16509 (AMAZON-02) (AMAZON-02)
4	144.76.238.55 144.76.238.55	24940 (HETZNER-AS) (HETZNER-AS)
1	184.30.20.207 184.30.20.207	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	116.202.48.214 116.202.48.214	24940 (HETZNER-AS) (HETZNER-AS)
1	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
2 2	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
1	13.41.118.175 13.41.118.175	16509 (AMAZON-02) (AMAZON-02)
1	184.24.12.207 184.24.12.207	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 2	23.3.108.242 23.3.108.242	16625 (AKAMAI-AS) (AKAMAI-AS)
1	65.9.66.11 65.9.66.11	16509 (AMAZON-02) (AMAZON-02)
1	99.86.4.36 99.86.4.36	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f08... 2a03:2880:f080:e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
3	2a03:2880:f14... 2a03:2880:f145:82:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	3.11.196.201 3.11.196.201	16509 (AMAZON-02) (AMAZON-02)
175	42

17 2a00:7a60:0:1018::1 (Ukraine) 1 redirects

ASN200000 (UKRAINE-AS, UA)

anticollector.org.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:6b8::1:119 (Moscow, Russian Federation) 3 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::b (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.160 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:2638:1::8 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::21 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 103.229.205.242 (Singapore)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.182.139 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-182-139.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.115 (United Kingdom) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.154.237 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8100:2de7:20d7:fcf5:3f3d (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 144.76.238.55 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.55.238.76.144.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.20.207 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-207.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 116.202.48.214 (Krefeld, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.214.48.202.116.clients.your-server.de

hal900013.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 145.239.193.130 (France) 2 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.41.118.175 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-41-118-175.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.24.12.207 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-12-207.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.3.108.242 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-3-108-242.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-11.fra56.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-36.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f080:e:face:b00c:0:2 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

socialplugin.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f145:82:face:b00c:0:25de (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.11.196.201 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-11-196-201.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 tpc.googlesyndication.com — Cisco Umbrella Rank: 139	412 KB
28	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 194	140 KB
19	criteo.net static.criteo.net — Cisco Umbrella Rank: 626 pix.eu.criteo.net — Cisco Umbrella Rank: 7558 csm.eu.criteo.net — Cisco Umbrella Rank: 7664	518 KB
17	anticollector.org.ua 1 redirects anticollector.org.ua	2 MB
12	gstatic.com fonts.gstatic.com www.gstatic.com	132 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 39355 hal900013.redintelligence.net — Cisco Umbrella Rank: 289957	61 KB
6	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	1 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	3 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 182	236 KB
5	criteo.com rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 14123 ads.eu.criteo.com — Cisco Umbrella Rank: 7505 cat.fr.eu.criteo.com — Cisco Umbrella Rank: 9402 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 9397 rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 11639	48 KB
5	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 9421	2 KB
4	mathtag.com tags.mathtag.com — Cisco Umbrella Rank: 3442 pixel.mathtag.com — Cisco Umbrella Rank: 882	3 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	4 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 17458 api.webgains.io — Cisco Umbrella Rank: 51949	31 KB
3	casalemedia.com 3 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 419	3 KB
3	pubmatic.com 3 redirects image6.pubmatic.com — Cisco Umbrella Rank: 658	1 KB
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1421	1 KB
2	rlcdn.com 2 redirects id.rlcdn.com — Cisco Umbrella Rank: 550	569 B
2	medialead.de 2 redirects pv.medialead.de — Cisco Umbrella Rank: 56089	1 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 292	916 B
2	openx.net rtb.openx.net — Cisco Umbrella Rank: 1403	415 B
2	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 629	792 B
2	google.de adservice.google.de — Cisco Umbrella Rank: 8649	914 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 134 socialplugin.facebook.net — Cisco Umbrella Rank: 11198	91 KB
2	yandex.ru 1 redirects mc.yandex.ru — Cisco Umbrella Rank: 3665	72 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 48	40 KB
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 51559	3 KB
1	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 121451	312 B
1	awin1.com www.awin1.com — Cisco Umbrella Rank: 13349	704 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 41615	2 KB
1	media01.eu pb.media01.eu — Cisco Umbrella Rank: 54547	607 B
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 155981	931 B
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1519	296 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 613	762 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 203	5 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 859	704 B
0	yandex.ua Failed mc.yandex.ua Failed
175	37

	Domain	Requested by
29	tpc.googlesyndication.com	googleads.g.doubleclick.net anticollector.org.ua tpc.googlesyndication.com pagead2.googlesyndication.com
17	anticollector.org.ua	1 redirects anticollector.org.ua
16	googleads.g.doubleclick.net	anticollector.org.ua pagead2.googlesyndication.com googleads.g.doubleclick.net
13	pagead2.googlesyndication.com	anticollector.org.ua pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
12	cm.g.doubleclick.net	anticollector.org.ua googleads.g.doubleclick.net
9	pix.eu.criteo.net	ads.eu.criteo.com googleads.g.doubleclick.net
9	static.criteo.net	ads.eu.criteo.com
9	fonts.gstatic.com	anticollector.org.ua fonts.googleapis.com
5	fonts.googleapis.com	googleads.g.doubleclick.net tpc.googlesyndication.com hal900013.redintelligence.net
5	www.googletagservices.com	googleads.g.doubleclick.net
5	mc.yandex.com	2 redirects anticollector.org.ua
4	hal900013.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900013.redintelligence.net
4	hal9000.redintelligence.net	anticollector.org.ua hal900013.redintelligence.net
4	www.google.com	2 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
3	www.facebook.com	connect.facebook.net
3	ssum-sec.casalemedia.com	3 redirects
3	image6.pubmatic.com	3 redirects
3	tags.mathtag.com	googleads.g.doubleclick.net tags.mathtag.com
3	www.gstatic.com	googleads.g.doubleclick.net
2	api.webgains.io	analytics.webgains.io
2	e.dlx.addthis.com	2 redirects
2	id.rlcdn.com	2 redirects
2	pv.medialead.de	2 redirects
2	pixel.rubiconproject.com	2 redirects
2	rtb.openx.net	googleads.g.doubleclick.net
2	cms.quantserve.com	1 redirects googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	mc.yandex.ru	1 redirects anticollector.org.ua
1	socialplugin.facebook.net	connect.facebook.net
1	www.googletagmanager.com	adv.office-partner.de
1	cdn.track.production.webgains.team	googleads.g.doubleclick.net
1	analytics.webgains.io	track.webgains.com
1	ad-server.eu	googleads.g.doubleclick.net
1	www.awin1.com	googleads.g.doubleclick.net
1	track.webgains.com	anticollector.org.ua
1	pb.media01.eu	hal900013.redintelligence.net
1	adv.office-partner.de	hal900013.redintelligence.net
1	pixel.mathtag.com	tags.mathtag.com
1	ag.innovid.com	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	rtb.nl.eu.criteo.com	googleads.g.doubleclick.net
1	cat.nl.eu.criteo.com	googleads.g.doubleclick.net
1	csm.eu.criteo.net	ads.eu.criteo.com
1	cdnjs.cloudflare.com	ads.eu.criteo.com
1	cat.fr.eu.criteo.com	ads.eu.criteo.com
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	rtb.fr.eu.criteo.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	connect.facebook.net	anticollector.org.ua
0	mc.yandex.ua Failed	anticollector.org.ua
175	51

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.youtube.com
anticollector.net
anticollector.in.ua

Subject Issuer	Validity	Valid
www.anticollector.org.ua R3	`2022-10-19` - `2023-01-17`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2022-10-18` - `2023-03-30`	5 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-09` - `2022-12-08`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-27` - `2022-12-29`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-14` - `2023-01-13`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-08` - `2023-02-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-01` - `2023-02-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-18` - `2023-04-25`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-10` - `2023-01-10`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.innovid.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-15` - `2023-04-15`	a year	crt.sh
redintelligence.net R3	`2022-10-04` - `2023-01-02`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
adv.office-partner.de R3	`2022-11-02` - `2023-01-31`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-05-20` - `2023-05-21`	a year	crt.sh
*.webgains.com Amazon	`2022-06-14` - `2023-07-13`	a year	crt.sh
www.awin1.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-18` - `2023-04-19`	a year	crt.sh
*.webgains.io Amazon	`2022-08-23` - `2023-09-21`	a year	crt.sh
cdn.track.production.webgains.team Amazon	`2022-09-29` - `2023-10-28`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh

This page contains 22 frames:

Primary Page: https://anticollector.org.ua/
Frame ID: 43AE381F0B5992A854F70B2D193A6227
Requests: 45 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
Frame ID: E2C4C1E8A5EB63CC763228B5BEAD06B8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&slotname=8547202806&adk=3599503499&adf=2449756301&pi=t.ma~as.8547202806&w=1200&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&format=1200x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901533849&bpp=7&bdt=3679&idt=430&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&correlator=5333894031731&frm=20&pv=2&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=190&ady=2330&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=5og0LUA1yj&p=https%3A//anticollector.org.ua&dtd=466
Frame ID: 776D1289E2122B55F5267F94FE041888
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&adk=1812271804&adf=3025194257&lmt=1669901534&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fanticollector.org.ua%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901533856&bpp=2&bdt=3686&idt=473&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&nras=1&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=481
Frame ID: BAE01F522655462B595F81C0F4FC69FB
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y4is3gAFiUgABiI1AAcK9j6KKjedLBcAXubv4w&u=%7CW5IxFvJ7wZefacEJqLJYeGj1IuwYJC2G1XFyQWmX1QM%3D%7C&c1=0n2XosTo5clc2Y5hvSIf5mYMGd9qs4qlgkCe6-ijoCRMK1mCmTgIbqIDMD2xRulRs1WR3SMSMjCWyaziM01RkDUE08YidAPi7kXn9eSUHrm0nRShpt89-WrFatA-avYEiIxAEzI5dRoi8UVdI10WmhT4YR07EJaeUbEQ3GheawrYwu4bo5coz53i5RvHk3wN6OH3nBI5pf2TnEVvwrIQH9C1gflnU9_aZqC47xIsVgAYYO4Hw7aUvPomdECUwFSB0GX3siCMZ32iiYzO1FcjA6f0aVXRD1BWFxC4FteuQPPlb1jmPBftZPaySXuW0Ah3KYgXJIboZ9vvuCS2FF2525PHJeRjqqzkxTb99N8ggqbIgkPDMdSopzbMPugeoqkAmOnCu88NOX_GQfUb2K0IqYPNSSbGsvGZoLaJim1un6WOWJh_16UYCOTkcbCYYbQDnPRfNHf6isw2Xl6uIop58pXu76ZS9BneinCgimEnk-OwFbiIlj9gco4IROqlOcTMNvOEMXy9DO7_owJPdZoKWIjSe5M4qo0Wg6OvEV37B53EiA8G5mzpXD4M5YduE3ATiUa_iSbKHq9Wyhss83SAr2i2pJOOPd-uqmCA1O7T0foqe0fubC0spHG7M3TjoyRFHVgi_Oa81ZA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBhsG3qyIY8iSFrXEmLAP9pWcgALJntKxXPXqoYaIAcCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmpAqAcn4C7g7E-qAMBqgT2AU_QXzUKnrF0rJgwnSbYCVdS9UoWUErYrAFqns72v6t2SoTtTK-6drEI_a63wYkmgV-Q86xf0EoYWLYAH-FnZ4PJ-MTJd6ovDqZSD3JGdAqMod2hy-5qGaaj_XYqVgQOqB3_RilbCQn5G1aCnSUWqCu1FxIOzyVnXmq33_7MZKO_0jcbzlLaPVMqRcOFujtU-Q6T5p99ySJou-pjMh5KqI20VtXm-hRJOPpcfUjJXWlhTEs4imc4E-jL38dYGzkAtN62e6ndow0_Uo7zvQR1eWGFV-h7bUV0kLAuIEM1G5_LolxqwGMvvb5YPchX06mn8TG0KKya0IAGiYjw842givl7oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_37aB2ac7GrUgthl_bxH_EN0OdyJg%26client%3Dca-pub-6388735609415218%26adurl%3D
Frame ID: A4F5711BDEDA24EE1F33A14D505E1188
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&adk=3284590858&adf=1881589701&pi=t.aa~a.406515613~rp.1&w=595&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&to=qs&pwprc=7919631635&format=595x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534909&bpp=2&bdt=4739&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0&nras=2&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=1222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=d6rITNzilw&p=https%3A//anticollector.org.ua&dtd=17
Frame ID: 53F2D58C503DC5D8C69A773381FA001A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=408&adk=1892130580&adf=1283131272&pi=t.aa~a.3421766244~rp.4&w=587&lmt=1669901534&nsk=6bf5178c&rafmt=11&pwprc=7919631635&ad_type=text_image&format=587x408&url=https%3A%2F%2Fanticollector.org.ua%2F&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534934&bpp=2&bdt=4764&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0%2C595x280&nras=3&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=194&ady=1739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=768&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=YAFvPYmuFy&p=https%3A//anticollector.org.ua&dtd=27
Frame ID: E0817D1E771A56C95A088F0140450E36
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Frame ID: DE33DFA518D1F011F348D473E4538E80
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4828F95021AE7FB464AD1C81FE95DF4A
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/index.html
Frame ID: AB9F932C3D3925209611879E5CDC0DC8
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 5FD1AFBF7EBE59C08E9E83CC3F2510BB
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Frame ID: 7A049FDEFF50A7F15A0C3BB6A33BDE2A
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CNbNk36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPIBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJQjPJWocg86vTzmO1GS16jkjA6-v5ddENrwUAO66Vhwo-1V4Ti3WABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTYzODg3MzU2MDk0MTUyMTgYAA&sigh=4X2Gr1UMlE0&uach_m=[UACH]&cid=CAQSPADq26N9pCN5eaXcZbpL3QBRmB_9LW2cQ7m8nH2vJddeljekSN7wP08uq1H7xVz9Y_UVqBiuF_fHf-ddlRgBIBM&tpd=AGWhJmuvUTE_VBkK8d4YGgod0t5cHlKFISfBULt7ADgYa-6lydYhJhQep3G-tvPzTah1565fRTEH0TR2RxQ1L7p1fMuExzIHD6Yepu20HDBGdLshddT2-cW4QrvBTmEKwcn83GRz_kRG9SrVGvGxkkzwVy3gEtDjF8gRwYlOuOcOLvkAyigT3xcuusdsa_GaxMlqxwnVG0tdtEDVVrZfmvGx9HaZVxCUAfsHJGxuEpYfLIwoK7nEauf_38cIC1Lco-8_g5KlbTCEjftOJsZgxiJ7grkuv9GQXpu_u6u_vRyf2nliRAqF4HyKKAVwJkBxt8uhXsc0GTHoBceM5nGUYYejLyRk-Q0NQkE0SWHkI5-onekQLt4sZFBTAa1MSFPMwQB7H7e29ImP8WtGdPRslwiQoyQ2aKHJVOYdVsMP82DJj8-EqPWSNsCO_dy0VdeetotqV1PgVP3Mabr_vHnlBuwo26D12lK7q-xJnAMohwiPK0A5XhO7sQY26sAM6yhmVIfvY4Bdd2CyBOraFK5vEniZaVEY4n0sRGQoJQs8zvvxD0gDcDzGHp6Jj1S7Jq9h17OlVgjADAtTYLoWvCJgWEUF80JAXksNd3XfD-qxq0Pa6qH0BKd_ic0ISLj_xnOwKfbqlHsx4VYNefxPcvFUdsnH3j4nMbBXmsedhkiI44zzoBPosYUaMVTggBiveQ4QwXVCQKfobP5WBnhADmsOI-mFVxjVPJlx5u03f3xisR6zQ1HItR3LjGdy4jXfOf703s9f9dL6ahWOc3ah7LwEt-df604s_eyWVL6AkPgHlinHKjDSPgcRzmQxf7Kblx1kf1u9LXTzN02wF0GRpaoMJQgb3W7gFY7ui7960HCF1HhZz3sPnJts1LKw6iP5eOH-y-shx7fyZZIvuPHd00-1dRJI-J879y_D1aDfLBFNQA2wkZ_2n-PeGl4blGJtJsCNlDpbVYAyux76wzh30Ejyeia4M0-1TDKN3sdJQ0HM8gkGk06CWp_lJTU1l5fwpnvCTu9ERyFOi2ROflSVSfnriazNYPQ9JCnkHZ9PiX8H6PrpagQKIHaGBthGOpsO_Lcu0TlebCb3_tIMUjsPHJiSE9RcLZvj-XTizdrgzuhpn_UpMLZhlV23
Frame ID: 78DB9FBA6305773F5A6773317E1690C0
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 829FA60851C85DE91E60881E54D78AE7
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DB41F6CFD20629C5F709D9A21232960A
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js
Frame ID: 7B1AC51AF4DB4BDBCE026A53784F07BD
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 37E32BD1BC3BA459379914D8AD5825F7
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=53967400079930900951407012160013&actionid=981741&produktid=&dt_url=
Frame ID: 28678945322B1EF2DAF0C8C976142D90
Requests: 1 HTTP requests in this frame

Frame: https://hal900013.redintelligence.net/request_content.php?s=53967400079930900951407012160013&a=89f444ae
Frame ID: AE8DC96A73D3A2BC4DFD5A84AC65888A
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E2E1C73880713478CB79324D8AA57EEE
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 307F9E051D862EE807494081D8B55888
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A41668ED63558B8355C64C221938A3DA
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Антиколектор Україна | Антиколлектор Украина - Антиколектор Україна

Page URL History Show full URLs

http://anticollector.org.ua/ HTTP 301
https://anticollector.org.ua/ Page URL

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

175
Requests

91 %
HTTPS

54 %
IPv6

37
Domains

51
Subdomains

42
IPs

10
Countries

3791 kB
Transfer

6711 kB
Size

44
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/groups/anticollector.ukraine
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCukVE5TPy45YaApi8L3mnCA
Title: YouTube

Search URL Search Domain Scan URL

URL: https://anticollector.net/
Title: Форум

Search URL Search Domain Scan URL

URL: https://anticollector.in.ua/
Title: Адвокат антиколектор

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://anticollector.org.ua/ HTTP 301
https://anticollector.org.ua/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9839.f0ktzeGTjWKwdcTv1RVIH07COszDeMC8_Dp81FvpnjnBi3MGC2hn5Qdi9cGeIe6d.CO5WV6SN2YDL5t0-XlD44iVmYFg%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9839.zfnnFtgDVhHjtTT4F06Vnk9sGO7Fe7u7mjPuYZ03h-xpEHMAfSaVdu_ADSmiF4Wm6KmP-HVJeOeiZooBMc_Bcc2xtTtsXNn0CjlW9uCnSfw%2C.iDmTIHr_ccEx9sCInk2hTAWTFpI%2C

Request Chain 38

https://mc.yandex.com/watch/54277147?wmode=7&page-url=https%3A%2F%2Fanticollector.org.ua%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahfefmzcw94fsyu18inugs%3Afp%3A2702%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A464542157009%3Ahid%3A985747335%3Az%3A0%3Ai%3A20221201133214%3Aet%3A1669901534%3Ac%3A1%3Arn%3A384953724%3Arqn%3A1%3Au%3A1669901534255351494%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A37%2C261%2C1370%2C2%2C404%2C0%2C%2C3719%2C29%2C%2C%2C%2C5795%3Acpf%3A1%3Ans%3A1669901528092%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669901535%3At%3A%D0%90%D0%BD%D1%82%D0%B8%D0%BA%D0%BE%D0%BB%D0%B5%D0%BA%D1%82%D0%BE%D1%80%20%D0%A3%D0%BA%D1%80%D0%B0%D1%97%D0%BD%D0%B0%20%7C%20%D0%90%D0%BD%D1%82%D0%B8%D0%BA%D0%BE%D0%BB%D0%BB%D0%B5%D0%BA%D1%82%D0%BE%D1%80%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B0%20-%20%D0%90%D0%BD%D1%82%D0%B8%D0%BA%D0%BE%D0%BB%D0%B5%D0%BA%D1%82%D0%BE%D1%80%20%D0%A3%D0%BA%D1%80%D0%B0%D1%97%D0%BD%D0%B0&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rqnl(1)ti(2) HTTP 302
https://mc.yandex.com/watch/54277147/1?wmode=7&page-url=https%3A%2F%2Fanticollector.org.ua%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahfefmzcw94fsyu18inugs%3Afp%3A2702%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A464542157009%3Ahid%3A985747335%3Az%3A0%3Ai%3A20221201133214%3Aet%3A1669901534%3Ac%3A1%3Arn%3A384953724%3Arqn%3A1%3Au%3A1669901534255351494%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A37%2C261%2C1370%2C2%2C404%2C0%2C%2C3719%2C29%2C%2C%2C%2C5795%3Acpf%3A1%3Ans%3A1669901528092%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669901535%3At%3A%D0%90%D0%BD%D1%82%D0%B8%D0%BA%D0%BE%D0%BB%D0%B5%D0%BA%D1%82%D0%BE%D1%80%20%D0%A3%D0%BA%D1%80%D0%B0%D1%97%D0%BD%D0%B0%20%7C%20%D0%90%D0%BD%D1%82%D0%B8%D0%BA%D0%BE%D0%BB%D0%BB%D0%B5%D0%BA%D1%82%D0%BE%D1%80%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B0%20-%20%D0%90%D0%BD%D1%82%D0%B8%D0%BA%D0%BE%D0%BB%D0%B5%D0%BA%D1%82%D0%BE%D1%80%20%D0%A3%D0%BA%D1%80%D0%B0%D1%97%D0%BD%D0%B0&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rqnl%281%29ti%282%29

Request Chain 107

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 120

https://d.agkn.com/pixel/2175/?google_gid=CAESECr-8APUaT9hfZae-uwyrLo&google_cver=1&google_push=ASkJ3FYIUtOW_sBxjmI05NqtvUiZjHw-e5G0whWWmX2Q7G_2vUIiwnYs34-xM7thfqcFvCk9MjEAv6AO2z5UNjW4_Y8oq1pWWMo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FYIUtOW_sBxjmI05NqtvUiZjHw-e5G0whWWmX2Q7G_2vUIiwnYs34-xM7thfqcFvCk9MjEAv6AO2z5UNjW4_Y8oq1pWWMo&google_hm=Q0FFU0VDci04QVBVYVQ5aGZaYWUtdXd5ckxv

Request Chain 122

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIUnepw4fFBjrHvAOTfr4xQ&google_cver=1&google_push=ASkJ3FaZTZZSj-sH6fxTPzF9EMEfOa8H58smuQtiy6TvdFTKKvlp-r1aKaXXAFVcd38eOnw9UJZ73Gg0Gvxktk1LsdaepVQa_pI7 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIUnepw4fFBjrHvAOTfr4xQ&google_cver=1&google_push=ASkJ3FaZTZZSj-sH6fxTPzF9EMEfOa8H58smuQtiy6TvdFTKKvlp-r1aKaXXAFVcd38eOnw9UJZ73Gg0Gvxktk1LsdaepVQa_pI7&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Uw9mbSEzQ0-u6HeHI-gQfA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FaZTZZSj-sH6fxTPzF9EMEfOa8H58smuQtiy6TvdFTKKvlp-r1aKaXXAFVcd38eOnw9UJZ73Gg0Gvxktk1LsdaepVQa_pI7

Request Chain 123

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPJpqWztodbrKifPudkrH2w&google_cver=1&google_push=ASkJ3FYr5OSCp_mf8sZb6m9a7W4Pu13Sld3xJDXJ_7RwHT2U5xpg16mNhNG5U4rDWzbbaXbdzXpQQaY5rcJeIl3JA5uT99B7i7I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEI1NDlDMU0tMTAtNEZIVQ==&google_push=ASkJ3FYr5OSCp_mf8sZb6m9a7W4Pu13Sld3xJDXJ_7RwHT2U5xpg16mNhNG5U4rDWzbbaXbdzXpQQaY5rcJeIl3JA5uT99B7i7I

Request Chain 124

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_cver=1&google_push=ASkJ3FaibB81jDJsYjfFBei4C2J6nkS_PSvxsH28Pma7j0GfCjr8z-_ebNqN6qX9Xqq_Ejv_tcKnU4v4Oy-E8TGadyjrAYWAt7Bp HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_push=ASkJ3FaibB81jDJsYjfFBei4C2J6nkS_PSvxsH28Pma7j0GfCjr8z-_ebNqN6qX9Xqq_Ejv_tcKnU4v4Oy-E8TGadyjrAYWAt7Bp&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_hm=Y4is4NUZEbCEvFGO_fGR5QAABIEAAAAB&google_nid=index&google_push=ASkJ3FaibB81jDJsYjfFBei4C2J6nkS_PSvxsH28Pma7j0GfCjr8z-_ebNqN6qX9Xqq_Ejv_tcKnU4v4Oy-E8TGadyjrAYWAt7Bp

Request Chain 127

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 133

https://hal900013.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=7011f726ce&subid=&uid=f1ad287dc5f2a157&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DuMQok0vs8DlzcjiEc5CPPw%26exch_seat%3D20035004448%26mt_aid%3D1750618086544538247%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_cid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8ilt36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPUBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJADHoyCucV6xeaisewW3VflXU4VfzW8nsEsVAlFQ0mSYme8evjPhFW76ABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0hY10M73yN8roqckj2SbnLLlDF9g%2526client%253Dca-pub-6388735609415218%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6388735609415218%26output%3Dhtml%26h%3D280%26adk%3D3284590858%26adf%3D1881589701%26pi%3Dt.aa~a.406515613~rp.1%26w%3D595%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1669901534%26rafmt%3D1%26to%3Dqs%26pwprc%3D7919631635%26format%3D595x280%26url%3Dhttps%253A%252F%252Fanticollector.org.ua%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1669901534909%26bpp%3D2%26bdt%3D4739%26idt%3D2%26shv%3Dr20221110%26mjsv%3Dm202211150101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Db6a50ba13a16324e-222fc22105d800b1%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ%26gpic%3DUID%253D00000b8b23a8fda9%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg%26prev_fmts%3D1200x280%252C0x0%26nras%3D2%26correlator%3D5333894031731%26frm%3D20%26pv%3D1%26ga_vid%3D1555109461.1669901534%26ga_sid%3D1669901534%26ga_hid%3D1475740572%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D815%26ady%3D1222%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C42531705%252C44760911%252C31070993%252C44770880%252C44778739%252C21066434%26oid%3D2%26pvsid%3D140487002954298%26tmod%3D835132519%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D2%26fsb%3D1%26xpc%3Dd6rITNzilw%26p%3Dhttps%253A%2F%2Fanticollector.org.ua%26dtd%3D17&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fanticollector.org.ua&random=711028808477&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900013.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=7011f726ce&subid=&uid=f1ad287dc5f2a157&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DuMQok0vs8DlzcjiEc5CPPw%26exch_seat%3D20035004448%26mt_aid%3D1750618086544538247%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_cid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8ilt36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPUBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJADHoyCucV6xeaisewW3VflXU4VfzW8nsEsVAlFQ0mSYme8evjPhFW76ABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0hY10M73yN8roqckj2SbnLLlDF9g%2526client%253Dca-pub-6388735609415218%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6388735609415218%26output%3Dhtml%26h%3D280%26adk%3D3284590858%26adf%3D1881589701%26pi%3Dt.aa~a.406515613~rp.1%26w%3D595%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1669901534%26rafmt%3D1%26to%3Dqs%26pwprc%3D7919631635%26format%3D595x280%26url%3Dhttps%253A%252F%252Fanticollector.org.ua%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1669901534909%26bpp%3D2%26bdt%3D4739%26idt%3D2%26shv%3Dr20221110%26mjsv%3Dm202211150101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Db6a50ba13a16324e-222fc22105d800b1%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ%26gpic%3DUID%253D00000b8b23a8fda9%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg%26prev_fmts%3D1200x280%252C0x0%26nras%3D2%26correlator%3D5333894031731%26frm%3D20%26pv%3D1%26ga_vid%3D1555109461.1669901534%26ga_sid%3D1669901534%26ga_hid%3D1475740572%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D815%26ady%3D1222%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C42531705%252C44760911%252C31070993%252C44770880%252C44778739%252C21066434%26oid%3D2%26pvsid%3D140487002954298%26tmod%3D835132519%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D2%26fsb%3D1%26xpc%3Dd6rITNzilw%26p%3Dhttps%253A%2F%2Fanticollector.org.ua%26dtd%3D17&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fanticollector.org.ua&random=711028808477&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 135

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=53967400079930900951407012160013&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=53967400079930900951407012160013&actionid=981741&produktid=&dt_url=

Request Chain 139

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=53967400079930900951407012160013 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 142

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEC5RsRYfolTR6w2IsmVpqEo&google_cver=1&google_push=ASkJ3FYX7_OWx93rtB_WstRtQ6ZSs9799LPL5LlpifRE7uD6R2f0ufWgBsBvpktMAy6Ghjt4YcSXlIPNO4oyDPjeCbHoG9Cyebw HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ASkJ3FYX7_OWx93rtB_WstRtQ6ZSs9799LPL5LlpifRE7uD6R2f0ufWgBsBvpktMAy6Ghjt4YcSXlIPNO4oyDPjeCbHoG9Cyebw&google_hm=3qG-sZ8dNpkx165TMAJbgQ

Request Chain 143

https://id.rlcdn.com/466606.gif?cparams=google_push%3DASkJ3FYtsksW1iLuy5bdGpA8vz8teBUoOsLheqotRWoa5ZORDrDzJTJzlfqBvANUoYGblUKsMUznkKdpf-eiwW9yZXaqZ-2spQ&google_gid=CAESEHba4BIz-dv6g9-fL9B--Og&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCOLZopwGEgUI6AcQAEIASm5nb29nbGVfcHVzaD1BU2tKM0ZZdHNrc1cxaUx1eTViZEdwQTh2ejh0ZUJVb09zTGhlcW90UldvYTVaT1JEckR6SlRKemxmcUJ2QU5Vb1lHYmxVS3NNVXpua0tkcGYtZWl3Vzl5WlhhcVotMnNwUQ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwZWtJMzRDUDF1UGRGbEY4bVlxZUN5X0QxSmNWQ1ZPVkFkZGk1cmJPN0l3NA==&google_push

Request Chain 144

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3Fbr2HXHjbqxnsjRCKhXyTLfhIxtPumH7oR1hdpvFxxRJZe9b5-OGPIy8HVVsVaxf-sVnDG73GBHWcsDWm9Sjv6EflCrXQ&google_gid=CAESEPDyzcJRmxI9yauWdxFt_sU&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3Fbr2HXHjbqxnsjRCKhXyTLfhIxtPumH7oR1hdpvFxxRJZe9b5-OGPIy8HVVsVaxf-sVnDG73GBHWcsDWm9Sjv6EflCrXQ&google_gid=CAESEPDyzcJRmxI9yauWdxFt_sU&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEyMDExMzMyMTkwMDAxODI4NDIxOTIyNQ%3D%3D&google_push=ASkJ3Fbr2HXHjbqxnsjRCKhXyTLfhIxtPumH7oR1hdpvFxxRJZe9b5-OGPIy8HVVsVaxf-sVnDG73GBHWcsDWm9Sjv6EflCrXQ

Request Chain 146

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIUnepw4fFBjrHvAOTfr4xQ&google_cver=1&google_push=ASkJ3FZqVwUvFZ-I-EJjh2hQx1wXxyuiGFpyOaQTzEM_eygl0RwSGRTV88DMS5Di70X4_2DIr8Z3oE1AmeV7fRtJqqUxqwsFxEQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Uw9mbSEzQ0-u6HeHI-gQfA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FZqVwUvFZ-I-EJjh2hQx1wXxyuiGFpyOaQTzEM_eygl0RwSGRTV88DMS5Di70X4_2DIr8Z3oE1AmeV7fRtJqqUxqwsFxEQ

Request Chain 147

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPJpqWztodbrKifPudkrH2w&google_cver=1&google_push=ASkJ3FYm_kLBPA9_dywunxsfbmZFkpNvKjfxi0aJ2lFccksnLJmPlMj1iXPZOnMHPvBoMfW-S4oekiS_t_Vffw8FVqh62rfr3NM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEI1NDlESFAtVy1CNldS&google_push=ASkJ3FYm_kLBPA9_dywunxsfbmZFkpNvKjfxi0aJ2lFccksnLJmPlMj1iXPZOnMHPvBoMfW-S4oekiS_t_Vffw8FVqh62rfr3NM

Request Chain 148

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_cver=1&google_push=ASkJ3FaNZ9OOB630vrZpqBULxBIEpQRkoEXk3HcsljoOd5D_mFPNIAGbvh-ebPZ-GDLHnzCkAyrDnILIBY2r49cWOK14RaSNAaQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_hm=Y4is4NUZEbCEvFGO_fGR5QAABIEAAAAB&google_nid=index&google_push=ASkJ3FaNZ9OOB630vrZpqBULxBIEpQRkoEXk3HcsljoOd5D_mFPNIAGbvh-ebPZ-GDLHnzCkAyrDnILIBY2r49cWOK14RaSNAaQ

175 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
anticollector.org.ua/
Redirect Chain

http://anticollector.org.ua/
https://anticollector.org.ua/

38 KB
9 KB

1670ms
1369ms

Document
text/html

2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://anticollector.org.ua/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),

Reverse DNS

Software

nginx /

Resource Hash

38981dabf61e68a9dea4b02366b517f4059abd3630fd7a4243cc9985b72c3896

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: max-age=0, no-cache
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 01 Dec 2022 13:32:10 GMT
pragma: public
server: nginx
x-content-powered-by: K2 v2.10.3 (by JoomlaWorks)
x-content-type-options: nosniff
x-logged-in: False
x-page-speed: on
x-ray: p17866:1.199/wn26930:1.190/wa26930:D=1182574

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Thu, 01 Dec 2022 13:32:08 GMT
Location: https://anticollector.org.ua/
Server: nginx
x-ray: p17866:0.001/wn26930:0.000/

GET
H2 200 c18022fef57c5ed1d65e83a72a8bef77.css
anticollector.org.ua/media/com_jchoptimize/cache/css/ 289 KB
42 KB 177ms
177ms Stylesheet
text/css 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://anticollector.org.ua/media/com_jchoptimize/cache/css/c18022fef57c5ed1d65e83a72a8bef77.css
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 2826b314d203f10a05ddb585e23a88d70822dcf62270bf748160f9789f2464a9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.000/wn26930:0.000/
content-encoding: br
last-modified: Thu, 01 Dec 2022 13:32:09 GMT
server: nginx
etag: W/"6388acd9-48448"
content-type: text/css
cache-control: max-age=604800
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 AU5.png
anticollector.org.ua/images/ 4 KB
4 KB 87ms
86ms Image
image/png 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anticollector.org.ua/images/AU5.png
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: ff975fc7dac9445cff3dff896856282324313ff0c5f90fb3d1f1407f525030ec

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.000/wn26930:0.000/
last-modified: Wed, 25 May 2022 11:35:26 GMT
server: nginx
etag: "628e147e-f39"
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
content-length: 3897
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 ce7646a74c54cecf1c05442c71f02147_L.jpg
anticollector.org.ua/media/k2/items/cache/ 101 KB
102 KB 415ms
413ms Image
image/jpeg 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anticollector.org.ua/media/k2/items/cache/ce7646a74c54cecf1c05442c71f02147_L.jpg?t=20220525_070559
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 0391b2318552e6f3d71436133e26e43b25828750a63c5639135848cbdc77197b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.000/wn26930:0.000/
last-modified: Wed, 25 May 2022 07:02:34 GMT
server: nginx
etag: "628dd48a-19574"
content-type: image/jpeg
cache-control: max-age=604800
accept-ranges: bytes
content-length: 103796
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 ee68a9df1200997b07be8fb0bbdb9f29_L.jpg
anticollector.org.ua/media/k2/items/cache/ 143 KB
143 KB 415ms
413ms Image
image/jpeg 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anticollector.org.ua/media/k2/items/cache/ee68a9df1200997b07be8fb0bbdb9f29_L.jpg?t=20220524_134033
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 9e77df1224664223b153ca61f64f84af7eb813103dcda83f06eb05d2e2da123e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.000/wn26930:0.000/
last-modified: Tue, 24 May 2022 13:35:56 GMT
server: nginx
etag: "628cdf3c-23b0e"
content-type: image/jpeg
cache-control: max-age=604800
accept-ranges: bytes
content-length: 146190
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 a9ccd7cd1c4267a50c67ac0bd7180172_L.jpg
anticollector.org.ua/media/k2/items/cache/ 336 KB
337 KB 415ms
413ms Image
image/jpeg 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anticollector.org.ua/media/k2/items/cache/a9ccd7cd1c4267a50c67ac0bd7180172_L.jpg?t=20220123_203445
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 4b2d5acc6180fff6eb5947e379987644c41a405f021909760f265e66d70e9eea

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.000/wn26930:0.000/
last-modified: Sun, 23 Jan 2022 20:34:45 GMT
server: nginx
etag: "61edbbe5-54097"
content-type: image/jpeg
cache-control: max-age=604800
accept-ranges: bytes
content-length: 344215
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 b8cc41f2c23fcd5970f74c3c49efafec_L.jpg
anticollector.org.ua/media/k2/items/cache/ 209 KB
209 KB 414ms
412ms Image
image/jpeg 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anticollector.org.ua/media/k2/items/cache/b8cc41f2c23fcd5970f74c3c49efafec_L.jpg?t=20220114_191243
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: bcb090ec7d9af7f7c9ff7c03aaabd1099ef175e022203f0e8f53ae197ea47bbe

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.000/wn26930:0.000/
last-modified: Fri, 14 Jan 2022 19:12:16 GMT
server: nginx
etag: "61e1cb10-3436c"
content-type: image/jpeg
cache-control: max-age=604800
accept-ranges: bytes
content-length: 213868
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 171fc14b49a79ea979710de5b3402b30_L.jpg
anticollector.org.ua/media/k2/items/cache/ 231 KB
232 KB 413ms
412ms Image
image/jpeg 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anticollector.org.ua/media/k2/items/cache/171fc14b49a79ea979710de5b3402b30_L.jpg?t=20220516_140955
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 2b4a69c09096c1feb3207b866d55b8117a2c253f95346a92c8205efe479f8cc2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.000/wn26930:0.000/
last-modified: Mon, 16 May 2022 14:07:40 GMT
server: nginx
etag: "62825aac-39c06"
content-type: image/jpeg
cache-control: max-age=604800
accept-ranges: bytes
content-length: 236550
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 1d36d23b156ead252433d4ce2c21c387_L.jpg
anticollector.org.ua/media/k2/items/cache/ 243 KB
244 KB 413ms
412ms Image
image/jpeg 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anticollector.org.ua/media/k2/items/cache/1d36d23b156ead252433d4ce2c21c387_L.jpg?t=20220102_121414
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 34c3e24b7b45572b7fb1479858a6698faf49ba8633684108057c89f99b1be0ce

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.000/wn26930:0.000/
last-modified: Sun, 02 Jan 2022 12:02:24 GMT
server: nginx
etag: "61d19450-3cd7b"
content-type: image/jpeg
cache-control: max-age=604800
accept-ranges: bytes
content-length: 249211
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 5fa21cd9e0d2531a2f1dfdffbab46f70_L.jpg
anticollector.org.ua/media/k2/items/cache/ 188 KB
188 KB 415ms
413ms Image
image/jpeg 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anticollector.org.ua/media/k2/items/cache/5fa21cd9e0d2531a2f1dfdffbab46f70_L.jpg?t=20220526_151636
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 2f1b9717110d9ad289486575210cc2a3fdc27e5b33582a78ec7cf1bb9d841902

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.000/wn26930:0.000/
last-modified: Thu, 26 May 2022 11:21:47 GMT
server: nginx
etag: "628f62cb-2f027"
content-type: image/jpeg
cache-control: max-age=604800
accept-ranges: bytes
content-length: 192551
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 f7abac252ae5ed68121b92ba7a669d87_L.jpg
anticollector.org.ua/media/k2/items/cache/ 273 KB
273 KB 415ms
414ms Image
image/jpeg 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anticollector.org.ua/media/k2/items/cache/f7abac252ae5ed68121b92ba7a669d87_L.jpg?t=20220417_104046
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 1d065f7c0127b37d317d38b26bbd6b321910c9c1fc541d100239e2a1d9c45a63

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.000/wn26930:0.000/
last-modified: Sun, 17 Apr 2022 10:34:45 GMT
server: nginx
etag: "625bed45-442e4"
content-type: image/jpeg
cache-control: max-age=604800
accept-ranges: bytes
content-length: 279268
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 58695e35619ff814646f921b70cbd4a2.js Show response
anticollector.org.ua/media/com_jchoptimize/cache/js/ 687 KB
201 KB 416ms
414ms Script
application/javascript 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://anticollector.org.ua/media/com_jchoptimize/cache/js/58695e35619ff814646f921b70cbd4a2.js
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 7a0158ae026f1947523506999991c79e3097546da67b3fd7f1da3ac58a4579fd

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.030/wn26930:0.000/
content-encoding: br
last-modified: Thu, 01 Dec 2022 13:32:10 GMT
server: nginx
etag: W/"6388acda-abbc8"
content-type: application/javascript
cache-control: max-age=604800
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 li.png
anticollector.org.ua/templates/jm-joomads-ef4/images/ 212 B
430 B 247ms
246ms Image
image/png 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anticollector.org.ua/templates/jm-joomads-ef4/images/li.png
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/css/c18022fef57c5ed1d65e83a72a8bef77.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 28b0e460380f4ddd576c5e0a124589371f8134d0627f797be8845b90d16f36d9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/media/com_jchoptimize/cache/css/c18022fef57c5ed1d65e83a72a8bef77.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.000/wn26930:0.000/
last-modified: Tue, 21 Jan 2020 10:19:21 GMT
server: nginx
etag: "5e26d029-d4"
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
content-length: 212
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
9 KB 245ms
129ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/css/c18022fef57c5ed1d65e83a72a8bef77.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Origin: https://anticollector.org.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 21:51:35 GMT
x-content-type-options: nosniff
age: 229235
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9628
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 21:51:35 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 171ms
54ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/css/c18022fef57c5ed1d65e83a72a8bef77.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Origin: https://anticollector.org.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 13:14:53 GMT
x-content-type-options: nosniff
age: 519437
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Nov 2023 13:14:53 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
10 KB 231ms
115ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/css/c18022fef57c5ed1d65e83a72a8bef77.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Origin: https://anticollector.org.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 20:29:43 GMT
x-content-type-options: nosniff
age: 234147
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9644
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 20:29:43 GMT

GET
H2 200 footer-bg.png
anticollector.org.ua/templates/jm-joomads-ef4/images/ 104 B
322 B 237ms
237ms Image
image/png 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anticollector.org.ua/templates/jm-joomads-ef4/images/footer-bg.png
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/css/c18022fef57c5ed1d65e83a72a8bef77.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: e98e764f60abf8a5d2086f537d3eff9d482bc891db6448ae115bea4f712cc1c7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/media/com_jchoptimize/cache/css/c18022fef57c5ed1d65e83a72a8bef77.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.011/wn26930:0.000/
last-modified: Tue, 21 Jan 2020 10:19:21 GMT
server: nginx
etag: "5e26d029-68"
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
content-length: 104
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 backtotop.png
anticollector.org.ua/templates/jm-joomads-ef4/images/ 125 B
343 B 237ms
237ms Image
image/png 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anticollector.org.ua/templates/jm-joomads-ef4/images/backtotop.png
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/css/c18022fef57c5ed1d65e83a72a8bef77.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: 01ad61902bf6a98421542df2e3ad09266d6b9f4d2ad4ba0928dcf76b1242a8f3

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/media/com_jchoptimize/cache/css/c18022fef57c5ed1d65e83a72a8bef77.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:10 GMT
x-ray: p17866:0.000/wn26930:0.000/
last-modified: Tue, 21 Jan 2020 10:19:21 GMT
server: nginx
etag: "5e26d029-7d"
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
content-length: 125
expires: Thu, 08 Dec 2022 13:32:10 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 174ms
67ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/css/c18022fef57c5ed1d65e83a72a8bef77.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Origin: https://anticollector.org.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 05:09:29 GMT
x-content-type-options: nosniff
age: 548561
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Nov 2023 05:09:29 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/ Frame E2C4 10 KB
5 KB 185ms
57ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/js/58695e35619ff814646f921b70cbd4a2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 10207
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 10:42:07 GMT
etag: 10353107486223812946
expires: Thu, 15 Dec 2022 10:42:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/ 354 KB
117 KB 275ms
156ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/js/58695e35619ff814646f921b70cbd4a2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41350407120b6ce8b562ae0e7d7245424a11b200b5aebb5b955f888ed4c2b6c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119180
x-xss-protection: 0
server: cafe
etag: 825149829676017089
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Dec 2022 13:32:14 GMT

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 209 KB
72 KB 439ms
199ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/js/58695e35619ff814646f921b70cbd4a2.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

d2ba77c35106fd4575a7fa3a09aadd3b81b8af4059e9a9bd2ac903552ca52401

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Wed, 30 Nov 2022 16:40:22 GMT
etag: "63875d46-11e96"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 73366
expires: Thu, 01 Dec 2022 14:32:14 GMT

GET
H2 200 xfbml.customerchat.js Show response
connect.facebook.net/ru_RU/sdk/ 316 KB
90 KB 169ms
57ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/ru_RU/sdk/xfbml.customerchat.js

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/js/58695e35619ff814646f921b70cbd4a2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e4cf9a22cdaeac879d2a6982fd06dcf8fb34d796a11c18327266496708265a19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 01 Dec 2022 13:32:14 GMT
content-md5: TmN4vPGu2BI3j9uXWxe9rg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 91151
x-fb-rlafr: 0
x-fb-debug: Ua9+fehLZ/7JFg2egQB2a9jZXHvwlazKU7BjanALBP3Cg3D0cAcMP9a+Y4JyphsXXTIGv7peyR6YeDRN32jT3A==
x-fb-trip-id: 917726464
x-fb-content-md5: 966cf66acfcdaef4d1ba9ae953c3da04
cross-origin-opener-policy: same-origin-allow-popups
etag: "9d717b32f25e4b9b9f616d0fed837a4b"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
priority: u=3,i
expires: Thu, 01 Dec 2022 13:45:12 GMT

POST
H2 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 311ms
196ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/js/58695e35619ff814646f921b70cbd4a2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://anticollector.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 407 B
704 B 181ms
62ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=anticollector.org.ua&callback=_gfp_s_&client=ca-pub-6388735609415218&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8edb834b12a3b8b75cdf59db6274d4d7075e8f8bcfa7c6718dbca8b3c16b11ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 259
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 183ms
64ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=anticollector.org.ua

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 193ms
67ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=anticollector.org.ua

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 776D 23 KB
10 KB 403ms
401ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&slotname=8547202806&adk=3599503499&adf=2449756301&pi=t.ma~as.8547202806&w=1200&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&format=1200x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901533849&bpp=7&bdt=3679&idt=430&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&correlator=5333894031731&frm=20&pv=2&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=190&ady=2330&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=5og0LUA1yj&p=https%3A//anticollector.org.ua&dtd=466

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0874a717c04a968a0809d91eff55256d29b591341bac355b21610cce937b784

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 9928
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 13:32:14 GMT
expires: Thu, 01 Dec 2022 13:32:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BAE0 306 KB
80 KB 404ms
403ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&adk=1812271804&adf=3025194257&lmt=1669901534&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fanticollector.org.ua%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901533856&bpp=2&bdt=3686&idt=473&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&nras=1&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=481

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b216e2c3d9a85f190a3a48d712fcf97937f17e2602293613cda53b142cbe0079

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 81636
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 13:32:14 GMT
expires: Thu, 01 Dec 2022 13:32:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 202ms
199ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://anticollector.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2

400

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9839.f0ktzeGTjWKwdcTv1RVIH07COszDeMC8_Dp81FvpnjnBi3MGC2hn5Qdi9cGeIe6d.CO5WV6SN2YDL5t0-XlD44iVmYFg%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9839.zfnnFtgDVhHjtTT4F06Vnk9sGO7Fe7u7mjPuYZ03h-xpEHMAfSaVdu_ADSmiF4Wm6KmP-HVJeOeiZooBMc_Bcc2xtTtsXNn0CjlW9uCnSfw%2C.iDmTIHr_ccEx9sCInk2hTAWTFpI%2C

75 B
75 B

103ms
102ms

Image
text/html

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9839.zfnnFtgDVhHjtTT4F06Vnk9sGO7Fe7u7mjPuYZ03h-xpEHMAfSaVdu_ADSmiF4Wm6KmP-HVJeOeiZooBMc_Bcc2xtTtsXNn0CjlW9uCnSfw%2C.iDmTIHr_ccEx9sCInk2hTAWTFpI%2C

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:14 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9839.zfnnFtgDVhHjtTT4F06Vnk9sGO7Fe7u7mjPuYZ03h-xpEHMAfSaVdu_ADSmiF4Wm6KmP-HVJeOeiZooBMc_Bcc2xtTtsXNn0CjlW9uCnSfw%2C.iDmTIHr_ccEx9sCInk2hTAWTFpI%2C
date: Thu, 01 Dec 2022 13:32:14 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET sync_cookie_image_check
mc.yandex.ua/ 0
0

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
112 B 112ms
100ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:14 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 30 Nov 2022 16:40:22 GMT
etag: "63875d46-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Thu, 01 Dec 2022 14:32:14 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 776D 3 KB
1 KB 177ms
60ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&slotname=8547202806&adk=3599503499&adf=2449756301&pi=t.ma~as.8547202806&w=1200&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&format=1200x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901533849&bpp=7&bdt=3679&idt=430&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&correlator=5333894031731&frm=20&pv=2&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=190&ady=2330&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=5og0LUA1yj&p=https%3A//anticollector.org.ua&dtd=466

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 12:27:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3910
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Dec 2022 12:27:04 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 776D 18 KB
8 KB 171ms
54ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4201
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Dec 2022 12:22:13 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 776D 0
0 98ms
97ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C8SQH3qyIY8iSFrXEmLAP9pWcgALJntKxXPXqoYaIAcCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmpAqAcn4C7g7E-qAMBqgTzAU_QXzUKnrF0rJgwnSbYCVdS9UoWUErYrAFqns72v6t2SoTtTK-6drEI_a63wYkmgV-Q86xf0EoYWLYAH-FnZ4PJ-MTJd6ovDqZSD3JGdAqMod2hy-5qGaaj_XYqVgQOqB3_RilbCQn5G1aCnSUWqCu1FxIOzyVnXmq33_7MZKO_0jcbzlLaPVMqRcOFujtU-Q6T5p99ySJou-pjMh5KqI20VtXm-hRJOPpcfUjJXWlhTEs4imc4E-jL38dYGzkAtN62e6ndow0_Uo7zvQQ3e0AX0GfnfvrohBP-HeXNEovBFFZE2OGbdYP-z3dJ_7EiW7Wnl4AGiYjw842givl7oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi02Mzg4NzM1NjA5NDE1MjE4GAA&sigh=1VcYDVFAxOk&uach_m=[UACH]&cid=CAQSGwDq26N9ke1EqH9BIMS94w4mjNZZ_j7YMt7jChgBIBM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&slotname=8547202806&adk=3599503499&adf=2449756301&pi=t.ma~as.8547202806&w=1200&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&format=1200x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901533849&bpp=7&bdt=3679&idt=430&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&correlator=5333894031731&frm=20&pv=2&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=190&ady=2330&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=5og0LUA1yj&p=https%3A//anticollector.org.ua&dtd=466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 01 Dec 2022 13:32:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 01 Dec 2022 13:32:14 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 776D 0
0 223ms
64ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kv79Esz6RLAJmAKdg2ICAgAAAAoliXpm8l8o4K2o3xDdrIhjUCfCt34txiKTrOYAEgAA&wp=Y4is3gAFiUgABiI1AAcK9j6KKjedLBcAXubv4w

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:14 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 281882
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame A4F5 146 KB
47 KB 305ms
150ms Document
text/html 2a02:2638::b
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Y4is3gAFiUgABiI1AAcK9j6KKjedLBcAXubv4w&u=%7CW5IxFvJ7wZefacEJqLJYeGj1IuwYJC2G1XFyQWmX1QM%3D%7C&c1=0n2XosTo5clc2Y5hvSIf5mYMGd9qs4qlgkCe6-ijoCRMK1mCmTgIbqIDMD2xRulRs1WR3SMSMjCWyaziM01RkDUE08YidAPi7kXn9eSUHrm0nRShpt89-WrFatA-avYEiIxAEzI5dRoi8UVdI10WmhT4YR07EJaeUbEQ3GheawrYwu4bo5coz53i5RvHk3wN6OH3nBI5pf2TnEVvwrIQH9C1gflnU9_aZqC47xIsVgAYYO4Hw7aUvPomdECUwFSB0GX3siCMZ32iiYzO1FcjA6f0aVXRD1BWFxC4FteuQPPlb1jmPBftZPaySXuW0Ah3KYgXJIboZ9vvuCS2FF2525PHJeRjqqzkxTb99N8ggqbIgkPDMdSopzbMPugeoqkAmOnCu88NOX_GQfUb2K0IqYPNSSbGsvGZoLaJim1un6WOWJh_16UYCOTkcbCYYbQDnPRfNHf6isw2Xl6uIop58pXu76ZS9BneinCgimEnk-OwFbiIlj9gco4IROqlOcTMNvOEMXy9DO7_owJPdZoKWIjSe5M4qo0Wg6OvEV37B53EiA8G5mzpXD4M5YduE3ATiUa_iSbKHq9Wyhss83SAr2i2pJOOPd-uqmCA1O7T0foqe0fubC0spHG7M3TjoyRFHVgi_Oa81ZA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBhsG3qyIY8iSFrXEmLAP9pWcgALJntKxXPXqoYaIAcCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmpAqAcn4C7g7E-qAMBqgT2AU_QXzUKnrF0rJgwnSbYCVdS9UoWUErYrAFqns72v6t2SoTtTK-6drEI_a63wYkmgV-Q86xf0EoYWLYAH-FnZ4PJ-MTJd6ovDqZSD3JGdAqMod2hy-5qGaaj_XYqVgQOqB3_RilbCQn5G1aCnSUWqCu1FxIOzyVnXmq33_7MZKO_0jcbzlLaPVMqRcOFujtU-Q6T5p99ySJou-pjMh5KqI20VtXm-hRJOPpcfUjJXWlhTEs4imc4E-jL38dYGzkAtN62e6ndow0_Uo7zvQR1eWGFV-h7bUV0kLAuIEM1G5_LolxqwGMvvb5YPchX06mn8TG0KKya0IAGiYjw842givl7oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_37aB2ac7GrUgthl_bxH_EN0OdyJg%26client%3Dca-pub-6388735609415218%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::b , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9027689c78983c51df2d629bfe51b73bddacd1f0ce1f602b6e57e084ccbd3d8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 13:32:14 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=sFGa3mn0P-sSUZ_0DukbWhbH_8uahUoVi2JDGck4ai5mVa_fgVoNCoTnyEtQK4qR52WDSVQNqjKwCPc4aU3Gx99XGH4N9zzK2r0FFwOcHGmDzZMOjKtXzhgSaYxAFLVxiC0MS4My1IHxx9TFpmmJJLiP9rhcfj7u65TNl04eeN4JObcWUeiMrqA7p_35w2jRG9g4wO2mB7cg2byXe0KN3z-FjrFw2iLMbdrgrQ13HAJTlqscJ7_Af0-62GcD72silYmbwQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 86685010
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 776D 154 KB
48 KB 236ms
85ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 13:32:14 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/54277147/
Redirect Chain

https://mc.yandex.com/watch/54277147?wmode=7&page-url=https%3A%2F%2Fanticollector.org.ua%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahfefmzcw94fsyu18inugs%3Afp%3A2702%3Afu%3A0%3Aen%3Aut...
https://mc.yandex.com/watch/54277147/1?wmode=7&page-url=https%3A%2F%2Fanticollector.org.ua%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahfefmzcw94fsyu18inugs%3Afp%3A2702%3Afu%3A0%3Aen%3A...

454 B
611 B

108ms
107ms

XHR
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/54277147/1?wmode=7&page-url=https%3A%2F%2Fanticollector.org.ua%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahfefmzcw94fsyu18inugs%3Afp%3A2702%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A464542157009%3Ahid%3A985747335%3Az%3A0%3Ai%3A20221201133214%3Aet%3A1669901534%3Ac%3A1%3Arn%3A384953724%3Arqn%3A1%3Au%3A1669901534255351494%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A37%2C261%2C1370%2C2%2C404%2C0%2C%2C3719%2C29%2C%2C%2C%2C5795%3Acpf%3A1%3Ans%3A1669901528092%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669901535%3At%3A%D0%90%D0%BD%D1%82%D0%B8%D0%BA%D0%BE%D0%BB%D0%B5%D0%BA%D1%82%D0%BE%D1%80%20%D0%A3%D0%BA%D1%80%D0%B0%D1%97%D0%BD%D0%B0%20%7C%20%D0%90%D0%BD%D1%82%D0%B8%D0%BA%D0%BE%D0%BB%D0%BB%D0%B5%D0%BA%D1%82%D0%BE%D1%80%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B0%20-%20%D0%90%D0%BD%D1%82%D0%B8%D0%BA%D0%BE%D0%BB%D0%B5%D0%BA%D1%82%D0%BE%D1%80%20%D0%A3%D0%BA%D1%80%D0%B0%D1%97%D0%BD%D0%B0&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rqnl%281%29ti%282%29

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

17a97499d0b307fb75f4db6a8033b6c23f01fded59600bfaebe3bfdbd4051a53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:15 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Thu, 01-Dec-2022 13:32:15 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://anticollector.org.ua
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 454
x-xss-protection: 1; mode=block
expires: Thu, 01-Dec-2022 13:32:15 GMT

Redirect headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:14 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 01-Dec-2022 13:32:14 GMT
location: /watch/54277147/1?wmode=7&page-url=https%3A%2F%2Fanticollector.org.ua%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahfefmzcw94fsyu18inugs%3Afp%3A2702%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A464542157009%3Ahid%3A985747335%3Az%3A0%3Ai%3A20221201133214%3Aet%3A1669901534%3Ac%3A1%3Arn%3A384953724%3Arqn%3A1%3Au%3A1669901534255351494%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A37%2C261%2C1370%2C2%2C404%2C0%2C%2C3719%2C29%2C%2C%2C%2C5795%3Acpf%3A1%3Ans%3A1669901528092%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669901535%3At%3A%D0%90%D0%BD%D1%82%D0%B8%D0%BA%D0%BE%D0%BB%D0%B5%D0%BA%D1%82%D0%BE%D1%80%20%D0%A3%D0%BA%D1%80%D0%B0%D1%97%D0%BD%D0%B0%20%7C%20%D0%90%D0%BD%D1%82%D0%B8%D0%BA%D0%BE%D0%BB%D0%BB%D0%B5%D0%BA%D1%82%D0%BE%D1%80%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B0%20-%20%D0%90%D0%BD%D1%82%D0%B8%D0%BA%D0%BE%D0%BB%D0%B5%D0%BA%D1%82%D0%BE%D1%80%20%D0%A3%D0%BA%D1%80%D0%B0%D1%97%D0%BD%D0%B0&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rqnl%281%29ti%282%29
access-control-allow-origin: https://anticollector.org.ua
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Thu, 01-Dec-2022 13:32:14 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/ 150 KB
51 KB 290ms
164ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d4118a1f83ded73eb3b75e9da89c61f1b093e7883cfad18a54c701c09ff820ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52280
x-xss-protection: 0
server: cafe
etag: 472867335303145994
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Dec 2022 13:32:15 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 181ms
63ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=anticollector.org.ua

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 175ms
63ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=anticollector.org.ua

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 53F2 32 KB
13 KB 377ms
366ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&adk=3284590858&adf=1881589701&pi=t.aa~a.406515613~rp.1&w=595&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&to=qs&pwprc=7919631635&format=595x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534909&bpp=2&bdt=4739&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0&nras=2&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=1222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=d6rITNzilw&p=https%3A//anticollector.org.ua&dtd=17

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3429a6ce96639fbf33e766a7619a373a5fd59b151c85951c02cfea660dfdc7b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 13371
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 13:32:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E081 68 KB
22 KB 364ms
353ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=408&adk=1892130580&adf=1283131272&pi=t.aa~a.3421766244~rp.4&w=587&lmt=1669901534&nsk=6bf5178c&rafmt=11&pwprc=7919631635&ad_type=text_image&format=587x408&url=https%3A%2F%2Fanticollector.org.ua%2F&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534934&bpp=2&bdt=4764&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0%2C595x280&nras=3&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=194&ady=1739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=768&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=YAFvPYmuFy&p=https%3A//anticollector.org.ua&dtd=27

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1158ea0e2535669d45983072d8e00fa1a90ca829f51ecdd5627b1c66235cbb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 22227
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 13:32:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 10 KB
10 KB 195ms
77ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/css/c18022fef57c5ed1d65e83a72a8bef77.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Origin: https://anticollector.org.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 01:24:30 GMT
x-content-type-options: nosniff
age: 43665
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9840
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 01:24:30 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 172ms
57ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/media/com_jchoptimize/cache/css/c18022fef57c5ed1d65e83a72a8bef77.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Origin: https://anticollector.org.ua
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 20:10:25 GMT
x-content-type-options: nosniff
age: 62510
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:10:25 GMT

GET
DATA 200
OK truncated
/ Frame 776D 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 59e440bfeec280d15e03681769d46a18b92dc3da7db732003faa9f24ed818884

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 203ms
203ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://anticollector.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/ Frame DE33 10 KB
4 KB 62ms
55ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 10098
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 10:43:57 GMT
etag: 10353107486223812946
expires: Thu, 15 Dec 2022 10:43:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/ Frame 4828 10 KB
4 KB 62ms
56ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 10098
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 10:43:57 GMT
etag: 10353107486223812946
expires: Thu, 15 Dec 2022 10:43:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame A4F5 2 KB
1 KB 186ms
54ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y4is3gAFiUgABiI1AAcK9j6KKjedLBcAXubv4w&u=%7CW5IxFvJ7wZefacEJqLJYeGj1IuwYJC2G1XFyQWmX1QM%3D%7C&c1=0n2XosTo5clc2Y5hvSIf5mYMGd9qs4qlgkCe6-ijoCRMK1mCmTgIbqIDMD2xRulRs1WR3SMSMjCWyaziM01RkDUE08YidAPi7kXn9eSUHrm0nRShpt89-WrFatA-avYEiIxAEzI5dRoi8UVdI10WmhT4YR07EJaeUbEQ3GheawrYwu4bo5coz53i5RvHk3wN6OH3nBI5pf2TnEVvwrIQH9C1gflnU9_aZqC47xIsVgAYYO4Hw7aUvPomdECUwFSB0GX3siCMZ32iiYzO1FcjA6f0aVXRD1BWFxC4FteuQPPlb1jmPBftZPaySXuW0Ah3KYgXJIboZ9vvuCS2FF2525PHJeRjqqzkxTb99N8ggqbIgkPDMdSopzbMPugeoqkAmOnCu88NOX_GQfUb2K0IqYPNSSbGsvGZoLaJim1un6WOWJh_16UYCOTkcbCYYbQDnPRfNHf6isw2Xl6uIop58pXu76ZS9BneinCgimEnk-OwFbiIlj9gco4IROqlOcTMNvOEMXy9DO7_owJPdZoKWIjSe5M4qo0Wg6OvEV37B53EiA8G5mzpXD4M5YduE3ATiUa_iSbKHq9Wyhss83SAr2i2pJOOPd-uqmCA1O7T0foqe0fubC0spHG7M3TjoyRFHVgi_Oa81ZA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBhsG3qyIY8iSFrXEmLAP9pWcgALJntKxXPXqoYaIAcCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmpAqAcn4C7g7E-qAMBqgT2AU_QXzUKnrF0rJgwnSbYCVdS9UoWUErYrAFqns72v6t2SoTtTK-6drEI_a63wYkmgV-Q86xf0EoYWLYAH-FnZ4PJ-MTJd6ovDqZSD3JGdAqMod2hy-5qGaaj_XYqVgQOqB3_RilbCQn5G1aCnSUWqCu1FxIOzyVnXmq33_7MZKO_0jcbzlLaPVMqRcOFujtU-Q6T5p99ySJou-pjMh5KqI20VtXm-hRJOPpcfUjJXWlhTEs4imc4E-jL38dYGzkAtN62e6ndow0_Uo7zvQR1eWGFV-h7bUV0kLAuIEM1G5_LolxqwGMvvb5YPchX06mn8TG0KKya0IAGiYjw842givl7oAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_37aB2ac7GrUgthl_bxH_EN0OdyJg%26client%3Dca-pub-6388735609415218%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 26 Nov 2023 13:32:15 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame A4F5 2 KB
1 KB 194ms
62ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 26 Nov 2023 13:32:15 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame A4F5 308 B
636 B 187ms
58ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 26 Nov 2023 13:32:15 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame A4F5 293 B
621 B 233ms
105ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 26 Nov 2023 13:32:15 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame A4F5 43 B
348 B 242ms
66ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=DoXb0hFmQ0aXkbqymCTlEtxoLglxlT6lU4698R41T7EDJAmeYwhYBwwkxMgxrUiC3BjpGjYz9W_lQgFbPGKjmVZJ_bxJyMuhKT_m_eTiZqgTHeFKjYZs3Ta1WVcrsy2Swr8I4v47-FD0URf4OYiKdhOviHZksSODJVwMqodsGuH2RxQK5T9gRAte4qhKYe_B1blzId9WLWpmigtoXrcIRkJbUrs80NKXUP_n_JiT94RM8NPS5B2YhjMkQJSZTuyfbPD-P7dM4HE61hEYoLPBcgtxyqndXm5HaonFvxT7r9ngY4AkM5pP30MIRbQoKifFm-ygjVeRS8B2P-0Bw6-DuNlJOh_7S7ZO4mXZfwrR_YpwWEIFNCWx7nqd9pQfBWkM8XUUWNfE6nNuodPg3ynCLt62qzsiXh2WJ3pALpmyK369ffN6b7Tlq7ZxZbnDLK2WjSxFRg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:14 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3796678
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame A4F5 12 KB
5 KB 172ms
50ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 110838
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=13JYINQU4mOcPm6vALE3Kx3ikn1KtKX3%2FhRc7CpFhHeVryQ0OZD4THLSqIIkqKu7N3wcMts9OvGMORqVubhmEFxnM1aqq5KzY64rik3OS31TMyTy65r3ImqBkGtHVIypgV5k1nRdEn0hHymgTrEa%2FBe%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 772c30155a4076e7-LHR
expires: Tue, 21 Nov 2023 13:32:15 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame A4F5 12 KB
6 KB 172ms
56ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 26 Nov 2023 13:32:15 GMT

GET
H2 200 9af63da692984f7884d89dad36906685_makeitsans-bold.woff
static.criteo.net/design/dt/ Frame A4F5 58 KB
58 KB 289ms
175ms Font
application/octet-stream 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/9af63da692984f7884d89dad36906685_makeitsans-bold.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ebb2026eba76b777cd1cc6d694a4609324304eeb1129a9fe0fb5a616590cc3ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 05 Feb 2020 10:30:18 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e3a993a-e7e4"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 26 Nov 2023 13:32:15 GMT

GET
H2 200 bb3faf863f1b470cb6abbfbf9cd4e6c1_makeitsans-regular.woff
static.criteo.net/design/dt/ Frame A4F5 56 KB
56 KB 223ms
110ms Font
application/octet-stream 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/bb3faf863f1b470cb6abbfbf9cd4e6c1_makeitsans-regular.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

09fe7be89711f0dc0ba47ab8a1a1865df7b660a1f1359d29c4c3445683d2f61f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 05 Feb 2020 10:30:18 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e3a993a-de74"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 26 Nov 2023 13:32:15 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A4F5 11 KB
11 KB 175ms
56ms Image
image/png 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=556&m=0&partner=2000&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F2000%2F200316%2Fc7db8369314c442a8dd94287a8ff8fb8_square.png&v=3&w=196&s=loeMtlkim-6Lgi7usjX_LWab

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

232a6ac91462da5b10eeab6cd35f3fb33f84f3436184f3cd1f568a7fc0da1152

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:14 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=30537990
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11239
expires: Mon, 20 Nov 2023 00:18:45 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A4F5 30 KB
30 KB 250ms
132ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2000&q=80&r=0&u=https%3A%2F%2Fprod.pictures.autoscout24.net%2Flisting-images%2F1021257f-9697-44b3-a3fb-b82197aaabca_aea1df2b-37e3-491e-941c-39b1c557787f.jpg&v=3&w=400&s=1K01t8z0uPL9sBtWMrCHpw0H&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

b98447cdc81317c151e0fc1ee36ffc699e1d2aade72ee1098e71d2729df01eb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=498319
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 30910
expires: Wed, 07 Dec 2022 07:57:35 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A4F5 23 KB
24 KB 291ms
174ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2000&q=80&r=0&u=https%3A%2F%2Fprod.pictures.autoscout24.net%2Flisting-images%2Fb4648165-bab6-438d-a10e-7621b7db9c20_31162c10-940e-4a78-ac30-84d468f54501.jpg&v=3&w=400&s=urapxuhpmSAvmt4ruvElLtlF&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

76b13c0261c6dc5a58fdddc83e2057c4cd194d1d7a1f724d007c519a609c4a73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:14 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=889913
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 23844
expires: Sun, 11 Dec 2022 20:44:09 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A4F5 26 KB
26 KB 334ms
218ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2000&q=80&r=0&u=https%3A%2F%2Fprod.pictures.autoscout24.net%2Flisting-images%2F343e2d23-60a4-4430-baae-2e3084ef3ba6_74baf441-95d3-4d99-9010-862365876dc3.jpg&v=3&w=400&s=4YX_UwgWGspTt069jrxdJFih&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

354daab931356997ea1d40bcc36db3ec8a3eaa7d480f446b0e9db1c69707c5cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1194560
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26460
expires: Thu, 15 Dec 2022 09:21:36 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A4F5 15 KB
16 KB 329ms
213ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2000&q=80&r=0&u=https%3A%2F%2Fprod.pictures.autoscout24.net%2Flisting-images%2F101563d8-983c-4d70-bff6-8779220c29d9_b7020f76-271c-474b-abd5-96737e40b383.jpg&v=3&w=400&s=PDbI8zUyV8V4NykWkqy1QXHd&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

3101c3777f12e614e321702e6fa647edb9caed85fc0655d60fe008f7f1a0567c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=542496
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15864
expires: Wed, 07 Dec 2022 20:13:52 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A4F5 17 KB
17 KB 342ms
235ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2000&q=80&r=0&u=https%3A%2F%2Fprod.pictures.autoscout24.net%2Flisting-images%2F2e739ebe-36e6-4cc2-a5ac-831b417af5d2_8045d037-dd97-4ba0-aba3-de255dcb5f48.jpg&v=3&w=400&s=GKOpRcoYen6yhKAt8v6AT1Tn&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

2e6051d6a376eb860955fabbfdbcc87f0ef8b53e2ee449166f1ec7dc45641bcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:14 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1194537
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 17104
expires: Thu, 15 Dec 2022 09:21:13 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A4F5 26 KB
26 KB 241ms
240ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2000&q=80&r=0&u=https%3A%2F%2Fprod.pictures.autoscout24.net%2Flisting-images%2F08ed5b17-7c96-4395-8996-ee2fbedb3e38_2963c44e-45b6-47fa-8c3a-683942724af8.jpg&v=3&w=400&s=8uRMQMirEMx-WJ99skOu168-&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

de1d1ea67ffab1d3af6e245a8bd51745ab572f91f638c5950cf4476f85df15ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=432157
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26712
expires: Tue, 06 Dec 2022 13:34:52 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A4F5 64 KB
64 KB 214ms
213ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=1200&m=0&partner=2000&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F2000%2F220429%2F6bc45b3660db416794ce8e9fb57f0848_img_horizontal_1.png&v=3&w=1200&s=8EELVkwsTz09LiX3fPoydoxu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

28bd28a5cc51e0a9009a10e9190a28cdeb77187019de358cc827dd4cb6f6c830

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=28531779
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 65466
expires: Fri, 27 Oct 2023 19:01:55 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame A4F5 0
128 B 200ms
67ms Ping
text/plain 2a02:2638::21
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=sFGa3mn0P-sSUZ_0DukbWhbH_8uahUoVi2JDGck4ai5mVa_fgVoNCoTnyEtQK4qR52WDSVQNqjKwCPc4aU3Gx99XGH4N9zzK2r0FFwOcHGmDzZMOjKtXzhgSaYxAFLVxiC0MS4My1IHxx9TFpmmJJLiP9rhcfj7u65TNl04eeN4JObcWUeiMrqA7p_35w2jRG9g4wO2mB7cg2byXe0KN3z-FjrFw2iLMbdrgrQ13HAJTlqscJ7_Af0-62GcD72silYmbwQ&sds=2&rev=83599&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::21 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 01 Dec 2022 13:32:15 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame A4F5 2 KB
1 KB 56ms
55ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 26 Nov 2023 13:32:15 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame A4F5 2 KB
1 KB 59ms
58ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 26 Nov 2023 13:32:15 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame DE33 4 KB
1 KB 207ms
81ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 12:40:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Dec 2022 13:32:15 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame DE33 205 B
742 B 200ms
65ms Image
image/png 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 12:26:12 GMT
x-content-type-options: nosniff
age: 3963
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 01 Dec 2023 12:26:12 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame DE33 604 B
695 B 201ms
67ms Image
image/png 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 10:17:50 GMT
x-content-type-options: nosniff
age: 11665
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 01 Dec 2023 10:17:50 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/ Frame DE33 19 KB
8 KB 210ms
78ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

578d39c8cc926851f5be1195f339d26cbbf239f2f7cac8b55b349276514b85fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8086
x-xss-protection: 0
server: cafe
etag: 7427986489964165156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Dec 2022 12:22:13 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/ Frame AB9F 35 KB
5 KB 167ms
74ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/index.html

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c50bf3aeb80e399b92a3926d2c11861b0e7ef24b7ba12ff721fc9b2bca3ab65

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 413445
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5128
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sat, 26 Nov 2022 18:41:30 GMT
expires: Sun, 26 Nov 2023 18:41:30 GMT
last-modified: Mon, 07 Nov 2022 15:17:01 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4828 0
0 116ms
115ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CTc5d3qyIY7O1GMaEygXorJnYDqXsqNpttcK52vAQxI6V7o84EAEggainJGCVAqABvuPHsSjIAQmpApNIqBT-Aqk-qAMByANIqgT9AU_Q9UPsmyGEy_xuJ5GKDjAVhXuuscmIW6_j9LukEhB1yE4JGH5U5fuGGkqToWOEV2CL8HLq1ghqbiEh3KwdjzXz7fsK12qJfb2urv5o1tltHA8gyuavz3Aoee1r4U44lwmseRR7GhlhPU9t7xXdWFLRvwexmy5yhNYwwOYN0hKInzSkrUsOf6opkUDYlIl2unZo6cvSuY5PUud8K-7TQLOhfDMFFt7n84MmKzfcCcR9TAWMXKLX9WZezyi_VZQAjITVhA_Q9IRwFBzw1LDJbfMuuYvQgeonkbccYPlkYQ23GtCovGYbryeqQge_gtuRUYnI-XWDiiZ0lIi8YX3ABLrUucOGBJIFBAgEGAGSBQQIBRgEoAYugAe-m5iRA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEKzjCtIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMC0BUBmBYBgBcBshccChoIABIUcHViLTYzODg3MzU2MDk0MTUyMTgYAA&sigh=aDtMVsiOrAM&uach_m=[UACH]&cid=CAQSGwDq26N9WlLXGE1qYs4OcM1h7xS10VW8pj8G8RgBIBM&template_id=419

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 01 Dec 2022 13:32:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame 4828 23 KB
9 KB 141ms
54ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 15:06:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80734
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9428
x-xss-protection: 0
server: cafe
etag: 246362764157784863
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Dec 2022 15:06:41 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame AB9F 6 KB
3 KB 61ms
53ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1195
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2655
x-xss-protection: 0
server: cafe
etag: 4618035238173732404
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 02 Dec 2022 13:12:20 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame AB9F 34 KB
13 KB 61ms
54ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 19:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63549
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 01 Dec 2022 19:53:06 GMT

GET
H3 200 55f836c66dc19877516abfc0f9523dfe.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/ Frame AB9F 103 KB
29 KB 66ms
59ms Script
application/x-javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/55f836c66dc19877516abfc0f9523dfe.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26d5576b7afd456cf1c8c19c0b7d18df5d51bacdbd95d79985f4fbcf61c0773a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 25 Nov 2022 08:08:30 GMT
age: 537825
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30069
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 15:17:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 25 Nov 2023 08:08:30 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame E081 702 B
372 B 188ms
67ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Slabo+27px:400&lang=uk

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=408&adk=1892130580&adf=1283131272&pi=t.aa~a.3421766244~rp.4&w=587&lmt=1669901534&nsk=6bf5178c&rafmt=11&pwprc=7919631635&ad_type=text_image&format=587x408&url=https%3A%2F%2Fanticollector.org.ua%2F&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534934&bpp=2&bdt=4764&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0%2C595x280&nras=3&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=194&ady=1739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=768&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=YAFvPYmuFy&p=https%3A//anticollector.org.ua&dtd=27

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

547acc9e82421e913029cc4fb4e65cf7273c615813c18e504b4ac7847b00658a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 13:32:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Dec 2022 13:32:15 GMT

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame E081 35 KB
14 KB 78ms
73ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/m_js_controller_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9cf4a7e5a645c8578b3397542d9669f2549d2a3cec259b7d393f84fc1eaf73a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 19:52:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14142
x-xss-protection: 0
server: cafe
etag: 14789286559671545279
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Dec 2022 19:52:52 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E081 154 KB
47 KB 254ms
140ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 13:32:16 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame E081 177 KB
177 KB 59ms
57ms Image
image/webp 2a02:2638:1::8
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2000&q=80&r=2&u=https%3A%2F%2Fprod.pictures.autoscout24.net%2Flisting-images%2Fa2dfd09d-01ad-4cab-aae2-9c3846a10cc4_d76f792c-764d-4fa2-838c-b9fa3f131e85.jpg&ups=1&v=3&w=800&s=QwJ9v_CcCYFYrCfoF3ff7MDO

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::8 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

101bd98acb3ee091b0ec8b86b9ff0a585a528ba212417e15e187aaa3e8613813

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=802552
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 181028
expires: Sat, 10 Dec 2022 20:28:08 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame E081 23 KB
9 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 15:06:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80735
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9428
x-xss-protection: 0
server: cafe
etag: 246362764157784863
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Dec 2022 15:06:41 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame E081 3 KB
1 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 12:27:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3912
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Dec 2022 12:27:04 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame E081 18 KB
7 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4203
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Dec 2022 12:22:13 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5FD1 143 B
166 B 58ms
55ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 211
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 13:28:44 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 4828 3 KB
1 KB 81ms
78ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 12:27:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3911
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Dec 2022 12:27:04 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 4828 18 KB
7 KB 79ms
76ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Dec 2022 12:22:13 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 7A04 6 KB
672 B 147ms
70ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 12:29:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Dec 2022 13:32:15 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 7A04 2 KB
765 B 55ms
54ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 11:55:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5820
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Dec 2022 11:55:15 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame 7A04 23 KB
9 KB 59ms
56ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 15:06:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80734
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9428
x-xss-protection: 0
server: cafe
etag: 246362764157784863
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Dec 2022 15:06:41 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 7A04 3 KB
1 KB 70ms
67ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 12:27:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3911
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Dec 2022 12:27:04 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 7A04 18 KB
7 KB 66ms
63ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Dec 2022 12:22:13 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7A04 154 KB
47 KB 126ms
64ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 13:32:15 GMT

GET
H3 200 83de75e735dabeddf4e705de6f0a2f41.js Show response
www.gstatic.com/mysidia/ Frame 7A04 34 KB
14 KB 174ms
53ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/83de75e735dabeddf4e705de6f0a2f41.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9c1e1da0c197ca101c6fd5ae899d10951dd43316c4ed6b3c9bd38877e79023a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 00:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 219175
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14157
x-xss-protection: 0
last-modified: Tue, 15 Nov 2022 00:08:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 27 Feb 2023 00:39:21 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 78DB 0
0 100ms
100ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CNbNk36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPIBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJQjPJWocg86vTzmO1GS16jkjA6-v5ddENrwUAO66Vhwo-1V4Ti3WABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTYzODg3MzU2MDk0MTUyMTgYAA&sigh=4X2Gr1UMlE0&uach_m=[UACH]&cid=CAQSPADq26N9pCN5eaXcZbpL3QBRmB_9LW2cQ7m8nH2vJddeljekSN7wP08uq1H7xVz9Y_UVqBiuF_fHf-ddlRgBIBM&tpd=AGWhJmuvUTE_VBkK8d4YGgod0t5cHlKFISfBULt7ADgYa-6lydYhJhQep3G-tvPzTah1565fRTEH0TR2RxQ1L7p1fMuExzIHD6Yepu20HDBGdLshddT2-cW4QrvBTmEKwcn83GRz_kRG9SrVGvGxkkzwVy3gEtDjF8gRwYlOuOcOLvkAyigT3xcuusdsa_GaxMlqxwnVG0tdtEDVVrZfmvGx9HaZVxCUAfsHJGxuEpYfLIwoK7nEauf_38cIC1Lco-8_g5KlbTCEjftOJsZgxiJ7grkuv9GQXpu_u6u_vRyf2nliRAqF4HyKKAVwJkBxt8uhXsc0GTHoBceM5nGUYYejLyRk-Q0NQkE0SWHkI5-onekQLt4sZFBTAa1MSFPMwQB7H7e29ImP8WtGdPRslwiQoyQ2aKHJVOYdVsMP82DJj8-EqPWSNsCO_dy0VdeetotqV1PgVP3Mabr_vHnlBuwo26D12lK7q-xJnAMohwiPK0A5XhO7sQY26sAM6yhmVIfvY4Bdd2CyBOraFK5vEniZaVEY4n0sRGQoJQs8zvvxD0gDcDzGHp6Jj1S7Jq9h17OlVgjADAtTYLoWvCJgWEUF80JAXksNd3XfD-qxq0Pa6qH0BKd_ic0ISLj_xnOwKfbqlHsx4VYNefxPcvFUdsnH3j4nMbBXmsedhkiI44zzoBPosYUaMVTggBiveQ4QwXVCQKfobP5WBnhADmsOI-mFVxjVPJlx5u03f3xisR6zQ1HItR3LjGdy4jXfOf703s9f9dL6ahWOc3ah7LwEt-df604s_eyWVL6AkPgHlinHKjDSPgcRzmQxf7Kblx1kf1u9LXTzN02wF0GRpaoMJQgb3W7gFY7ui7960HCF1HhZz3sPnJts1LKw6iP5eOH-y-shx7fyZZIvuPHd00-1dRJI-J879y_D1aDfLBFNQA2wkZ_2n-PeGl4blGJtJsCNlDpbVYAyux76wzh30Ejyeia4M0-1TDKN3sdJQ0HM8gkGk06CWp_lJTU1l5fwpnvCTu9ERyFOi2ROflSVSfnriazNYPQ9JCnkHZ9PiX8H6PrpagQKIHaGBthGOpsO_Lcu0TlebCb3_tIMUjsPHJiSE9RcLZvj-XTizdrgzuhpn_UpMLZhlV23

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&adk=3284590858&adf=1881589701&pi=t.aa~a.406515613~rp.1&w=595&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&to=qs&pwprc=7919631635&format=595x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534909&bpp=2&bdt=4739&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0&nras=2&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=1222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=d6rITNzilw&p=https%3A//anticollector.org.ua&dtd=17
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 01 Dec 2022 13:32:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 78DB 2 KB
2 KB 1238ms
539ms Script
application/x-javascript 103.229.205.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpOa05qSTBNelV0WlRabVpTMHdaak0xTFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NTA2MTgwODY1NDQ1MzgyNDcvNjYyMjMyOC80NTYyMzA2LzQvaFUtMGdHckFiakVwM0R6YU1CU0tRSXZIdXFsZmRaS2xsWHNORlRhcVR1RS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8xNzUwNjE4MDg2NTQ0NTM4MjQ3L3pyaC8wLzE0Ny82MC85OTkvMzIyLzJhMDE6NGEwOjJjOjovMC4wMDAvMTY2OTkwMTUzNS8xNjY5OTE0MTM1LzQvcHViLTYzODg3MzU2MDk0MTUyMTgv/BU3y2TY-H3SH9BSw8jw89C1UZog&nodeid=3811&group=zrh&auctionid=1750618086544538247&pbs_auctionid=1750618086544538247&shardkey=1750618086544538247&sid=4562306&cid=6622328&bp=a_afdfcg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.96&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8ilt36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPUBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJADHoyCucV6xeaisewW3VflXU4VfzW8nsEsVAlFQ0mSYme8evjPhFW76ABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0hY10M73yN8roqckj2SbnLLlDF9g%26client%3Dca-pub-6388735609415218%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&adk=3284590858&adf=1881589701&pi=t.aa~a.406515613~rp.1&w=595&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&to=qs&pwprc=7919631635&format=595x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534909&bpp=2&bdt=4739&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0&nras=2&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=1222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=d6rITNzilw&p=https%3A//anticollector.org.ua&dtd=17
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.229.205.242 , Singapore, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.372.0 /
Resource Hash: aee424ce64345ca2246ce2fa1b3acab63795445d5fb54e90ef912d09c7e8c750

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 01 Dec 2022 13:32:17 GMT
x-mm-nodeid: 3811
Content-Encoding: gzip
x-mm-bid-request-time: 1669901535
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: close
x-mm-handled-by-owner: true
Last-Modified: Thu, 01 Dec 2022 13:32:15 GMT
Server: MMBD/3.372.0
x-mm-latency: 258 (0)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: nrt-router-x11, zrh-bidder-x73
x-mm-lag: 1
Expires: Thu, 01 Dec 2022 13:32:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 78DB 3 KB
1 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&adk=3284590858&adf=1881589701&pi=t.aa~a.406515613~rp.1&w=595&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&to=qs&pwprc=7919631635&format=595x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534909&bpp=2&bdt=4739&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0&nras=2&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=1222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=d6rITNzilw&p=https%3A//anticollector.org.ua&dtd=17

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 12:27:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3911
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Dec 2022 12:27:04 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 78DB 18 KB
7 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 12:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Dec 2022 12:22:13 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 78DB 0
0 188ms
63ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT0CC65NkoPMATZ3AmBZRL-oIrmSvddKumKZRdyy-l_OSVjkIfWv8vbzltMQbpRUWXHHJHWmqPUEKKyB7NxW1CfTU7_Hw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&adk=3284590858&adf=1881589701&pi=t.aa~a.406515613~rp.1&w=595&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&to=qs&pwprc=7919631635&format=595x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534909&bpp=2&bdt=4739&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0&nras=2&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=1222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=d6rITNzilw&p=https%3A//anticollector.org.ua&dtd=17
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 78DB 154 KB
47 KB 135ms
129ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 13:32:16 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame AB9F 5 KB
657 B 68ms
66ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:500|Raleway:600|Raleway:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/55f836c66dc19877516abfc0f9523dfe.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2db0a43cf6d5a3f65b457a78124848371e3c4b0feea7017842ab3542164b6804

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 01 Dec 2022 13:32:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 13:32:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Dec 2022 13:32:16 GMT

GET
H3 200 83dc37e0aa1a9e1f34837ce75c9e8fd7.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/media/ Frame AB9F 7 KB
7 KB 57ms
56ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/media/83dc37e0aa1a9e1f34837ce75c9e8fd7.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468f9f117aa33043232668ac8a3e04ef67567dd43bd28dde9a3e58353c5f42d8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 25 Nov 2022 21:11:45 GMT
x-content-type-options: nosniff
age: 490831
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7435
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 15:17:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 25 Nov 2023 21:11:45 GMT

GET
H3 200 cd2696fd4b4633d9b42115314ccf4590.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/media/ Frame AB9F 349 B
288 B 56ms
55ms Image
image/svg+xml 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/media/cd2696fd4b4633d9b42115314ccf4590.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afbbb050849fcbc7c6d14145c41703ab3c3758800fec218fd7ce81cdf654896e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 26 Nov 2022 19:49:34 GMT
age: 409362
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 256
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 15:17:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 26 Nov 2023 19:49:34 GMT

GET
H3 200 725ac573ccb18f0aa0754e24180c8111.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/media/ Frame AB9F 2 KB
2 KB 58ms
57ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/media/725ac573ccb18f0aa0754e24180c8111.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62dc503c777db5a88b1222664aff25b15d27b354dad07cc42bf1c9f79b06011e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 25 Nov 2022 21:11:45 GMT
x-content-type-options: nosniff
age: 490831
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1758
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 15:17:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 25 Nov 2023 21:11:45 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5FD1
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

68ms
67ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 13:32:16 GMT
expires: Thu, 01 Dec 2022 13:32:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 13:32:16 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4828 154 KB
47 KB 91ms
90ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 13:32:16 GMT

GET
H3 200 2185dce47bd07b77ada4a81889dba2c6.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/media/ Frame AB9F 11 KB
11 KB 58ms
58ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/media/2185dce47bd07b77ada4a81889dba2c6.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3907d7ef409c89a549ed62e9b4fd5af7dce60f6f1acb57d2f8ded07685e85a90

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Mon, 28 Nov 2022 16:20:07 GMT
x-content-type-options: nosniff
age: 249129
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10787
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 15:17:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 28 Nov 2023 16:20:07 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E081 0
0 101ms
99ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C2atI36yIY-CnHZOLywWW4r-QCcme0rFc1Z2R93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi02Mzg4NzM1NjA5NDE1MjE4yAEJqQJWknJr94OxPqgDAcgDAqoE8gFP0Ceqk2bVmSw8Ya7TxKZSpF6syMjSXqaUmv9I5XplumsgRx6hmaFHm1jBAx1Oqhss-JNrz1v4BTh9hwYlvJ37Dn9XbE4ggmMqq3zCN1HAQdkUphBYSbwX2qiCSqG3uiEVpdLfouF5yspEInstk7mBL_PC0FvWTGgqdTqqD_hnZJDbQcRh3C894ZaMtKYdk41WDdoLP0HP1aXPZPCfg-muvYh6feBs1a-nalnVxtv-n7bOpM2T7eOw3JkqxElIF9nPjEfFGeiLGCVSPgCiR70QmSEpcXHzqM1t3U3Ih_W6p49Q193MogXkepQmYoAkYQNtOIAG8vvY7IzX0bqTAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNjM4ODczNTYwOTQxNTIxOBgA&sigh=ozPuS7olcSI&uach_m=[UACH]&cid=CAQSPADq26N9UJAOd-TTPlMoPGWUwDWoZHhpNHYBg7XQj5xvAda5cSfqN1rPZmfbrv8ZzzXUMK4N8TguiwghOBgBIBM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=408&adk=1892130580&adf=1283131272&pi=t.aa~a.3421766244~rp.4&w=587&lmt=1669901534&nsk=6bf5178c&rafmt=11&pwprc=7919631635&ad_type=text_image&format=587x408&url=https%3A%2F%2Fanticollector.org.ua%2F&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534934&bpp=2&bdt=4764&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0%2C595x280&nras=3&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=194&ady=1739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=768&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=YAFvPYmuFy&p=https%3A//anticollector.org.ua&dtd=27
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 01 Dec 2022 13:32:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 lgn.php Show response
cat.nl.eu.criteo.com/delivery/ Frame E081 43 B
348 B 334ms
52ms Fetch
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://cat.nl.eu.criteo.com/delivery/lgn.php?cppv=3&cpp=Mu9gtx9fnXu15U6gA6_VZrmLixp7164RoEPDS4RuqJPmBc7in1v-CZphEBEzz1T_clSCOQAZKMuR4C2EjYGkYw2C9RJtbR_-R7lTvl_HUHbfobT-sRWw29KXCOR6TjgKpz16V7Aup6VFAzpopI_BLqqMK5a6fVrStajCiDnY1m3nhHO8XmE5cEGK3O7u_pWeUdXZ2_gB-LkB1jqfqqz0XRjNu0BSu1nmuHRBDPEJAuoowRPRYS_Ios2LVdeqTX-qxp_6CkKFwckGO6ILupkQp5IG9D3tnL0348_qWifkkgPWkH2IMpADVtmDM_yppJRGSivJ2pgdqQn1mjHg11RjmUeYV8jVFoKylncVMNu5WIy2rtgdwu6xdbeTQnq2dFlS7b0M1AwMAZoxUBP60IOwsZgOt-e4xCgPRH06WlqWuEjIs-ZNHo6Y6aMC6w-3GtEMthku6Q&z=Y4is3wAHU-AKssWTAA_xFi04js2nbZ_74wTYkg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:16 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2988138
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame E081 0
0 182ms
56ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=kv79EorGMAAAnYNiAgIAAAB8VX-gbVCVgeCtqN8Q3qyIY_L9ZR-9EORH6N_mABIDAQ&wp=Y4is3wAHU-AKssWTAA_xFi04js2nbZ_74wTYkg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:15 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 186029
content-length: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E081 0
0 96ms
93ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C2Tuf36yIY-CnHZOLywWW4r-QCcme0rFc1Z2R93DAjbcBEAEgAGCVAoIBF2NhLXB1Yi02Mzg4NzM1NjA5NDE1MjE4yAEJqQJWknJr94OxPqgDAaoE8gFP0Ceqk2bVmSw8Ya7TxKZSpF6syMjSXqaUmv9I5XplumsgRx6hmaFHm1jBAx1Oqhss-JNrz1v4BTh9hwYlvJ37Dn9XbE4ggmMqq3zCN1HAQdkUphBYSbwX2qiCSqG3uiEVpdLfouF5yspEInstk7mBL_PC0FvWTGgqdTqqD_hnZJDbQcRh3C894ZaMtKYdk41WDdoLP0HP1aXPZPCfg-muvYh6feBs1a-nalnVxtv-n7bOpM2T7eOw3JkqxElIF9nPjEfFGeiLGCVSPgCiR70QmSEpcXHzqM1t3U3Ih_W6p49Q193MogXkepQmYoAkYQNtOIAG8vvY7IzX0bqTAaAGIagHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNjM4ODczNTYwOTQxNTIxOBgA&sigh=KM1h6fj8viM&uach_m=[UACH]&cid=CAQSPADq26N9UJAOd-TTPlMoPGWUwDWoZHhpNHYBg7XQj5xvAda5cSfqN1rPZmfbrv8ZzzXUMK4N8TguiwghOBgBIBM&vt=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=408&adk=1892130580&adf=1283131272&pi=t.aa~a.3421766244~rp.4&w=587&lmt=1669901534&nsk=6bf5178c&rafmt=11&pwprc=7919631635&ad_type=text_image&format=587x408&url=https%3A%2F%2Fanticollector.org.ua%2F&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534934&bpp=2&bdt=4764&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0%2C595x280&nras=3&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=194&ady=1739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=768&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=YAFvPYmuFy&p=https%3A//anticollector.org.ua&dtd=27
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 01 Dec 2022 13:32:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 829F 143 B
166 B 55ms
53ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=408&adk=1892130580&adf=1283131272&pi=t.aa~a.3421766244~rp.4&w=587&lmt=1669901534&nsk=6bf5178c&rafmt=11&pwprc=7919631635&ad_type=text_image&format=587x408&url=https%3A%2F%2Fanticollector.org.ua%2F&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534934&bpp=2&bdt=4764&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0%2C595x280&nras=3&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=194&ady=1739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=768&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=YAFvPYmuFy&p=https%3A//anticollector.org.ua&dtd=27
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 212
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 13:28:44 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DB41 1 KB
643 B 59ms
57ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 12087
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 10:10:49 GMT
etag: 48472445140208031
expires: Fri, 02 Dec 2022 10:10:49 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E081 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9582624e42d4047d93c015f1d789e89c8472f6446cf620e0d020e9f419984a65

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 mFT0WbgBwKPR_Z4hGN2qgx8D1Q.woff2
fonts.gstatic.com/s/slabo27px/v12/ Frame E081 16 KB
16 KB 62ms
62ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/slabo27px/v12/mFT0WbgBwKPR_Z4hGN2qgx8D1Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Slabo+27px:400&lang=uk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40a107df0695c5f1741f0d7ec22820ed31c440b29c07c111a6aaad7eec3a2558

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 19:06:22 GMT
x-content-type-options: nosniff
age: 152754
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15872
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:26:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Nov 2023 19:06:22 GMT

GET
H3 200 api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js Show response
pagead2.googlesyndication.com/bg/ Frame 7B1A 36 KB
16 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a98bdefd73410963a41036b4bc4d25b080aaec85db7ebd132a12d3aa17e8586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 06:19:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25955
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 06:19:41 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame DB41 35 B
463 B 193ms
61ms Image
image/gif 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEC5RsRYfolTR6w2IsmVpqEo&google_cver=1&google_push=ASkJ3FZcdM1QYOYcw8FoarCeepid1KxaQx4M1fjmH76YA13wAcDF0zlk7XHASs9Fd3UlZk2yepiF-bozNznK3gVFCbkcBTAyNpcy

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:16 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DB41
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESECr-8APUaT9hfZae-uwyrLo&google_cver=1&google_push=ASkJ3FYIUtOW_sBxjmI05NqtvUiZjHw-e5G0whWWmX2Q7G_2vUIiwnYs34-xM7thfqcFvCk9MjEAv6AO2z5UNjW4_Y8oq1pWWMo
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FYIUtOW_sBxjmI05NqtvUiZjHw-e5G0whWWmX2Q7G_2vUIiwnYs34-xM7thfqcFvCk9MjEAv6AO2z5UNjW4_Y8oq1pWWMo&google_hm=Q0FFU0VDci04QVBVYVQ5aG...

170 B
188 B

235ms
111ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FYIUtOW_sBxjmI05NqtvUiZjHw-e5G0whWWmX2Q7G_2vUIiwnYs34-xM7thfqcFvCk9MjEAv6AO2z5UNjW4_Y8oq1pWWMo&google_hm=Q0FFU0VDci04QVBVYVQ5aGZaYWUtdXd5ckxv

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 01 Dec 2022 13:32:16 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FYIUtOW_sBxjmI05NqtvUiZjHw-e5G0whWWmX2Q7G_2vUIiwnYs34-xM7thfqcFvCk9MjEAv6AO2z5UNjW4_Y8oq1pWWMo&google_hm=Q0FFU0VDci04QVBVYVQ5aGZaYWUtdXd5ckxv
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame DB41 43 B
351 B 218ms
67ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEC4ebZaEMujUmre41ZP0LC4&google_cver=1&google_push=ASkJ3FYiSFaV1kPrMxz6OofQhyD7KZ2h9SQRNnDZW7e5GC31lXxTuGicvvp3mDUnbTIe0fVc4M6OOe1JBguRWBguiqtpaXdJbAKI
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=408&adk=1892130580&adf=1283131272&pi=t.aa~a.3421766244~rp.4&w=587&lmt=1669901534&nsk=6bf5178c&rafmt=11&pwprc=7919631635&ad_type=text_image&format=587x408&url=https%3A%2F%2Fanticollector.org.ua%2F&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534934&bpp=2&bdt=4764&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0%2C595x280&nras=3&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=194&ady=1739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=768&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=YAFvPYmuFy&p=https%3A//anticollector.org.ua&dtd=27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:15 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 5gmvufokd7u7ta755aaqqic34kpcb62m

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DB41
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Uw9mbSEzQ0-u6HeHI-gQfA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

111ms
110ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Uw9mbSEzQ0-u6HeHI-gQfA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FaZTZZSj-sH6fxTPzF9EMEfOa8H58smuQtiy6TvdFTKKvlp-r1aKaXXAFVcd38eOnw9UJZ73Gg0Gvxktk1LsdaepVQa_pI7

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Uw9mbSEzQ0-u6HeHI-gQfA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FaZTZZSj-sH6fxTPzF9EMEfOa8H58smuQtiy6TvdFTKKvlp-r1aKaXXAFVcd38eOnw9UJZ73Gg0Gvxktk1LsdaepVQa_pI7
date: Thu, 01 Dec 2022 13:32:16 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DB41
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPJpqWztodbrKifPudkrH2w&google_cver=1&google_push=ASkJ3FYr5OSCp_mf8sZb6m9a7W4Pu13Sld3xJDXJ_7RwHT2U5xpg16mNhNG5U4rDWzbbaXbdzXp...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEI1NDlDMU0tMTAtNEZIVQ==&google_push=ASkJ3FYr5OSCp_mf8sZb6m9a7W4Pu13Sld3xJDXJ_7RwHT2U5xpg16mNhNG5U4rDWzbbaXbdzXpQQaY5rcJeIl3JA5uT99B7i7I

170 B
188 B

175ms
67ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEI1NDlDMU0tMTAtNEZIVQ==&google_push=ASkJ3FYr5OSCp_mf8sZb6m9a7W4Pu13Sld3xJDXJ_7RwHT2U5xpg16mNhNG5U4rDWzbbaXbdzXpQQaY5rcJeIl3JA5uT99B7i7I

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEI1NDlDMU0tMTAtNEZIVQ==&google_push=ASkJ3FYr5OSCp_mf8sZb6m9a7W4Pu13Sld3xJDXJ_7RwHT2U5xpg16mNhNG5U4rDWzbbaXbdzXpQQaY5rcJeIl3JA5uT99B7i7I
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DB41
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_push=AS...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_hm=Y4is4NUZEbCEvFGO_fGR5QAABIEAAAAB&google_nid=index&google_push=ASkJ3FaibB81jDJsYjfFBei4C2J6nkS_PSvxs...

170 B
188 B

91ms
90ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_hm=Y4is4NUZEbCEvFGO_fGR5QAABIEAAAAB&google_nid=index&google_push=ASkJ3FaibB81jDJsYjfFBei4C2J6nkS_PSvxsH28Pma7j0GfCjr8z-_ebNqN6qX9Xqq_Ejv_tcKnU4v4Oy-E8TGadyjrAYWAt7Bp

Requested by

Host: anticollector.org.ua
URL: https://anticollector.org.ua/

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:16 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2nWV1l%2B4AnegUY3wRJmPq2zvdjvjs0HnAuWSraf%2BghzGccDNioz5%2F5urdZ4s2PgbTo4GavIGdWtTFqt7%2FP%2B5tcuK8HXXkFUk9qTYZdlTExI6T4VeDRX%2BcFvnqHP3ipq4CKOc%2Bo5e%2BL4VPA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_hm=Y4is4NUZEbCEvFGO_fGR5QAABIEAAAAB&google_nid=index&google_push=ASkJ3FaibB81jDJsYjfFBei4C2J6nkS_PSvxsH28Pma7j0GfCjr8z-_ebNqN6qX9Xqq_Ejv_tcKnU4v4Oy-E8TGadyjrAYWAt7Bp
cache-control: no-cache
cf-ray: 772c301bff3ddd87-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 200 trk
ag.innovid.com/ Frame DB41 43 B
296 B 330ms
46ms Image
image/gif 2a05:d01c:1d8:8100:2de7:20d7:fcf5:3f3d
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEA-IhvenFqMBQvngrv_Z_cc&google_cver=1&google_push=ASkJ3FY0X6tjPPl1gRw5FuAFstDHT3lM0u0z-LEJE7kjxyfi6paQnmCDBzRR349CaOL12JopUsgz1ihweHvpQOpq92Y4AT5Jkheo
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=408&adk=1892130580&adf=1283131272&pi=t.aa~a.3421766244~rp.4&w=587&lmt=1669901534&nsk=6bf5178c&rafmt=11&pwprc=7919631635&ad_type=text_image&format=587x408&url=https%3A%2F%2Fanticollector.org.ua%2F&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534934&bpp=2&bdt=4764&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0%2C595x280&nras=3&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=194&ady=1739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=768&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=YAFvPYmuFy&p=https%3A//anticollector.org.ua&dtd=27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8100:2de7:20d7:fcf5:3f3d London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 01 Dec 2022 13:32:16 GMT
cache-control: no-cache
content-length: 43
request-time: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame DB41 0
223 B 225ms
66ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JYr1osbGOQGmKTt9KG0_Lb9vitD_vB29PXH1JhrTH2E9p7As6HGCi8uCLOPEY4XIkItkg9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:16 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 829F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

1988ms
1987ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 13:32:18 GMT
expires: Thu, 01 Dec 2022 13:32:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 13:32:16 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js Show response
pagead2.googlesyndication.com/bg/ Frame AB9F 36 KB
16 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a98bdefd73410963a41036b4bc4d25b080aaec85db7ebd132a12d3aa17e8586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 06:19:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25955
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 06:19:41 GMT

GET
H/1.1 200
OK h78o6ojw9z7r Show response
hal9000.redintelligence.net/zone/ Frame 78DB 11 KB
4 KB 191ms
60ms Script
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/h78o6ojw9z7r?subid=&rnd=1750618086544538247&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DuMQok0vs8DlzcjiEc5CPPw%26exch_seat%3D20035004448%26mt_aid%3D1750618086544538247%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_cid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8ilt36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPUBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJADHoyCucV6xeaisewW3VflXU4VfzW8nsEsVAlFQ0mSYme8evjPhFW76ABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0hY10M73yN8roqckj2SbnLLlDF9g%2526client%253Dca-pub-6388735609415218%2526adurl%253D%26redirect%3D
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 0acb91dd20859674fd0ecb1c5bb01b2fcc5581b057344a3e087eccf8bec2197b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 01 Dec 2022 13:32:17 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3492
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 78DB 49 B
329 B 545ms
544ms Image
image/gif 103.229.205.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=1750618086544538247&node_id=3811&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpOa05qSTBNelV0WlRabVpTMHdaak0xTFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NTA2MTgwODY1NDQ1MzgyNDcvNjYyMjMyOC80NTYyMzA2LzQvaFUtMGdHckFiakVwM0R6YU1CU0tRSXZIdXFsZmRaS2xsWHNORlRhcVR1RS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8xNzUwNjE4MDg2NTQ0NTM4MjQ3L3pyaC8wLzE0Ny82MC85OTkvMzIyLzJhMDE6NGEwOjJjOjovMC4wMDAvMTY2OTkwMTUzNS8xNjY5OTE0MTM1LzQvcHViLTYzODg3MzU2MDk0MTUyMTgv/BU3y2TY-H3SH9BSw8jw89C1UZog&nodeid=3811&group=zrh&auctionid=1750618086544538247&pbs_auctionid=1750618086544538247&shardkey=1750618086544538247&sid=4562306&cid=6622328&bp=a_afdfcg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.96&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8ilt36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPUBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJADHoyCucV6xeaisewW3VflXU4VfzW8nsEsVAlFQ0mSYme8evjPhFW76ABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0hY10M73yN8roqckj2SbnLLlDF9g%26client%3Dca-pub-6388735609415218%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.229.205.242 , Singapore, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.372.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 01 Dec 2022 13:32:17 GMT
Server: MMBD/3.372.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: nrt-router-x14, zrh-bidder-x73
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Thu, 01 Dec 2022 13:32:16 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 78DB 43 B
403 B 283ms
158ms Image
image/gif 184.30.20.207
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=1750618086544538247&v3=651871&v4=4562306&v5=6622328&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpOa05qSTBNelV0WlRabVpTMHdaak0xTFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NTA2MTgwODY1NDQ1MzgyNDcvNjYyMjMyOC80NTYyMzA2LzQvaFUtMGdHckFiakVwM0R6YU1CU0tRSXZIdXFsZmRaS2xsWHNORlRhcVR1RS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8xNzUwNjE4MDg2NTQ0NTM4MjQ3L3pyaC8wLzE0Ny82MC85OTkvMzIyLzJhMDE6NGEwOjJjOjovMC4wMDAvMTY2OTkwMTUzNS8xNjY5OTE0MTM1LzQvcHViLTYzODg3MzU2MDk0MTUyMTgv/BU3y2TY-H3SH9BSw8jw89C1UZog&nodeid=3811&group=zrh&auctionid=1750618086544538247&pbs_auctionid=1750618086544538247&shardkey=1750618086544538247&sid=4562306&cid=6622328&bp=a_afdfcg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.96&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8ilt36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPUBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJADHoyCucV6xeaisewW3VflXU4VfzW8nsEsVAlFQ0mSYme8evjPhFW76ABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0hY10M73yN8roqckj2SbnLLlDF9g%26client%3Dca-pub-6388735609415218%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-207.deploy.static.akamaitechnologies.com
Software: MT3 169 32252b7 master iad-pixel-x7 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 01 Dec 2022 13:32:17 GMT
Server: MT3 169 32252b7 master iad-pixel-x7 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Dec 2022 13:32:16 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 78DB 49 B
329 B 1349ms
803ms Image
image/gif 103.229.205.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=1750618086544538247&st=4562306&time=1669901536&nodeid=3811
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpOa05qSTBNelV0WlRabVpTMHdaak0xTFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NTA2MTgwODY1NDQ1MzgyNDcvNjYyMjMyOC80NTYyMzA2LzQvaFUtMGdHckFiakVwM0R6YU1CU0tRSXZIdXFsZmRaS2xsWHNORlRhcVR1RS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8xNzUwNjE4MDg2NTQ0NTM4MjQ3L3pyaC8wLzE0Ny82MC85OTkvMzIyLzJhMDE6NGEwOjJjOjovMC4wMDAvMTY2OTkwMTUzNS8xNjY5OTE0MTM1LzQvcHViLTYzODg3MzU2MDk0MTUyMTgv/BU3y2TY-H3SH9BSw8jw89C1UZog&nodeid=3811&group=zrh&auctionid=1750618086544538247&pbs_auctionid=1750618086544538247&shardkey=1750618086544538247&sid=4562306&cid=6622328&bp=a_afdfcg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.96&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8ilt36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPUBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJADHoyCucV6xeaisewW3VflXU4VfzW8nsEsVAlFQ0mSYme8evjPhFW76ABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0hY10M73yN8roqckj2SbnLLlDF9g%26client%3Dca-pub-6388735609415218%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.229.205.242 , Singapore, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.372.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 01 Dec 2022 13:32:18 GMT
Server: MMBD/3.372.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: nrt-router-x10, zrh-bidder-x73
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Thu, 01 Dec 2022 13:32:17 GMT

GET
H/1.1

200
OK

request.php Show response
hal900013.redintelligence.net/ Frame 78DB
Redirect Chain

https://hal900013.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=7011f726ce&subid=&uid=f1ad287dc5f2a157&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900013.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=7011f726ce&subid=&uid=f1ad287dc5f2a157&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

3 KB
2 KB

270ms
151ms

Script
application/x-javascript

116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900013.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=7011f726ce&subid=&uid=f1ad287dc5f2a157&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DuMQok0vs8DlzcjiEc5CPPw%26exch_seat%3D20035004448%26mt_aid%3D1750618086544538247%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_cid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8ilt36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPUBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJADHoyCucV6xeaisewW3VflXU4VfzW8nsEsVAlFQ0mSYme8evjPhFW76ABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0hY10M73yN8roqckj2SbnLLlDF9g%2526client%253Dca-pub-6388735609415218%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6388735609415218%26output%3Dhtml%26h%3D280%26adk%3D3284590858%26adf%3D1881589701%26pi%3Dt.aa~a.406515613~rp.1%26w%3D595%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1669901534%26rafmt%3D1%26to%3Dqs%26pwprc%3D7919631635%26format%3D595x280%26url%3Dhttps%253A%252F%252Fanticollector.org.ua%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1669901534909%26bpp%3D2%26bdt%3D4739%26idt%3D2%26shv%3Dr20221110%26mjsv%3Dm202211150101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Db6a50ba13a16324e-222fc22105d800b1%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ%26gpic%3DUID%253D00000b8b23a8fda9%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg%26prev_fmts%3D1200x280%252C0x0%26nras%3D2%26correlator%3D5333894031731%26frm%3D20%26pv%3D1%26ga_vid%3D1555109461.1669901534%26ga_sid%3D1669901534%26ga_hid%3D1475740572%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D815%26ady%3D1222%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C42531705%252C44760911%252C31070993%252C44770880%252C44778739%252C21066434%26oid%3D2%26pvsid%3D140487002954298%26tmod%3D835132519%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D2%26fsb%3D1%26xpc%3Dd6rITNzilw%26p%3Dhttps%253A%2F%2Fanticollector.org.ua%26dtd%3D17&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fanticollector.org.ua&random=711028808477&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&adk=3284590858&adf=1881589701&pi=t.aa~a.406515613~rp.1&w=595&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&to=qs&pwprc=7919631635&format=595x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534909&bpp=2&bdt=4739&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0&nras=2&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=1222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=d6rITNzilw&p=https%3A//anticollector.org.ua&dtd=17
Protocol: HTTP/1.1
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: ec0ef11265a36c3e1663282c547636ecfb309aec6a2cc32efd005c1a4aca8a74

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 01 Dec 2022 13:32:17 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 53967400079930900951407012160013
Connection: close
Content-Length: 1088
Expires: Thu, 01 Dec 2022 13:32:17 +0100

Redirect headers

Pragma: no-cache
Date: Thu, 01 Dec 2022 13:32:17 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=7011f726ce&subid=&uid=f1ad287dc5f2a157&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DuMQok0vs8DlzcjiEc5CPPw%26exch_seat%3D20035004448%26mt_aid%3D1750618086544538247%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_cid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8ilt36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPUBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJADHoyCucV6xeaisewW3VflXU4VfzW8nsEsVAlFQ0mSYme8evjPhFW76ABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0hY10M73yN8roqckj2SbnLLlDF9g%2526client%253Dca-pub-6388735609415218%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6388735609415218%26output%3Dhtml%26h%3D280%26adk%3D3284590858%26adf%3D1881589701%26pi%3Dt.aa~a.406515613~rp.1%26w%3D595%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1669901534%26rafmt%3D1%26to%3Dqs%26pwprc%3D7919631635%26format%3D595x280%26url%3Dhttps%253A%252F%252Fanticollector.org.ua%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1669901534909%26bpp%3D2%26bdt%3D4739%26idt%3D2%26shv%3Dr20221110%26mjsv%3Dm202211150101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Db6a50ba13a16324e-222fc22105d800b1%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ%26gpic%3DUID%253D00000b8b23a8fda9%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg%26prev_fmts%3D1200x280%252C0x0%26nras%3D2%26correlator%3D5333894031731%26frm%3D20%26pv%3D1%26ga_vid%3D1555109461.1669901534%26ga_sid%3D1669901534%26ga_hid%3D1475740572%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D815%26ady%3D1222%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C42531705%252C44760911%252C31070993%252C44770880%252C44778739%252C21066434%26oid%3D2%26pvsid%3D140487002954298%26tmod%3D835132519%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D2%26fsb%3D1%26xpc%3Dd6rITNzilw%26p%3Dhttps%253A%2F%2Fanticollector.org.ua%26dtd%3D17&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fanticollector.org.ua&random=711028808477&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Thu, 01 Dec 2022 13:32:17 +0100

GET
H2 200 / Show response
adv.office-partner.de/ Frame 37E3 930 B
931 B 246ms
110ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=7011f726ce&subid=&uid=f1ad287dc5f2a157&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DuMQok0vs8DlzcjiEc5CPPw%26exch_seat%3D20035004448%26mt_aid%3D1750618086544538247%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_cid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8ilt36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPUBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJADHoyCucV6xeaisewW3VflXU4VfzW8nsEsVAlFQ0mSYme8evjPhFW76ABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0hY10M73yN8roqckj2SbnLLlDF9g%2526client%253Dca-pub-6388735609415218%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6388735609415218%26output%3Dhtml%26h%3D280%26adk%3D3284590858%26adf%3D1881589701%26pi%3Dt.aa~a.406515613~rp.1%26w%3D595%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1669901534%26rafmt%3D1%26to%3Dqs%26pwprc%3D7919631635%26format%3D595x280%26url%3Dhttps%253A%252F%252Fanticollector.org.ua%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1669901534909%26bpp%3D2%26bdt%3D4739%26idt%3D2%26shv%3Dr20221110%26mjsv%3Dm202211150101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Db6a50ba13a16324e-222fc22105d800b1%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ%26gpic%3DUID%253D00000b8b23a8fda9%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg%26prev_fmts%3D1200x280%252C0x0%26nras%3D2%26correlator%3D5333894031731%26frm%3D20%26pv%3D1%26ga_vid%3D1555109461.1669901534%26ga_sid%3D1669901534%26ga_hid%3D1475740572%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D815%26ady%3D1222%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C42531705%252C44760911%252C31070993%252C44770880%252C44778739%252C21066434%26oid%3D2%26pvsid%3D140487002954298%26tmod%3D835132519%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D2%26fsb%3D1%26xpc%3Dd6rITNzilw%26p%3Dhttps%253A%2F%2Fanticollector.org.ua%26dtd%3D17&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fanticollector.org.ua&random=711028808477&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Thu, 01 Dec 2022 13:32:18 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Thu, 08 Dec 2022 13:32:18 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 2867
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=53967400079930900951407012160013&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=53967400079930900951407012160013&actionid=981741&produktid=&dt_url=

0
607 B

202ms
73ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=53967400079930900951407012160013&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=7011f726ce&subid=&uid=f1ad287dc5f2a157&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DuMQok0vs8DlzcjiEc5CPPw%26exch_seat%3D20035004448%26mt_aid%3D1750618086544538247%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_cid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8ilt36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPUBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJADHoyCucV6xeaisewW3VflXU4VfzW8nsEsVAlFQ0mSYme8evjPhFW76ABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0hY10M73yN8roqckj2SbnLLlDF9g%2526client%253Dca-pub-6388735609415218%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6388735609415218%26output%3Dhtml%26h%3D280%26adk%3D3284590858%26adf%3D1881589701%26pi%3Dt.aa~a.406515613~rp.1%26w%3D595%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1669901534%26rafmt%3D1%26to%3Dqs%26pwprc%3D7919631635%26format%3D595x280%26url%3Dhttps%253A%252F%252Fanticollector.org.ua%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1669901534909%26bpp%3D2%26bdt%3D4739%26idt%3D2%26shv%3Dr20221110%26mjsv%3Dm202211150101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Db6a50ba13a16324e-222fc22105d800b1%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ%26gpic%3DUID%253D00000b8b23a8fda9%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg%26prev_fmts%3D1200x280%252C0x0%26nras%3D2%26correlator%3D5333894031731%26frm%3D20%26pv%3D1%26ga_vid%3D1555109461.1669901534%26ga_sid%3D1669901534%26ga_hid%3D1475740572%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D815%26ady%3D1222%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C42531705%252C44760911%252C31070993%252C44770880%252C44778739%252C21066434%26oid%3D2%26pvsid%3D140487002954298%26tmod%3D835132519%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D2%26fsb%3D1%26xpc%3Dd6rITNzilw%26p%3Dhttps%253A%2F%2Fanticollector.org.ua%26dtd%3D17&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fanticollector.org.ua&random=711028808477&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 01 Dec 2022 13:32:18 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Thu, 01 Dec 2022 02:32:19 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Thu, 01 Dec 2022 13:32:18 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=53967400079930900951407012160013&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40027
X-IPLB-Request-ID: 52C78226:DC6C_91EFC182:01BB_6388ACE1_DFCB1C5:491D

GET
H2 200 link.html Show response
track.webgains.com/ Frame 78DB 2 KB
2 KB 625ms
91ms Script
text/html 13.41.118.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=53967400079930900951407012160013&nw=1
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.41.118.175 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-41-118-175.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: abf1ad45051decb861be15c472c3dab5f377a4f436a19dcab93d36d9f6e86e17

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:18 GMT
last-modified: Thu, 01 Dec 2022 13:32:18 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Thu, 01 Dec 2022 13:33:18 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900013.redintelligence.net/ Frame AE8D 7 KB
2 KB 177ms
60ms Document
text/html 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900013.redintelligence.net/request_content.php?s=53967400079930900951407012160013&a=89f444ae
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request.php?zone=h78o6ojw9z7r&nw=20&renderingType=javascript&namespace=7011f726ce&subid=&uid=f1ad287dc5f2a157&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DuMQok0vs8DlzcjiEc5CPPw%26exch_seat%3D20035004448%26mt_aid%3D1750618086544538247%26mt_id%3D6622328%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_cid%3D50066388-ace0-4c01-a317-b3fd2dbe2f5b%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8ilt36yIY6f0HLOXxdwP_e60wAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTYzODg3MzU2MDk0MTUyMTjIAQmoAwGqBPUBT9AjDFxIXholX307Q3n59HBPiRd3SGhZleKLG4YyHDMLXk7HgRa4QLjnJLWAGA8tfDXg0OCQAK2aCIWZKJGWRXPnSToxWL4Hz1i5iMWgtynyO87sdycjsXWHxEBPJ8uQnZs_dMsQ6D15z75Kx0yw7YjKsWsNXj9kTARbMNxO9jsUImeFAjnsyCSugz4RqniYikLCbjR9vwrFQ79dEViuy5B3m1N0c5Up9rU5KD4ljmpezwLZ6J0KJh6m6U3JrrOYlFK7WZiQRFTRIdxJADHoyCucV6xeaisewW3VflXU4VfzW8nsEsVAlFQ0mSYme8evjPhFW76ABsmR95rZ0K-t1AGgBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0hY10M73yN8roqckj2SbnLLlDF9g%2526client%253Dca-pub-6388735609415218%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6388735609415218%26output%3Dhtml%26h%3D280%26adk%3D3284590858%26adf%3D1881589701%26pi%3Dt.aa~a.406515613~rp.1%26w%3D595%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1669901534%26rafmt%3D1%26to%3Dqs%26pwprc%3D7919631635%26format%3D595x280%26url%3Dhttps%253A%252F%252Fanticollector.org.ua%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1669901534909%26bpp%3D2%26bdt%3D4739%26idt%3D2%26shv%3Dr20221110%26mjsv%3Dm202211150101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Db6a50ba13a16324e-222fc22105d800b1%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ%26gpic%3DUID%253D00000b8b23a8fda9%253AT%253D1669901534%253ART%253D1669901534%253AS%253DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg%26prev_fmts%3D1200x280%252C0x0%26nras%3D2%26correlator%3D5333894031731%26frm%3D20%26pv%3D1%26ga_vid%3D1555109461.1669901534%26ga_sid%3D1669901534%26ga_hid%3D1475740572%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D815%26ady%3D1222%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759842%252C42531705%252C44760911%252C31070993%252C44770880%252C44778739%252C21066434%26oid%3D2%26pvsid%3D140487002954298%26tmod%3D835132519%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D2%26fsb%3D1%26xpc%3Dd6rITNzilw%26p%3Dhttps%253A%2F%2Fanticollector.org.ua%26dtd%3D17&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fanticollector.org.ua&random=711028808477&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: 679a7f69f413dab980dde35830768c58fdda62511b5b984bab3b8ae9d431255f

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2131
Content-Type: text/html; charset=utf-8
Date: Thu, 01 Dec 2022 13:32:18 GMT
Expires: Thu, 01 Dec 2022 13:32:18 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 78DB 43 B
704 B 614ms
82ms Image
image/gif 184.24.12.207
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=53967400079930900951407012160013&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.24.12.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-12-207.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 01 Dec 2022 13:32:18 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 78DB
Redirect Chain

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=53967400079930900951407012160013
https://ad-server.eu/wm/pb/native.png

68 B
312 B

278ms
54ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&adk=3284590858&adf=1881589701&pi=t.aa~a.406515613~rp.1&w=595&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&to=qs&pwprc=7919631635&format=595x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534909&bpp=2&bdt=4739&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0&nras=2&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=1222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=d6rITNzilw&p=https%3A//anticollector.org.ua&dtd=17
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 01 Dec 2022 13:35:42 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Thu, 01 Dec 2022 13:32:18 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: 52C78226:DC8A_91EFC182:01BB_6388ACE2_2CD4506:4676
X-IPLB-Instance: 40028
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E2E1 1 KB
643 B 64ms
57ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 12089
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 10:10:49 GMT
etag: 48472445140208031
expires: Fri, 02 Dec 2022 10:10:49 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 78DB 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d535b4d4182ed7adf8eadff6e8346c480ca4450648873f92ebe8e95880e5d3e4

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E2E1
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEC5RsRYfolTR6w2IsmVpqEo&google_cver=1&google_push=ASkJ3FYX7_OWx93rtB_WstRtQ6ZSs9799LPL5LlpifRE7uD6R2f0ufWgBs...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ASkJ3FYX7_OWx93rtB_WstRtQ6ZSs9799LPL5LlpifRE7uD6R2f0ufWgBsBvpktMAy6Ghjt4YcSXlIPNO4oyDPjeCbHoG9Cyebw&google_hm=3qG-sZ8dNpkx1...

170 B
188 B

68ms
67ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ASkJ3FYX7_OWx93rtB_WstRtQ6ZSs9799LPL5LlpifRE7uD6R2f0ufWgBsBvpktMAy6Ghjt4YcSXlIPNO4oyDPjeCbHoG9Cyebw&google_hm=3qG-sZ8dNpkx165TMAJbgQ

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ASkJ3FYX7_OWx93rtB_WstRtQ6ZSs9799LPL5LlpifRE7uD6R2f0ufWgBsBvpktMAy6Ghjt4YcSXlIPNO4oyDPjeCbHoG9Cyebw&google_hm=3qG-sZ8dNpkx165TMAJbgQ
pragma: no-cache
date: Thu, 01 Dec 2022 13:32:18 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E2E1
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DASkJ3FYtsksW1iLuy5bdGpA8vz8teBUoOsLheqotRWoa5ZORDrDzJTJzlfqBvANUoYGblUKsMUznkKdpf-eiwW9yZXaqZ-2spQ&google_gid=CAESEHba4BIz-dv6g9-fL9B--Og&googl...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCOLZopwGEgUI6AcQAEIASm5nb29nbGVfcHVzaD1BU2tKM0ZZdHNrc1cxaUx1eTViZEdwQTh2ejh0ZUJVb09zTGhlcW90UldvYTVaT1JEckR6SlRKemxmcUJ2QU5Vb1lHYmxVS3NNVXpua0tkcGYtZWl3Vz...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwZWtJMzRDUDF1UGRGbEY4bVlxZUN5X0QxSmNWQ1ZPVkFkZGk1cmJPN0l3NA==&google_push

170 B
188 B

67ms
67ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwZWtJMzRDUDF1UGRGbEY4bVlxZUN5X0QxSmNWQ1ZPVkFkZGk1cmJPN0l3NA==&google_push

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 01 Dec 2022 13:32:18 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwZWtJMzRDUDF1UGRGbEY4bVlxZUN5X0QxSmNWQ1ZPVkFkZGk1cmJPN0l3NA==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E2E1
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3Fbr2HXH...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3Fbr2HXH...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEyMDExMzMyMTkwMDAxODI4NDIxOTIyNQ%3D%3D&google_push=ASkJ3Fbr2HXHjbqxnsjRCKhXyTLfhIxtPumH7oR1hdpvFxxRJZe9b5-OGPIy8HVVsVaxf-...

170 B
188 B

68ms
68ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEyMDExMzMyMTkwMDAxODI4NDIxOTIyNQ%3D%3D&google_push=ASkJ3Fbr2HXHjbqxnsjRCKhXyTLfhIxtPumH7oR1hdpvFxxRJZe9b5-OGPIy8HVVsVaxf-sVnDG73GBHWcsDWm9Sjv6EflCrXQ

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEyMDExMzMyMTkwMDAxODI4NDIxOTIyNQ%3D%3D&google_push=ASkJ3Fbr2HXHjbqxnsjRCKhXyTLfhIxtPumH7oR1hdpvFxxRJZe9b5-OGPIy8HVVsVaxf-sVnDG73GBHWcsDWm9Sjv6EflCrXQ
pragma: no-cache
date: Thu, 01 Dec 2022 13:32:19 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Thu, 01 Dec 2022 13:32:19 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame E2E1 43 B
64 B 123ms
67ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEC4ebZaEMujUmre41ZP0LC4&google_cver=1&google_push=ASkJ3FZV_PhsTecpqEJ7S-YRDrJrVCjKQZJBxxs3m7xxZIDIY2tokUr98Sqao-WNzcNQem5tY7D7vVfcceOebp2kBD17IddtgUU
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&adk=3284590858&adf=1881589701&pi=t.aa~a.406515613~rp.1&w=595&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&to=qs&pwprc=7919631635&format=595x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534909&bpp=2&bdt=4739&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0&nras=2&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=1222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=d6rITNzilw&p=https%3A//anticollector.org.ua&dtd=17
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:17 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: ip34eqt6sfuiqhqbo0pjju12epok7jsg

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E2E1
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Uw9mbSEzQ0-u6HeHI-gQfA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

70ms
70ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Uw9mbSEzQ0-u6HeHI-gQfA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FZqVwUvFZ-I-EJjh2hQx1wXxyuiGFpyOaQTzEM_eygl0RwSGRTV88DMS5Di70X4_2DIr8Z3oE1AmeV7fRtJqqUxqwsFxEQ

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Uw9mbSEzQ0-u6HeHI-gQfA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FZqVwUvFZ-I-EJjh2hQx1wXxyuiGFpyOaQTzEM_eygl0RwSGRTV88DMS5Di70X4_2DIr8Z3oE1AmeV7fRtJqqUxqwsFxEQ
date: Thu, 01 Dec 2022 13:32:17 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E2E1
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPJpqWztodbrKifPudkrH2w&google_cver=1&google_push=ASkJ3FYm_kLBPA9_dywunxsfbmZFkpNvKjfxi0aJ2lFccksnLJmPlMj1iXPZOnMHPvBoMfW-S4o...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEI1NDlESFAtVy1CNldS&google_push=ASkJ3FYm_kLBPA9_dywunxsfbmZFkpNvKjfxi0aJ2lFccksnLJmPlMj1iXPZOnMHPvBoMfW-S4oekiS_t_Vffw8FVqh62rfr3NM

170 B
188 B

67ms
67ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEI1NDlESFAtVy1CNldS&google_push=ASkJ3FYm_kLBPA9_dywunxsfbmZFkpNvKjfxi0aJ2lFccksnLJmPlMj1iXPZOnMHPvBoMfW-S4oekiS_t_Vffw8FVqh62rfr3NM

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEI1NDlESFAtVy1CNldS&google_push=ASkJ3FYm_kLBPA9_dywunxsfbmZFkpNvKjfxi0aJ2lFccksnLJmPlMj1iXPZOnMHPvBoMfW-S4oekiS_t_Vffw8FVqh62rfr3NM
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E2E1
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_hm=Y4is4NUZEbCEvFGO_fGR5QAABIEAAAAB&google_nid=index&google_push=ASkJ3FaNZ9OOB630vrZpqBULxBIEpQRkoEXk3...

170 B
188 B

68ms
68ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_hm=Y4is4NUZEbCEvFGO_fGR5QAABIEAAAAB&google_nid=index&google_push=ASkJ3FaNZ9OOB630vrZpqBULxBIEpQRkoEXk3HcsljoOd5D_mFPNIAGbvh-ebPZ-GDLHnzCkAyrDnILIBY2r49cWOK14RaSNAaQ

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 01 Dec 2022 13:32:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2soLR1zEESWXKiRrkqT59NFrE4LrJ%2FJTcQssbVrXh8VBu7qa0ikYZMjHGnGTXT4HkvCbvodRF2oavomA5168wxAocOE4bf%2FRF5saf1a0brmObt67N5stETOQ%2FioMMR6e2OrB%2F8Pg9xlgdg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELXv1FdFtcaaayAp-JOl7qc&google_hm=Y4is4NUZEbCEvFGO_fGR5QAABIEAAAAB&google_nid=index&google_push=ASkJ3FaNZ9OOB630vrZpqBULxBIEpQRkoEXk3HcsljoOd5D_mFPNIAGbvh-ebPZ-GDLHnzCkAyrDnILIBY2r49cWOK14RaSNAaQ
cache-control: no-cache
cf-ray: 772c30274bcadd87-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E2E1 0
12 B 66ms
64ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JNQitSo2OQK52vfLggWpaCzfQlmr-i4cexRWTGNySu45idkyI2K5xze9KCGmqxM6aqWHR5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:18 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 78DB 85 KB
31 KB 197ms
61ms Script
application/javascript 65.9.66.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=53967400079930900951407012160013&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-11.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5f0e58e4c8d23cb8d1453aa9d362f102a4676085ab517acfd34aba74f982d3db

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 07:09:27 GMT
content-encoding: gzip
via: 1.1 2a3a093b493a82493f3431437cb166ac.cloudfront.net (CloudFront)
last-modified: Mon, 31 Oct 2022 15:47:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 22971
etag: W/"faa933973c404f8cfedacd4b67a60b85"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: aI1Bi4Rpwl9Jv8ORaIXuTep9UWv5oZmezRIgXjtcooezpU6UAlFdIg==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 78DB 3 KB
3 KB 176ms
55ms Image
image/png 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1669901838&Signature=D8XlF~Y0P2ZeFY9aOxHarPBg5xATqu2v5XY-5W0JavHNA6~8j8T-BEZVmspqeul-Rwz4fB2c8c2XIjYPhcKKDKuJBIDnZiuoXd97ewy1G-Ig2kqYgPq3m8eatc~KWrIzKPG6PCdXawdhUs9SxLgfFOlZllMXeBCUdalA5dkOXVMH0UK~JlP~g2Mko24C~uDcsHiZJNVFzHmN4OSqZ4L7WgrcMSCSfuM60xLIkVYkH0voz2uIpTkGufssRXUMn6DynuyTlYMp2cEwzyxa4MlU5m1Ktqp5i5Ue4mj4WVshmXxO4ee6RSmi~swrKcz9MpqApyJ~1QndWsLJS6NjXFW0cg__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&adk=3284590858&adf=1881589701&pi=t.aa~a.406515613~rp.1&w=595&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&to=qs&pwprc=7919631635&format=595x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901534909&bpp=2&bdt=4739&idt=2&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db6a50ba13a16324e-222fc22105d800b1%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ&gpic=UID%3D00000b8b23a8fda9%3AT%3D1669901534%3ART%3D1669901534%3AS%3DALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg&prev_fmts=1200x280%2C0x0&nras=2&correlator=5333894031731&frm=20&pv=1&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=1222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=d6rITNzilw&p=https%3A//anticollector.org.ua&dtd=17
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: null
date: Thu, 01 Dec 2022 05:22:44 GMT
via: 1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 29375
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: ncL_x_QOkKp_QIXds96__PWNTmV1opw3JDOsLy7feEJGPGnKcai8Eg==

GET
H3 200 css
fonts.googleapis.com/ Frame AE8D 4 KB
651 B 72ms
72ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=53967400079930900951407012160013&a=89f444ae

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 01 Dec 2022 13:32:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 12:59:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Dec 2022 13:32:18 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame AE8D 17 KB
17 KB 178ms
60ms Image
image/png 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=53967400079930900951407012160013&a=89f444ae
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: b80e0ae054ea19fbb926ae7cff7f775ae5ab63dd87abf9dfe6377b0a852c6399

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 01 Dec 2022 13:32:18 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16879
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame AE8D 16 KB
16 KB 177ms
59ms Image
image/png 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=53967400079930900951407012160013&a=89f444ae
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e2bc3969379524459429afb824e3e9591fce11fb42f25e56753c08f6d03d5b2a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 01 Dec 2022 13:32:18 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16553
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame AE8D 16 KB
16 KB 177ms
60ms Image
image/png 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/pb_goldschmied_1200x627.jpg
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=53967400079930900951407012160013&a=89f444ae
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 40a0a69e5c65e8d79a24ee77045867bb52b04a107c38b94fb57ab65652a522cf

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900013.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 01 Dec 2022 13:32:18 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16497
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 37E3 102 KB
40 KB 179ms
62ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3321a1a874ef23128af7c040d138153e44819ac0738704f8073c62ae43239043

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40355
x-xss-protection: 0
last-modified: Thu, 01 Dec 2022 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 01 Dec 2022 13:32:18 GMT

GET
H/1.1 200
OK viewability Show response
hal900013.redintelligence.net/ Frame AE8D 0
150 B 183ms
65ms Script
text/html 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900013.redintelligence.net/viewability?s=53967400079930900951407012160013&a=18fe9657&vb=m
Requested by: Host: hal900013.redintelligence.net
URL: https://hal900013.redintelligence.net/request_content.php?s=53967400079930900951407012160013&a=89f444ae
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://hal900013.redintelligence.net/request_content.php?s=53967400079930900951407012160013&a=89f444ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 01 Dec 2022 13:32:18 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame AE8D 13 KB
13 KB 57ms
57ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900013.redintelligence.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 19:24:52 GMT
x-content-type-options: nosniff
age: 65246
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Nov 2023 19:24:52 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame AE8D 13 KB
13 KB 61ms
60ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900013.redintelligence.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Nov 2022 13:30:55 GMT
x-content-type-options: nosniff
age: 432083
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Nov 2023 13:30:55 GMT

GET
H2 200 / Show response
socialplugin.facebook.net/new_domain_gating/ 40 B
881 B 299ms
140ms XHR
application/json 2a03:2880:f080:e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://socialplugin.facebook.net/new_domain_gating/?endpoint=customerchat&page_id=105316874997246&suppress_http_code=1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/ru_RU/sdk/xfbml.customerchat.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f080:e:face:b00c:0:2 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cdaab024c0121953419a4a1094ffe2ee9a902df55ee79d792e411bac835b9134

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: br
x-content-type-options: nosniff
date: Thu, 01 Dec 2022 13:32:19 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: QDr1ZKYi6xK7SCC6A7KIyaIpcSRSlZCvK2bIP7t1nnKEx2yt0YHT/gOf4F/KJixIfNf5ksJgHsnmRkO/q4w5qA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/json; charset=utf-8
access-control-allow-origin: https://anticollector.org.ua
cache-control: private, no-cache, no-store, must-revalidate
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 105ms
104ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221110&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90b7f7c5398d74713048912c7b61525172931fe5e7158a189b84ecc23e07d297

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11158
x-xss-protection: 0

POST
H2 204 ngx_pagespeed_beacon Show response
anticollector.org.ua/ 0
93 B 103ms
103ms XHR
text/plain 2a00:7a60:0:1018::1
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://anticollector.org.ua/ngx_pagespeed_beacon?url=https%3A%2F%2Fanticollector.org.ua%2F
Requested by: Host: anticollector.org.ua
URL: https://anticollector.org.ua/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:7a60:0:1018::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anticollector.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 01 Dec 2022 13:32:19 GMT
cache-control: max-age=0, no-cache
x-ray: p17866:0.001/wn26930:0.000/
server: nginx

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 13:32:19 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 307F 13 KB
5 KB 54ms
54ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 567
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 13:22:52 GMT
expires: Fri, 01 Dec 2023 13:22:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A416 783 B
534 B 64ms
64ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

61078e71d005f70c0c87c1ff186dce296bcf00fe1dde92cba2b998aa167e2062

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-q_mZpM9XScLwKPbwqSouvA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://anticollector.org.ua/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-q_mZpM9XScLwKPbwqSouvA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 13:32:19 GMT
expires: Thu, 01 Dec 2022 13:32:19 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
www.facebook.com/plugins/customer_chat/SDK/ 0
3 KB 260ms
159ms XHR
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1c303bace92ed4%26domain%3Danticollector.org.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fanticollector.org.ua%252Ff650b4e0e01518%26relation%3Dparent.parent&current_url=https%3A%2F%2Fanticollector.org.ua%2F&event_name=chat_plugin_sdk_facade_create&is_loaded_by_facade=true&loading_time=0&locale=ru_RU&log_id=c7ca4f0a-7be1-4b82-9078-03b4a88ed31a&page_id=105316874997246&request_time=1669901539290&sdk=joey&should_use_new_domain=false&suppress_http_code=1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/ru_RU/sdk/xfbml.customerchat.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
date: Thu, 01 Dec 2022 13:32:19 GMT
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: jzAmh96B9Kmv6aKlyTzMFF7yULGAsb8ujYw+u84FK3sAAoOrHp3zVJQLtIlIL0v7qp7tN4wR5Ru2xSn+39KFDQ==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://anticollector.org.ua
cache-control: private, no-cache, no-store, must-revalidate
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
www.facebook.com/plugins/customer_chat/facade/ 1 KB
913 B 272ms
172ms XHR
application/json 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/customer_chat/facade/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1c303bace92ed4%26domain%3Danticollector.org.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fanticollector.org.ua%252Ff650b4e0e01518%26relation%3Dparent.parent&current_url=https%3A%2F%2Fanticollector.org.ua%2F&is_loaded_by_facade=true&locale=ru_RU&log_id=c7ca4f0a-7be1-4b82-9078-03b4a88ed31a&page_id=105316874997246&request_time=1669901539290&sdk=joey&should_use_new_domain=false&suppress_http_code=1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/ru_RU/sdk/xfbml.customerchat.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bafd2584206a62dc0c4fa4b7fef288110ad3fb3a23be9ff205f54a4da35c9771

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Thu, 01 Dec 2022 13:32:19 GMT
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 0QbATBGSwYDbqGBJbKMncwLleRwghLP9+eYf5SmYbdFcMGzjucwKZI0cwKgKZFW5D6P0ikvmKr3ngCMTcm243A==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://anticollector.org.ua
cache-control: private, no-cache, no-store, must-revalidate
x-frame-options: DENY
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A416 0
0 200ms
200ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221110&jk=140487002954298&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js Show response
pagead2.googlesyndication.com/bg/ Frame 307F 36 KB
16 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a98bdefd73410963a41036b4bc4d25b080aaec85db7ebd132a12d3aa17e8586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 06:19:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25958
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 06:19:41 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 78DB 16 B
232 B 99ms
99ms Fetch
application/json 3.11.196.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.11.196.201 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-11-196-201.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 01 Dec 2022 13:32:19 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 172ms
45ms Preflight 3.11.196.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.11.196.201 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-11-196-201.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Thu, 01 Dec 2022 13:32:19 GMT
server: nginx

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 307F 0
12 B 54ms
53ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?qzk2fQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 13:32:19 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 / Show response
www.facebook.com/plugins/customer_chat/SDK/ 0
31 B 197ms
144ms XHR
text/html 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1c303bace92ed4%26domain%3Danticollector.org.ua%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fanticollector.org.ua%252Ff650b4e0e01518%26relation%3Dparent.parent&current_url=https%3A%2F%2Fanticollector.org.ua%2F&event_name=chat_plugin_sdk_facade_load&is_loaded_by_facade=true&loading_time=276&locale=ru_RU&log_id=c7ca4f0a-7be1-4b82-9078-03b4a88ed31a&page_id=105316874997246&request_time=1669901539566&sdk=joey&should_use_new_domain=false&suppress_http_code=1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/ru_RU/sdk/xfbml.customerchat.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://anticollector.org.ua/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
date: Thu, 01 Dec 2022 13:32:19 GMT
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: D1Gq0eHn5dj9O+X5HUqJGhJQ4bYJ3iQvEY/hGOeEKVHm07S19TDFOqutrVsVh51uKvBhEuIuorsYGbwCPQqWiQ==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://anticollector.org.ua
cache-control: private, no-cache, no-store, must-revalidate
priority: u=1
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 206ms
206ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221110&jk=140487002954298&bg=!Li2lLWnNAAbvMpMzzzI7ACkAdvg8WlYfV8n8pB9Oc58JxSwzpYF5nXofspuRzROVETXhHDbUBAhTmwIAAABLUgAAAAJoAQcKAOsuYyqtJSgvU4miAFKJjtfZgXjyQRi8Yp0im0bxN4sTvBDcR2xPS-MFaLsIe1W0qdlQ7sIrLOCriOPJBzoJ7YNA2vRJEu5k8L-N_K2tgzfN5Ko4WTWClW8Sv1ISCrTCSFaNVlyJY6gSHhOuU3pyzJ74KrlMHqdRzLsVEtvGfn_0vzSmbN97hb1fVNFa1IgF25ACz5Ai9-XDcYM0OnvuWz1xWvTTdIBAvAgQ7ET4gAXtrGeFQVbAy-bMQwSvZLq7JR4hLle2Q7haiAxtfHo4wdccPY4jynakfCvk6-Qr74BbjtwPxPdvhdN6WZiCmQKdrf4fWncmFEnpDUgiVO272ZYnD3Vp66s8BnDBhS75PMksU0cr1hYcnONlT_qo7CbXUEwwhw2MG3FmmHdANr-Rlon4ngTS8Ii6pBv9J9oaTgnN0UgrphM5Zvpak1rT7tTikHgU7E5_HrjLqkb04uduVPjMlRyTzAfI1zNb2fpFrrKfUwX82JrXXMSESUYjxZRDaTIBLalwTht0LQSab0Vf4Jv4J8I9h4DY7Gsiqt3oT2G68PfjYg3kV6TUu6ziNdJ-JeUsMJOYTJmFALXQu9-tXCRoYJAZKKH4ujzJrVIlvL4Yv2uKDqV1XnbwILrpb3JXzCf9R0pi83KInMEZTyGEmVNrNzHAOyANC8jeudjjmskvQqGmc7ZAbEe9WquPRBbf15alZIdADAqWxxMrRgWAn2Ve15AiczegRKiDZxwnACQu6PsZaRTKiHZSfmk0aYWQv3lzaLUGXdbngrmGqfo_rpgDyIOVCDxZ-lclYwRq6eEsA2Xor18xRTBK75hQY8BkXnazZgvASBqeLLESOweUN36gKuGfOPcDv8yun7NEgYHwof1bxXqnXnSYqIJEk7Ns89y8TVpY3HpVZVtVnOHIgTD5AhKV8oFuo2lyEuvSZRPuXcV--vroPrZ6ixFmTXe0beDz9wo5qDXvn-qSQLtolKmgNfE9jIEddpW4sVaxdz_XeWkHhK9V1F3z7HUlWF3jvOuAkvaZ47J78YmF5DPlg-fhSYUSOsEgR8s_HIiioKFvQt9kCUhjGR-q8oGGJM37qGRV_GG9zcUaDT53fIJ1PjyDvQjamuAsmH-XZROIFlb3_E9QbPCgb9r4DKr79gPx8NY-n6ZQl94OarzuYJcqUuhkTNEqcGFmYDf0FUG2WTsCsW5bRaIfOTo2VmHV
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://anticollector.org.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 cd2696fd4b4633d9b42115314ccf4590.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/media/ Frame AB9F 349 B
296 B 54ms
54ms Image
image/svg+xml 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/media/cd2696fd4b4633d9b42115314ccf4590.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/55f836c66dc19877516abfc0f9523dfe.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afbbb050849fcbc7c6d14145c41703ab3c3758800fec218fd7ce81cdf654896e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 26 Nov 2022 19:49:34 GMT
age: 409366
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 256
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 15:17:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 26 Nov 2023 19:49:34 GMT

GET
H3 200 80ef6e9e4c5dca89db8e2860a6735286.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/media/ Frame AB9F 10 KB
10 KB 54ms
54ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/media/80ef6e9e4c5dca89db8e2860a6735286.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6aa04ea165cc1dd7cd8d8884d6875f754b2ba86945e453114eeaf9d51c2f14f9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Tue, 29 Nov 2022 22:31:58 GMT
x-content-type-options: nosniff
age: 140422
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10164
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 15:17:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 29 Nov 2023 22:31:58 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mc.yandex.ua
URL: https://mc.yandex.ua/sync_cookie_image_check

Verdicts & Comments Add Verdict or Comment

143 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
anticollector.org.ua/	1969-12-31 23:59:59	Name: 02225a179dc6f2f794d267838f321288 Value: c733755238eedaac63c7cd34e636b5e4
.anticollector.org.ua/	1970-01-20 16:37:17	Name: _ym_uid Value: 1669901534255351494
.anticollector.org.ua/	1970-01-20 16:37:17	Name: _ym_d Value: 1669901534
.anticollector.org.ua/	1970-01-20 17:13:17	Name: __gads Value: ID=b6a50ba13a16324e-222fc22105d800b1:T=1669901534:RT=1669901534:S=ALNI_MY6yAG2FkRe8PQ1-MV4JSKTvG4KtQ
.anticollector.org.ua/	1970-01-20 17:13:17	Name: __gpi Value: UID=00000b8b23a8fda9:T=1669901534:RT=1669901534:S=ALNI_MY3w-8SC5KgHMr3Rvk5b3po7qL4vg
.mc.yandex.com/	1970-01-20 07:51:42	Name: sync_cookie_csrf Value: 2955675509fake
.anticollector.org.ua/	1970-01-20 07:52:53	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-20 07:51:42	Name: sync_cookie_csrf Value: 1316070711fake
.doubleclick.net/	1970-01-20 17:13:17	Name: IDE Value: AHWqTUlAjbJOd3t-LbjhKWKLhVRa-ItoYWTAkmHeXOmbXA2lJoVxdfrvAfbk1t4gFyo
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 1689973491669901534
.yandex.com/	1970-01-20 17:27:41	Name: i Value: hrr2eVUMROw5ZsXTWA1TNxoqryLHoNyJJilobksI/tQSsp6yqEiiX+6+0gFiiWKcpcB4hfKjHYcpKhYXcz+mMMWGREw=
.yandex.com/	1970-01-20 16:37:17	Name: yandexuid Value: 1727982251669901534
.yandex.com/	1970-01-20 16:37:17	Name: yuidss Value: 1727982251669901534
.yandex.com/	1970-01-20 16:37:17	Name: ymex Value: 1701437534.yc.1669901534#1701437534.yrts.1669901534#1701437534.yrtsi.1669901534
.anticollector.org.ua/	1970-01-20 07:51:43	Name: _ym_visorc Value: w
.doubleclick.net/	1970-01-20 07:51:45	Name: DSID Value: NO_DATA
.quantserve.com/	1970-01-20 10:01:17	Name: d Value: EGUBCQHaJ4EA
.quantserve.com/	1970-01-20 17:21:55	Name: mc Value: 6388ace0-78402-e6a94-e9a2c
.casalemedia.com/	1970-01-20 16:37:17	Name: CMID Value: Y4is4NUZEbCEvFGO-fGR5QAA
.casalemedia.com/	1970-01-20 10:01:17	Name: CMPS Value: 1153
.casalemedia.com/	1970-01-20 10:01:17	Name: CMPRO Value: 1153
.agkn.com/	1970-01-20 16:37:17	Name: ab Value: 0001%3AJQZ4nEi0YPfquHkeAC%2F9%2BUhjNCDm3OsW
.agkn.com/	1970-01-20 16:37:17	Name: u Value: C\|0CEArG2lgKxtpYAAAAAAAAQ13AQCAAQpAAAAAAA
.pubmatic.com/	1970-01-20 07:53:07	Name: KTPCACOOKIE Value: YES
.innovid.com/	1970-01-20 10:01:17	Name: uuid Value: 1d2af26e-15de-4b07-b3af-486192b8d0fe-20221201 08:32:16
.pubmatic.com/	1970-01-20 10:01:17	Name: KADUSERCOOKIE Value: 530F666D-2133-434F-AEE8-778723E8107C
.mathtag.com/	1970-01-20 16:37:17	Name: uuid Value: 50066388-ace0-4c01-a317-b3fd2dbe2f5b
.redintelligence.net/	1970-01-20 10:01:17	Name: 8lcfmzhxc8d6_uid Value: adefa49d03e41358
.awin1.com/	1970-01-20 08:01:46	Name: awpv14098 Value: 296283\|1669901538\|9390b0d1-717c-11ed-9792-223985e9a9b7
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 429086:2519595
.casalemedia.com/	1970-01-20 10:01:17	Name: CMTS Value: 5158
.rlcdn.com/	1970-01-20 16:37:17	Name: rlas3 Value: 12zB81MfNEGJQZuHhgM1G2FZdGk+yvqhjPfhZnP9upI=
pb.media01.eu/	1970-01-20 17:27:41	Name: DTU Value: 9DCE51025F888E5F853D2F7014A9640E
.rlcdn.com/	1970-01-20 09:18:05	Name: pxrc Value: COLZopwGEgUI6AcQABIGCOndKhAA
.office-partner.de/	1970-01-20 17:27:41	Name: source Value: {"webgains_webgains":{"timestamp":1669901538859,"clickCookie":false}}
.e.dlx.addthis.com/	1970-01-20 17:21:55	Name: na_tc Value: Y
.addthis.com/	1970-01-20 17:21:55	Name: na_id Value: 2022120113321900018284219225
.addthis.com/	1970-01-20 17:21:55	Name: na_tc Value: Y
.addthis.com/	1970-01-20 17:21:55	Name: uid Value: 6388ace3a2d3a707
.addthis.com/	1970-01-20 17:21:55	Name: ouid Value: 6388ace30001d9a1f193f0783f2c8f299e0c09568d4d91853627
.dlx.addthis.com/	1970-01-20 08:34:53	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 08:34:53	Name: na_sr Value: 20221201
.dlx.addthis.com/	1970-01-20 07:51:41	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 08:34:53	Name: na_sc_e Value: 0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mc.yandex.ua/sync_cookie_image_check Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6388735609415218&output=html&h=280&slotname=8547202806&adk=3599503499&adf=2449756301&pi=t.ma~as.8547202806&w=1200&fwrn=4&fwrnh=100&lmt=1669901534&rafmt=1&format=1200x280&url=https%3A%2F%2Fanticollector.org.ua%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669901533849&bpp=7&bdt=3679&idt=430&shv=r20221110&mjsv=m202211150101&ptt=9&saldr=aa&abxe=1&correlator=5333894031731&frm=20&pv=2&ga_vid=1555109461.1669901534&ga_sid=1669901534&ga_hid=1475740572&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=190&ady=2330&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C44760911%2C31070993%2C44770880%2C44778739%2C21066434&oid=2&pvsid=140487002954298&tmod=835132519&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=5og0LUA1yj&p=https%3A//anticollector.org.ua&dtd=466 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
network	error	URL: https://mc.yandex.com/sync_cookie_image_decide?token=9839.zfnnFtgDVhHjtTT4F06Vnk9sGO7Fe7u7mjPuYZ03h-xpEHMAfSaVdu_ADSmiF4Wm6KmP-HVJeOeiZooBMc_Bcc2xtTtsXNn0CjlW9uCnSfw%2C.iDmTIHr_ccEx9sCInk2hTAWTFpI%2C Message: Failed to load resource: the server responded with a status of 400 ()
security	error	URL: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20110914/zrt_lookup.html?fsb=1(Line 21) Message: The Content Security Policy 'child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9425299516173662740/index.html' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad-server.eu
ads.eu.criteo.com
adservice.google.com
adservice.google.de
adv.office-partner.de
ag.innovid.com
analytics.webgains.io
anticollector.org.ua
api.webgains.io
cat.fr.eu.criteo.com
cat.nl.eu.criteo.com
cdn.track.production.webgains.team
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
csm.eu.criteo.net
d.agkn.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900013.redintelligence.net
id.rlcdn.com
image6.pubmatic.com
mc.yandex.com
mc.yandex.ru
mc.yandex.ua
pagead2.googlesyndication.com
partner.googleadservices.com
pb.media01.eu
pix.eu.criteo.net
pixel.mathtag.com
pixel.rubiconproject.com
pv.medialead.de
rtb.fr.eu.criteo.com
rtb.nl.eu.criteo.com
rtb.openx.net
socialplugin.facebook.net
ssum-sec.casalemedia.com
static.criteo.net
tags.mathtag.com
tpc.googlesyndication.com
track.webgains.com
www.awin1.com
www.facebook.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
mc.yandex.ua
103.229.205.242
116.202.48.214
13.41.118.175
144.76.238.55
145.239.193.130
172.217.18.98
172.64.154.237
178.250.0.160
178.250.2.148
184.24.12.207
184.30.20.207
185.64.189.115
23.3.108.242
2606:4700::6811:190e
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2a00:1450:4001:806::2003
2a00:1450:4001:80e::2001
2a00:1450:4001:811::2002
2a00:1450:4001:811::2004
2a00:1450:4001:812::200a
2a00:1450:4001:813::2003
2a00:1450:4001:827::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a00:7a60:0:1018::1
2a02:2638:1::2
2a02:2638:1::3
2a02:2638:1::8
2a02:2638::2
2a02:2638::21
2a02:2638::b
2a02:6b8::1:119
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f080:e:face:b00c:0:2
2a03:2880:f145:82:face:b00c:0:25de
2a05:d01c:1d8:8100:2de7:20d7:fcf5:3f3d
2a0b:4d07:102::1
3.11.196.201
35.157.182.139
35.186.253.211
35.244.174.68
54.76.176.197
65.9.66.11
69.173.144.165
88.198.250.30
99.86.4.36
01ad61902bf6a98421542df2e3ad09266d6b9f4d2ad4ba0928dcf76b1242a8f3
0391b2318552e6f3d71436133e26e43b25828750a63c5639135848cbdc77197b
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
09fe7be89711f0dc0ba47ab8a1a1865df7b660a1f1359d29c4c3445683d2f61f
0acb91dd20859674fd0ecb1c5bb01b2fcc5581b057344a3e087eccf8bec2197b
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
101bd98acb3ee091b0ec8b86b9ff0a585a528ba212417e15e187aaa3e8613813
1158ea0e2535669d45983072d8e00fa1a90ca829f51ecdd5627b1c66235cbb97
17a97499d0b307fb75f4db6a8033b6c23f01fded59600bfaebe3bfdbd4051a53
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1d065f7c0127b37d317d38b26bbd6b321910c9c1fc541d100239e2a1d9c45a63
232a6ac91462da5b10eeab6cd35f3fb33f84f3436184f3cd1f568a7fc0da1152
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
26d5576b7afd456cf1c8c19c0b7d18df5d51bacdbd95d79985f4fbcf61c0773a
2826b314d203f10a05ddb585e23a88d70822dcf62270bf748160f9789f2464a9
28b0e460380f4ddd576c5e0a124589371f8134d0627f797be8845b90d16f36d9
28bd28a5cc51e0a9009a10e9190a28cdeb77187019de358cc827dd4cb6f6c830
2b4a69c09096c1feb3207b866d55b8117a2c253f95346a92c8205efe479f8cc2
2db0a43cf6d5a3f65b457a78124848371e3c4b0feea7017842ab3542164b6804
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e6051d6a376eb860955fabbfdbcc87f0ef8b53e2ee449166f1ec7dc45641bcf
2f1b9717110d9ad289486575210cc2a3fdc27e5b33582a78ec7cf1bb9d841902
3101c3777f12e614e321702e6fa647edb9caed85fc0655d60fe008f7f1a0567c
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3321a1a874ef23128af7c040d138153e44819ac0738704f8073c62ae43239043
3429a6ce96639fbf33e766a7619a373a5fd59b151c85951c02cfea660dfdc7b5
34c3e24b7b45572b7fb1479858a6698faf49ba8633684108057c89f99b1be0ce
354daab931356997ea1d40bcc36db3ec8a3eaa7d480f446b0e9db1c69707c5cc
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38981dabf61e68a9dea4b02366b517f4059abd3630fd7a4243cc9985b72c3896
3907d7ef409c89a549ed62e9b4fd5af7dce60f6f1acb57d2f8ded07685e85a90
40a0a69e5c65e8d79a24ee77045867bb52b04a107c38b94fb57ab65652a522cf
40a107df0695c5f1741f0d7ec22820ed31c440b29c07c111a6aaad7eec3a2558
41350407120b6ce8b562ae0e7d7245424a11b200b5aebb5b955f888ed4c2b6c6
468f9f117aa33043232668ac8a3e04ef67567dd43bd28dde9a3e58353c5f42d8
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
4b2d5acc6180fff6eb5947e379987644c41a405f021909760f265e66d70e9eea
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
547acc9e82421e913029cc4fb4e65cf7273c615813c18e504b4ac7847b00658a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
578d39c8cc926851f5be1195f339d26cbbf239f2f7cac8b55b349276514b85fe
59e440bfeec280d15e03681769d46a18b92dc3da7db732003faa9f24ed818884
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5f0e58e4c8d23cb8d1453aa9d362f102a4676085ab517acfd34aba74f982d3db
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
61078e71d005f70c0c87c1ff186dce296bcf00fe1dde92cba2b998aa167e2062
61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62dc503c777db5a88b1222664aff25b15d27b354dad07cc42bf1c9f79b06011e
679a7f69f413dab980dde35830768c58fdda62511b5b984bab3b8ae9d431255f
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
6a98bdefd73410963a41036b4bc4d25b080aaec85db7ebd132a12d3aa17e8586
6aa04ea165cc1dd7cd8d8884d6875f754b2ba86945e453114eeaf9d51c2f14f9
6c50bf3aeb80e399b92a3926d2c11861b0e7ef24b7ba12ff721fc9b2bca3ab65
6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
76b13c0261c6dc5a58fdddc83e2057c4cd194d1d7a1f724d007c519a609c4a73
78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53
7a0158ae026f1947523506999991c79e3097546da67b3fd7f1da3ac58a4579fd
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8edb834b12a3b8b75cdf59db6274d4d7075e8f8bcfa7c6718dbca8b3c16b11ea
9027689c78983c51df2d629bfe51b73bddacd1f0ce1f602b6e57e084ccbd3d8f
90b7f7c5398d74713048912c7b61525172931fe5e7158a189b84ecc23e07d297
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
9582624e42d4047d93c015f1d789e89c8472f6446cf620e0d020e9f419984a65
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9cf4a7e5a645c8578b3397542d9669f2549d2a3cec259b7d393f84fc1eaf73a6
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9e77df1224664223b153ca61f64f84af7eb813103dcda83f06eb05d2e2da123e
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
abf1ad45051decb861be15c472c3dab5f377a4f436a19dcab93d36d9f6e86e17
aee424ce64345ca2246ce2fa1b3acab63795445d5fb54e90ef912d09c7e8c750
afbbb050849fcbc7c6d14145c41703ab3c3758800fec218fd7ce81cdf654896e
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b216e2c3d9a85f190a3a48d712fcf97937f17e2602293613cda53b142cbe0079
b80e0ae054ea19fbb926ae7cff7f775ae5ab63dd87abf9dfe6377b0a852c6399
b98447cdc81317c151e0fc1ee36ffc699e1d2aade72ee1098e71d2729df01eb1
bafd2584206a62dc0c4fa4b7fef288110ad3fb3a23be9ff205f54a4da35c9771
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
bcb090ec7d9af7f7c9ff7c03aaabd1099ef175e022203f0e8f53ae197ea47bbe
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cdaab024c0121953419a4a1094ffe2ee9a902df55ee79d792e411bac835b9134
d2ba77c35106fd4575a7fa3a09aadd3b81b8af4059e9a9bd2ac903552ca52401
d4118a1f83ded73eb3b75e9da89c61f1b093e7883cfad18a54c701c09ff820ce
d535b4d4182ed7adf8eadff6e8346c480ca4450648873f92ebe8e95880e5d3e4
de1d1ea67ffab1d3af6e245a8bd51745ab572f91f638c5950cf4476f85df15ae
dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b
e0874a717c04a968a0809d91eff55256d29b591341bac355b21610cce937b784
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e2bc3969379524459429afb824e3e9591fce11fb42f25e56753c08f6d03d5b2a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4cf9a22cdaeac879d2a6982fd06dcf8fb34d796a11c18327266496708265a19
e98e764f60abf8a5d2086f537d3eff9d482bc891db6448ae115bea4f712cc1c7
ebb2026eba76b777cd1cc6d694a4609324304eeb1129a9fe0fb5a616590cc3ee
ec0ef11265a36c3e1663282c547636ecfb309aec6a2cc32efd005c1a4aca8a74
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f9c1e1da0c197ca101c6fd5ae899d10951dd43316c4ed6b3c9bd38877e79023a
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48
ff975fc7dac9445cff3dff896856282324313ff0c5f90fb3d1f1407f525030ec

anticollector.org.ua Open in urlscan Pro 2a00:7a60:0:1018::1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

175 Requests

91 %HTTPS

54 %IPv6

37 Domains

51 Subdomains

42 IPs

10 Countries

3791 kBTransfer

6711 kBSize

44 Cookies

4 Outgoing links

Page URL History

Redirected requests

175 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

anticollector.org.ua Open in urlscan Pro
2a00:7a60:0:1018::1 Public Scan

Screenshot
Live screenshot

Full Image

175
Requests

91 %
HTTPS

54 %
IPv6

37
Domains

51
Subdomains

42
IPs

10
Countries

3791 kB
Transfer

6711 kB
Size

44
Cookies

175 HTTP transactions
3 data transactions